Jump to content

Unable to disinfect with current MBAM


Recommended Posts

This infection kept me from running ccleaner and mbam in normal windows mode. After rebooting to safe mode I was able to update and run MBAM but the infection persists. Below are my attach.txt and dds.txt logs...thanks in advance for the help.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/17/2010 3:26:48 AM

System Uptime: 11/8/2011 10:55:56 PM (1 hours ago)

.

Motherboard: LENOVO | | 741723U

Processor: Intel Pentium III Xeon processor | None | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 292 GiB total, 30.675 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

µTorrent

Access Help

Acronis True Image Home

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Camera Center

CCleaner

Citrix Presentation Server Client - Web Only

Client Security - Password Manager

Compatibility Pack for the 2007 Office system

Conexant 20561 SmartAudio HD

DameWare NT Utilities

Drag-to-Disc

DVDFab 8.0.7.3 (29/01/2011)

ERUNT 1.1j

Free RAR Extract Frog

Garmin ANT Agent

Garmin USB Drivers

Google Earth

Google Update Helper

HandBrake 0.9.5

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970685)

Hotfix for Windows XP (KB976098-v2)

Integrated Camera

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Platform Module

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java Auto Updater

Java 6 Update 26

K-Lite Mega Codec Pack 5.7.0

Kyocera Product Library

Lenovo Fingerprint Software

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Malwarebytes' Anti-Malware version 1.51.2.1300

Message Center

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mobile Broadband Connect

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

On Screen Display

Presentation Director

Productivity Center Supplement for ThinkPad

QuickTime

Rescue and Recovery

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

RICOH R5U230 Media Driver ver.2.02.02.01

Roxio Activation Module

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator Business Edition

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype™ 5.2

Sonic CinePlayer Decoder Pack

Sonic Icons for Lenovo

Spybot - Search & Destroy

System Update

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Keyboard Customizer Utility

ThinkPad Modem Adapter

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

Trend Micro OfficeScan Client

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wallpapers

WebEx

WebFldrs XP

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi ohci1394 tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi ohci1394 tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 AFD ANC Fips IBMTPCHK intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi TPHKDRV TPPWRIF TSMAPIP

11/8/2011 9:27:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/8/2011 9:25:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

11/8/2011 9:15:49 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/8/2011 9:11:58 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

11/8/2011 11:02:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/5/2011 6:17:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AcSvc service.

11/4/2011 2:53:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SUService service.

11/2/2011 4:51:52 PM, error: BTWUSB [43] -

11/1/2011 7:16:35 AM, error: NETLOGON [5719] - No Domain Controller is available for domain STEINER due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by JimW at 23:06:39 on 2011-11-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1455 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://finance.yahoo.com/p?k=pf_2

uWindow Title = Windows Internet Explorer provided by Steiner Leisure Limited

uInternet Settings,ProxyOverride = *.local

uWinlogon: Shell=c:\documents and settings\jimw\local settings\application data\c3f7fd2c\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: mswsock.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://van.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 46670402;46670402 Boot Guard Driver;c:\windows\system32\drivers\46670402.sys [2010-6-17 37392]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-22 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-23 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2152152]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-25 243856]

S1 46670401;46670401;c:\windows\system32\drivers\46670401.sys [2010-6-17 128016]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-22 132456]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-27 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]

S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-25 53248]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-16 51792]

S2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-9-30 262416]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-9-30 36624]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 524288]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-11-25 482176]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-27 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-2-4 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-2-4 689416]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

.

=============== Created Last 30 ================

.

2011-11-09 02:12:00 -------- d-sh--w- c:\documents and settings\jimw\local settings\application data\c3f7fd2c

.

==================== Find3M ====================

.

2011-11-09 02:56:04 38176 ------w- c:\windows\system32\ibmpmsvc.exe

2011-11-09 02:18:28 98304 ------w- c:\windows\system32\DTS.exe

2011-10-02 21:45:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 23:07:22.34 ===============

Link to post
Share on other sites

Hello jdwharton! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

You have p2p software installed on your system, which is very dangerous and illegal. Please check our rules for piracy and uninstall µTorrent:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

You have two installed and active antivirus systems on your system:

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

Two Anti-Virus Programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them. I suggest you to uninstall Ad-Aware.

Step 3

I do not know for what purpose you use CCleaner, but I want to draw attention to the Registry feature. It is not recommended that you use it, because can cause issues with other programs. Once completed and if you feel your computer slow, try to use those instructions to speed up:

http://forums.malwarebytes.org/index.php?showtopic=81990

Before proceeding further, I want to see these changes made. In your next reply, please post a new fresh DDS with Attach.txt

Link to post
Share on other sites

Hi Maniac - thanks for your help

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/17/2010 3:26:48 AM

System Uptime: 11/9/2011 7:45:18 AM (0 hours ago)

.

Motherboard: LENOVO | | 741723U

Processor: Intel Pentium III Xeon processor | None | 2393/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 292 GiB total, 32.315 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Access Help

Acronis True Image Home

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Camera Center

CCleaner

Citrix Presentation Server Client - Web Only

Client Security - Password Manager

Compatibility Pack for the 2007 Office system

Conexant 20561 SmartAudio HD

DameWare NT Utilities

Drag-to-Disc

DVDFab 8.0.7.3 (29/01/2011)

ERUNT 1.1j

Free RAR Extract Frog

Garmin ANT Agent

Garmin USB Drivers

Google Earth

Google Update Helper

HandBrake 0.9.5

Help Center

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970685)

Hotfix for Windows XP (KB976098-v2)

Integrated Camera

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Platform Module

InterVideo Register Manager

InterVideo WinDVD

iTunes

Java Auto Updater

Java 6 Update 26

K-Lite Mega Codec Pack 5.7.0

Kyocera Product Library

Lenovo Fingerprint Software

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Malwarebytes' Anti-Malware version 1.51.2.1300

Message Center

Message Center Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Mobile Broadband Connect

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

On Screen Display

Presentation Director

Productivity Center Supplement for ThinkPad

QuickTime

Rescue and Recovery

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

RICOH R5U230 Media Driver ver.2.02.02.01

Roxio Activation Module

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator Business Edition

Roxio Express Labeler 3

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype™ 5.2

Sonic CinePlayer Decoder Pack

Sonic Icons for Lenovo

Spybot - Search & Destroy

System Update

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad EasyEject Utility

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Keyboard Customizer Utility

ThinkPad Modem Adapter

ThinkPad PC Card Power Policy

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Productivity Center

Trend Micro OfficeScan Client

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wallpapers

WebEx

WebFldrs XP

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

XML Paper Specification Shared Components Pack 1.0

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi ohci1394 tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 ANC Fips IBMTPCHK intelppm lenovo.smi ohci1394 tmtdi TPHKDRV TPPWRIF TSMAPIP

46670401 AFD ANC Fips IBMTPCHK intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi TPHKDRV TPPWRIF TSMAPIP

11/9/2011 7:48:54 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 7.4.7600.226, the version of the system file is 5.4.3790.5512.

11/8/2011 9:27:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/8/2011 9:25:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

11/8/2011 9:15:49 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/8/2011 9:11:58 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

11/8/2011 11:02:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2011 10:12:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/6/2011 8:52:56 AM, error: NETLOGON [5719] - No Domain Controller is available for domain STEINER due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

11/5/2011 6:17:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AcSvc service.

11/4/2011 4:39:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SUService service.

11/4/2011 2:29:46 PM, error: BTWUSB [43] -

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by JimW at 7:47:45 on 2011-11-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1223 [GMT -5:00]

.

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\DTS.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\AtService.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

c:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://finance.yahoo.com/p?k=pf_2

uWindow Title = Windows Internet Explorer provided by Steiner Leisure Limited

uInternet Settings,ProxyOverride = *.local

uWinlogon: Shell=c:\documents and settings\jimw\local settings\application data\c3f7fd2c\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t

mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

LSP: mswsock.dll

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://edctrend.steiner.sll.com:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://van.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{A17AC6F3-2664-49B5-B39F-178BEEE06178} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 46670402;46670402 Boot Guard Driver;c:\windows\system32\drivers\46670402.sys [2010-6-17 37392]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-22 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-23 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R1 46670401;46670401;c:\windows\system32\drivers\46670401.sys [2010-6-17 128016]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-10-23 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-22 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-11-25 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-16 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-9-30 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-9-30 36624]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-24 524288]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-11-25 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-25 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-27 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-27 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2008-2-4 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2008-2-4 689416]

.

=============== Created Last 30 ================

.

2011-11-09 02:12:00 -------- d-sh--w- c:\documents and settings\jimw\local settings\application data\c3f7fd2c

.

==================== Find3M ====================

.

2011-11-09 12:34:59 40960 ------w- c:\windows\system32\TpKmpSvc.exe

2011-11-09 04:20:09 1680632 ------w- c:\windows\system32\AtService.exe

2011-11-09 02:56:04 38176 ------w- c:\windows\system32\ibmpmsvc.exe

2011-11-09 02:18:28 98304 ------w- c:\windows\system32\DTS.exe

2011-10-02 21:45:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 7:49:58.07 ===============

Link to post
Share on other sites

ComboFix 11-11-08.02 - JimW 11/09/2011 9:55.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1393 [GMT -5:00]

Running from: c:\documents and settings\jimw\Desktop\ComboFix.exe

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\U

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\U\80000000.@

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\U\800000cb.@

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\U\800000cf.@

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\X

c:\windows\$NtUninstallKB49444$\1859627729

c:\windows\$NtUninstallKB49444$\3287809324\@

c:\windows\$NtUninstallKB49444$\3287809324\L\aavmayqi

c:\windows\$NtUninstallKB49444$\3287809324\loader.tlb

c:\windows\$NtUninstallKB49444$\3287809324\U\@00000001

c:\windows\$NtUninstallKB49444$\3287809324\U\@000000c0

c:\windows\$NtUninstallKB49444$\3287809324\U\@000000cb

c:\windows\$NtUninstallKB49444$\3287809324\U\@000000cf

c:\windows\$NtUninstallKB49444$\3287809324\U\@80000000

c:\windows\$NtUninstallKB49444$\3287809324\U\@800000c0

c:\windows\$NtUninstallKB49444$\3287809324\U\@800000cb

c:\windows\$NtUninstallKB49444$\3287809324\U\@800000cf

c:\windows\system32\

c:\windows\$NtUninstallKB49444$ . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

2011-11-09 02:12 . 2011-11-09 15:01 -------- d-sh--w- c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 12:34 . 2010-02-22 22:56 40960 ------w- c:\windows\system32\TpKmpSvc.exe

2011-11-09 04:20 . 2009-03-19 09:48 1680632 ------w- c:\windows\system32\AtService.exe

2011-11-09 02:56 . 2009-11-25 23:50 38176 ------w- c:\windows\system32\ibmpmsvc.exe

2011-11-09 02:18 . 2009-03-19 09:53 98304 ------w- c:\windows\system32\DTS.exe

2011-10-02 21:45 . 2011-06-01 13:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-07-21 22:49 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-21 22:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2008-07-21 22:50 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-08-23 13:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2008-07-21 22:50 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-07-21 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-20 1594664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-16 513384]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 431464]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-11 181608]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-22 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2009-03-19 09:55 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\1\0]

"Script"=SMS-Public.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\2\0]

"Script"=Accounting.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-6778\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]

2010-02-03 18:38 11136360 ------w- c:\program files\Garmin\ANT Agent\ANT Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]

2009-03-13 02:12 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44668:TCP"= 44668:TCP:Trend Micro OfficeScan Listener

.

R0 46670402;46670402 Boot Guard Driver;c:\windows\system32\drivers\46670402.sys [6/17/2010 11:51 AM 37392]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2/22/2010 5:57 PM 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2010 9:31 AM 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]

R1 46670401;46670401;c:\windows\system32\drivers\46670401.sys [6/17/2010 11:51 AM 128016]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 3:15 AM 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 4:48 AM 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/22/2010 5:57 PM 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 4:53 AM 98304]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/25/2009 7:21 PM 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/16/2010 8:43 AM 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/30/2009 2:38 PM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/30/2009 2:37 PM 36624]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 9:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 524288]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [11/25/2009 7:11 PM 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/25/2009 6:49 PM 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 9:21 PM 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 4:52 AM 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 4:55 AM 118784]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2/4/2008 3:00 PM 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2/4/2008 3:00 PM 689416]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-10-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2011-11-09 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-26 06:12]

.

2011-11-08 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://finance.yahoo.com/p?k=pf_2

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 10:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\windows\system32\ATGinaHook.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

c:\windows\system32\FpWinLogonNp.dll

c:\windows\system32\AFSSClientLib.dll

.

- - - - - - - > 'explorer.exe'(5672)

c:\windows\system32\WININET.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\system32\TpKmpSVC.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

c:\program files\Trend Micro\BM\TMBMSRV.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxext.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-11-09 10:13:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-09 15:12

.

Pre-Run: 34,550,931,456 bytes free

Post-Run: 34,984,337,408 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 9AD462B2906D2BD8421C8F376AF086D4

Link to post
Share on other sites

Have you ever had on this machine Kaspersky security software?

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of log.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include log.txt and let me know how are things there.

Link to post
Share on other sites

Never used Kapersky.

Things seem better after the initial combofix run. Here is the latest log...

ComboFix 11-11-08.02 - JimW 11/09/2011 13:32:46.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1042 [GMT -5:00]

Running from: c:\documents and settings\jimw\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\jimw\Desktop\CFScript.txt

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c

c:\documents and settings\jimw\Local Settings\Application Data\c3f7fd2c\@

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 12:34 . 2010-02-22 22:56 40960 ------w- c:\windows\system32\TpKmpSvc.exe

2011-11-09 04:20 . 2009-03-19 09:48 1680632 ------w- c:\windows\system32\AtService.exe

2011-11-09 02:56 . 2009-11-25 23:50 38176 ------w- c:\windows\system32\ibmpmsvc.exe

2011-11-09 02:18 . 2009-03-19 09:53 98304 ------w- c:\windows\system32\DTS.exe

2011-10-02 21:45 . 2011-06-01 13:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-07-21 22:49 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-21 22:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2008-07-21 22:50 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-08-23 13:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2008-07-21 22:50 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-07-21 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-09_15.06.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-09 15:42 . 2011-11-09 15:42 16384 c:\windows\Temp\Perflib_Perfdata_2f0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-20 1594664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-16 513384]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 431464]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-11 181608]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-22 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2009-03-19 09:55 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\1\0]

"Script"=SMS-Public.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\2\0]

"Script"=Accounting.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-6778\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]

2010-02-03 18:38 11136360 ------w- c:\program files\Garmin\ANT Agent\ANT Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]

2009-03-13 02:12 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44668:TCP"= 44668:TCP:Trend Micro OfficeScan Listener

.

R0 46670402;46670402 Boot Guard Driver;c:\windows\system32\drivers\46670402.sys [6/17/2010 11:51 AM 37392]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2/22/2010 5:57 PM 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2010 9:31 AM 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]

R1 46670401;46670401;c:\windows\system32\drivers\46670401.sys [6/17/2010 11:51 AM 128016]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 3:15 AM 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 4:48 AM 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/22/2010 5:57 PM 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 4:53 AM 98304]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/25/2009 7:21 PM 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/16/2010 8:43 AM 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/30/2009 2:38 PM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/30/2009 2:37 PM 36624]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 9:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 524288]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [11/25/2009 7:11 PM 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/25/2009 6:49 PM 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 9:21 PM 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 4:52 AM 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 4:55 AM 118784]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2/4/2008 3:00 PM 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2/4/2008 3:00 PM 689416]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-10-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2011-11-09 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-26 06:12]

.

2011-11-08 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://finance.yahoo.com/p?k=pf_2

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 13:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1096)

c:\windows\system32\ATGinaHook.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

c:\windows\system32\FpWinLogonNp.dll

c:\windows\system32\AFSSClientLib.dll

c:\windows\system32\igfxdev.dll

c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

Completion time: 2011-11-09 14:16:30

ComboFix-quarantined-files.txt 2011-11-09 19:16

ComboFix2.txt 2011-11-09 15:13

.

Pre-Run: 34,961,997,824 bytes free

Post-Run: 34,970,066,944 bytes free

.

- - End Of File - - FFDD63B4AE0A2411907B90F03D635D86

Link to post
Share on other sites

Let's make some additional scans:

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next:

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next post, please include both the log file specified above.

Link to post
Share on other sites

Looks like the infection is still present, my antivirus keeps popping up with a TROJ_SPNR.0CIQ11 infection.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8129

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/9/2011 10:01:45 PM

mbam-log-2011-11-09 (22-01-45).txt

Scan type: Quick scan

Objects scanned: 215509

Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7d53ab210bb6be47a7c1b3cd3fca39f7

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-10 05:01:06

# local_time=2011-11-10 12:01:06 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 51226169 51226169 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=87131

# found=4

# cleaned=3

# scan_time=6496

C:\Qoobox\Quarantine\C\Documents and Settings\jimw\Local Settings\Application Data\c3f7fd2c\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\jimw\Local Settings\Application Data\c3f7fd2c\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\jimw\Local Settings\Application Data\c3f7fd2c\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.EZ trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Thank you!

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

15:55:22.0812 5836 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26

15:55:24.0484 5836 ============================================================

15:55:24.0484 5836 Current date / time: 2011/11/10 15:55:24.0484

15:55:24.0484 5836 SystemInfo:

15:55:24.0484 5836

15:55:24.0484 5836 OS Version: 5.1.2600 ServicePack: 3.0

15:55:24.0484 5836 Product type: Workstation

15:55:24.0484 5836 ComputerName: SEG-JIMW

15:55:24.0484 5836 UserName: JimW

15:55:24.0484 5836 Windows directory: C:\WINDOWS

15:55:24.0484 5836 System windows directory: C:\WINDOWS

15:55:24.0484 5836 Processor architecture: Intel x86

15:55:24.0484 5836 Number of processors: 2

15:55:24.0484 5836 Page size: 0x1000

15:55:24.0484 5836 Boot type: Normal boot

15:55:24.0484 5836 ============================================================

15:55:25.0390 5836 Initialize success

15:55:47.0437 3384 ============================================================

15:55:47.0437 3384 Scan started

15:55:47.0437 3384 Mode: Manual; SigCheck; TDLFS;

15:55:47.0437 3384 ============================================================

15:55:49.0062 3384 46670401 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\46670401.sys

15:55:49.0250 3384 46670401 - ok

15:55:49.0281 3384 46670402 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\46670402.sys

15:55:49.0296 3384 46670402 - ok

15:55:49.0296 3384 Abiosdsk - ok

15:55:49.0359 3384 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

15:55:49.0609 3384 abp480n5 - ok

15:55:49.0718 3384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:55:49.0812 3384 ACPI - ok

15:55:49.0812 3384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:55:49.0921 3384 ACPIEC - ok

15:55:50.0015 3384 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

15:55:50.0140 3384 adpu160m - ok

15:55:50.0171 3384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:55:50.0296 3384 aec - ok

15:55:50.0343 3384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:55:50.0406 3384 AFD - ok

15:55:50.0437 3384 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

15:55:50.0546 3384 agp440 - ok

15:55:50.0562 3384 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

15:55:50.0687 3384 agpCPQ - ok

15:55:50.0703 3384 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

15:55:50.0765 3384 Aha154x - ok

15:55:50.0781 3384 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

15:55:50.0875 3384 aic78u2 - ok

15:55:50.0890 3384 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

15:55:50.0984 3384 aic78xx - ok

15:55:51.0031 3384 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

15:55:51.0125 3384 AliIde - ok

15:55:51.0140 3384 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

15:55:51.0234 3384 alim1541 - ok

15:55:51.0250 3384 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

15:55:51.0343 3384 amdagp - ok

15:55:51.0359 3384 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

15:55:51.0406 3384 amsint - ok

15:55:51.0437 3384 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

15:55:51.0453 3384 ANC ( UnsignedFile.Multi.Generic ) - warning

15:55:51.0453 3384 ANC - detected UnsignedFile.Multi.Generic (1)

15:55:51.0468 3384 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:55:51.0578 3384 Arp1394 - ok

15:55:51.0578 3384 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

15:55:51.0687 3384 asc - ok

15:55:51.0703 3384 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

15:55:51.0750 3384 asc3350p - ok

15:55:51.0765 3384 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

15:55:51.0859 3384 asc3550 - ok

15:55:51.0875 3384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:55:51.0984 3384 AsyncMac - ok

15:55:52.0015 3384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:55:52.0109 3384 atapi - ok

15:55:52.0125 3384 Atdisk - ok

15:55:52.0125 3384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:55:52.0250 3384 Atmarpc - ok

15:55:52.0296 3384 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys

15:55:52.0343 3384 ATSwpWDF - ok

15:55:52.0375 3384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:55:52.0468 3384 audstub - ok

15:55:52.0484 3384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:55:52.0593 3384 Beep - ok

15:55:52.0656 3384 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

15:55:52.0765 3384 BTKRNL - ok

15:55:52.0812 3384 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys

15:55:52.0828 3384 BTWUSB - ok

15:55:52.0906 3384 catchme - ok

15:55:52.0968 3384 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

15:55:53.0062 3384 cbidf - ok

15:55:53.0078 3384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:55:53.0156 3384 cbidf2k - ok

15:55:53.0187 3384 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:55:53.0281 3384 CCDECODE - ok

15:55:53.0296 3384 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

15:55:53.0359 3384 cd20xrnt - ok

15:55:53.0390 3384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:55:53.0500 3384 Cdaudio - ok

15:55:53.0531 3384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:55:53.0625 3384 Cdfs - ok

15:55:53.0640 3384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:55:53.0750 3384 Cdrom - ok

15:55:53.0765 3384 Changer - ok

15:55:53.0796 3384 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:55:53.0890 3384 CmBatt - ok

15:55:53.0937 3384 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

15:55:54.0046 3384 CmdIde - ok

15:55:54.0093 3384 CnxtHdAudService (e80e8839086f4d1689ed48988abb8a47) C:\WINDOWS\system32\drivers\CHDAU32.sys

15:55:54.0203 3384 CnxtHdAudService - ok

15:55:54.0265 3384 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:55:54.0375 3384 Compbatt - ok

15:55:54.0390 3384 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

15:55:54.0500 3384 Cpqarray - ok

15:55:54.0531 3384 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

15:55:54.0656 3384 dac2w2k - ok

15:55:54.0656 3384 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

15:55:54.0765 3384 dac960nt - ok

15:55:54.0765 3384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:55:54.0859 3384 Disk - ok

15:55:54.0906 3384 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

15:55:54.0937 3384 DLABMFSM - ok

15:55:54.0953 3384 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

15:55:54.0968 3384 DLABOIOM - ok

15:55:54.0984 3384 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

15:55:55.0000 3384 DLACDBHM - ok

15:55:55.0015 3384 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS

15:55:55.0031 3384 DLADResM - ok

15:55:55.0046 3384 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

15:55:55.0078 3384 DLAIFS_M - ok

15:55:55.0093 3384 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

15:55:55.0125 3384 DLAOPIOM - ok

15:55:55.0125 3384 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

15:55:55.0156 3384 DLAPoolM - ok

15:55:55.0156 3384 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

15:55:55.0187 3384 DLARTL_M - ok

15:55:55.0218 3384 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

15:55:55.0234 3384 DLAUDFAM - ok

15:55:55.0265 3384 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

15:55:55.0281 3384 DLAUDF_M - ok

15:55:55.0343 3384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:55:55.0531 3384 dmboot - ok

15:55:55.0546 3384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:55:55.0656 3384 dmio - ok

15:55:55.0656 3384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:55:55.0765 3384 dmload - ok

15:55:55.0812 3384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:55:55.0906 3384 DMusic - ok

15:55:55.0953 3384 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

15:55:56.0062 3384 Dot4 - ok

15:55:56.0093 3384 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

15:55:56.0203 3384 Dot4Print - ok

15:55:56.0218 3384 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

15:55:56.0328 3384 dot4usb - ok

15:55:56.0390 3384 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys

15:55:56.0421 3384 DozeHDD - ok

15:55:56.0453 3384 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

15:55:56.0578 3384 dpti2o - ok

15:55:56.0609 3384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:55:56.0703 3384 drmkaud - ok

15:55:56.0718 3384 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

15:55:56.0750 3384 DRVMCDB - ok

15:55:56.0765 3384 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

15:55:56.0796 3384 DRVNDDM - ok

15:55:56.0828 3384 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys

15:55:56.0906 3384 DSI_SiUSBXp_3_1 - ok

15:55:56.0937 3384 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

15:55:56.0968 3384 e1yexpress - ok

15:55:57.0000 3384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:55:57.0109 3384 Fastfat - ok

15:55:57.0125 3384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

15:55:57.0234 3384 Fdc - ok

15:55:57.0250 3384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:55:57.0359 3384 Fips - ok

15:55:57.0375 3384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:55:57.0468 3384 Flpydisk - ok

15:55:57.0500 3384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

15:55:57.0593 3384 FltMgr - ok

15:55:57.0625 3384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:55:57.0703 3384 Fs_Rec - ok

15:55:57.0734 3384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:55:57.0828 3384 Ftdisk - ok

15:55:57.0859 3384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:55:57.0875 3384 GEARAspiWDM - ok

15:55:57.0890 3384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:55:57.0984 3384 Gpc - ok

15:55:58.0015 3384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:55:58.0109 3384 HDAudBus - ok

15:55:58.0156 3384 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys

15:55:58.0234 3384 HECI - ok

15:55:58.0281 3384 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:55:58.0406 3384 HidUsb - ok

15:55:58.0453 3384 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

15:55:58.0546 3384 hpn - ok

15:55:58.0578 3384 HSFHWAZL (0d13842210353435fc1fb35ca7807644) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

15:55:58.0718 3384 HSFHWAZL - ok

15:55:58.0765 3384 HSF_DPV (8bc605518b1052db7011e5c4cc8417bf) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

15:55:58.0906 3384 HSF_DPV - ok

15:55:58.0953 3384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:55:59.0015 3384 HTTP - ok

15:55:59.0062 3384 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

15:55:59.0156 3384 i2omgmt - ok

15:55:59.0187 3384 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

15:55:59.0265 3384 i2omp - ok

15:55:59.0296 3384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:55:59.0406 3384 i8042prt - ok

15:55:59.0562 3384 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:56:00.0125 3384 ialm - ok

15:56:00.0234 3384 iaStor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\DRIVERS\iaStor.sys

15:56:00.0250 3384 iaStor - ok

15:56:00.0281 3384 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

15:56:00.0312 3384 IBMPMDRV - ok

15:56:00.0343 3384 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

15:56:00.0359 3384 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

15:56:00.0359 3384 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

15:56:00.0406 3384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:56:00.0500 3384 Imapi - ok

15:56:00.0546 3384 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

15:56:00.0656 3384 ini910u - ok

15:56:00.0687 3384 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:56:00.0812 3384 IntelIde - ok

15:56:00.0828 3384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:56:00.0937 3384 intelppm - ok

15:56:00.0953 3384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

15:56:01.0062 3384 Ip6Fw - ok

15:56:01.0078 3384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:56:01.0171 3384 IpFilterDriver - ok

15:56:01.0171 3384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:56:01.0265 3384 IpInIp - ok

15:56:01.0296 3384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:56:01.0375 3384 IpNat - ok

15:56:01.0406 3384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:56:01.0500 3384 IPSec - ok

15:56:01.0500 3384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:56:01.0562 3384 IRENUM - ok

15:56:01.0593 3384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:56:01.0703 3384 isapnp - ok

15:56:01.0718 3384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:56:01.0812 3384 Kbdclass - ok

15:56:01.0828 3384 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:56:01.0921 3384 kbdhid - ok

15:56:01.0953 3384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:56:02.0046 3384 kmixer - ok

15:56:02.0062 3384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:56:02.0156 3384 KSecDD - ok

15:56:02.0203 3384 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

15:56:02.0218 3384 Lbd - ok

15:56:02.0234 3384 lbrtfdc - ok

15:56:02.0250 3384 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys

15:56:02.0281 3384 lenovo.smi - ok

15:56:02.0312 3384 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:56:02.0343 3384 mdmxsdk - ok

15:56:02.0390 3384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:56:02.0468 3384 mnmdd - ok

15:56:02.0500 3384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:56:02.0578 3384 Modem - ok

15:56:02.0593 3384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:56:02.0687 3384 Mouclass - ok

15:56:02.0718 3384 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:56:02.0828 3384 mouhid - ok

15:56:02.0843 3384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:56:02.0921 3384 MountMgr - ok

15:56:02.0953 3384 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

15:56:03.0046 3384 mraid35x - ok

15:56:03.0062 3384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:56:03.0156 3384 MRxDAV - ok

15:56:03.0203 3384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:56:03.0265 3384 MRxSmb - ok

15:56:03.0281 3384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:56:03.0375 3384 Msfs - ok

15:56:03.0390 3384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:56:03.0484 3384 MSKSSRV - ok

15:56:03.0515 3384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:56:03.0593 3384 MSPCLOCK - ok

15:56:03.0625 3384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:56:03.0734 3384 MSPQM - ok

15:56:03.0765 3384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:56:03.0875 3384 mssmbios - ok

15:56:03.0875 3384 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:56:03.0968 3384 MSTEE - ok

15:56:03.0984 3384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:56:04.0031 3384 Mup - ok

15:56:04.0046 3384 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:56:04.0156 3384 NABTSFEC - ok

15:56:04.0187 3384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:56:04.0296 3384 NDIS - ok

15:56:04.0296 3384 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:56:04.0390 3384 NdisIP - ok

15:56:04.0437 3384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:56:04.0500 3384 NdisTapi - ok

15:56:04.0515 3384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:56:04.0593 3384 Ndisuio - ok

15:56:04.0609 3384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:56:04.0718 3384 NdisWan - ok

15:56:04.0734 3384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:56:04.0765 3384 NDProxy - ok

15:56:04.0812 3384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:56:04.0906 3384 NetBIOS - ok

15:56:04.0937 3384 NetBT (ed154b290f10bb9cde8893c589cfebe9) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:56:04.0937 3384 NetBT ( Rootkit.Win32.ZAccess.g ) - infected

15:56:04.0937 3384 NetBT - detected Rootkit.Win32.ZAccess.g (0)

15:56:05.0109 3384 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

15:56:05.0453 3384 NETw5x32 - ok

15:56:05.0484 3384 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:56:05.0609 3384 NIC1394 - ok

15:56:05.0640 3384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:56:05.0750 3384 Npfs - ok

15:56:05.0796 3384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:56:05.0906 3384 Ntfs - ok

15:56:05.0921 3384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:56:06.0015 3384 Null - ok

15:56:06.0046 3384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:56:06.0125 3384 NwlnkFlt - ok

15:56:06.0140 3384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:56:06.0234 3384 NwlnkFwd - ok

15:56:06.0250 3384 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:56:06.0375 3384 ohci1394 - ok

15:56:06.0406 3384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:56:06.0515 3384 Parport - ok

15:56:06.0515 3384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:56:06.0625 3384 PartMgr - ok

15:56:06.0640 3384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:56:06.0734 3384 ParVdm - ok

15:56:06.0750 3384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:56:06.0843 3384 PCI - ok

15:56:06.0859 3384 PCIDump - ok

15:56:06.0890 3384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:56:06.0968 3384 PCIIde - ok

15:56:06.0984 3384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:56:07.0078 3384 Pcmcia - ok

15:56:07.0093 3384 PDCOMP - ok

15:56:07.0109 3384 PDFRAME - ok

15:56:07.0109 3384 PDRELI - ok

15:56:07.0125 3384 PDRFRAME - ok

15:56:07.0156 3384 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

15:56:07.0250 3384 perc2 - ok

15:56:07.0265 3384 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

15:56:07.0343 3384 perc2hib - ok

15:56:07.0390 3384 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

15:56:07.0406 3384 pmem ( UnsignedFile.Multi.Generic ) - warning

15:56:07.0406 3384 pmem - detected UnsignedFile.Multi.Generic (1)

15:56:07.0421 3384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:56:07.0500 3384 PptpMiniport - ok

15:56:07.0531 3384 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys

15:56:07.0546 3384 psadd - ok

15:56:07.0562 3384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:56:07.0656 3384 PSched - ok

15:56:07.0671 3384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:56:07.0765 3384 Ptilink - ok

15:56:07.0781 3384 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:56:07.0812 3384 PxHelp20 - ok

15:56:07.0843 3384 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

15:56:07.0937 3384 ql1080 - ok

15:56:07.0968 3384 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

15:56:08.0062 3384 Ql10wnt - ok

15:56:08.0093 3384 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

15:56:08.0203 3384 ql12160 - ok

15:56:08.0218 3384 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

15:56:08.0312 3384 ql1240 - ok

15:56:08.0328 3384 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

15:56:08.0421 3384 ql1280 - ok

15:56:08.0453 3384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:56:08.0546 3384 RasAcd - ok

15:56:08.0562 3384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:56:08.0640 3384 Rasl2tp - ok

15:56:08.0656 3384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:56:08.0765 3384 RasPppoe - ok

15:56:08.0781 3384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:56:08.0875 3384 Raspti - ok

15:56:08.0890 3384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:56:08.0984 3384 Rdbss - ok

15:56:09.0015 3384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:56:09.0109 3384 RDPCDD - ok

15:56:09.0156 3384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:56:09.0250 3384 rdpdr - ok

15:56:09.0296 3384 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:56:09.0328 3384 RDPWD - ok

15:56:09.0343 3384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:56:09.0453 3384 redbook - ok

15:56:09.0500 3384 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys

15:56:09.0593 3384 s24trans - ok

15:56:09.0625 3384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:56:09.0687 3384 Secdrv - ok

15:56:09.0703 3384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

15:56:09.0796 3384 Serial - ok

15:56:09.0828 3384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:56:09.0921 3384 Sfloppy - ok

15:56:09.0968 3384 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

15:56:10.0000 3384 Shockprf - ok

15:56:10.0000 3384 Simbad - ok

15:56:10.0015 3384 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

15:56:10.0109 3384 sisagp - ok

15:56:10.0156 3384 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:56:10.0265 3384 SLIP - ok

15:56:10.0281 3384 snapman380 (5ce1cf27620b144e212d407cdb14d339) C:\WINDOWS\system32\DRIVERS\snman380.sys

15:56:10.0312 3384 snapman380 - ok

15:56:10.0375 3384 SNP2UVC (1ef34706531b188d1ce12127d8233e87) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

15:56:10.0609 3384 SNP2UVC - ok

15:56:10.0671 3384 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

15:56:10.0750 3384 Sparrow - ok

15:56:10.0796 3384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:56:10.0890 3384 splitter - ok

15:56:10.0937 3384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:56:10.0984 3384 sr - ok

15:56:11.0046 3384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:56:11.0109 3384 Srv - ok

15:56:11.0156 3384 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:56:11.0265 3384 streamip - ok

15:56:11.0296 3384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:56:11.0375 3384 swenum - ok

15:56:11.0421 3384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:56:11.0515 3384 swmidi - ok

15:56:11.0546 3384 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

15:56:11.0640 3384 symc810 - ok

15:56:11.0656 3384 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

15:56:11.0750 3384 symc8xx - ok

15:56:11.0765 3384 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

15:56:11.0890 3384 sym_hi - ok

15:56:11.0906 3384 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

15:56:12.0000 3384 sym_u3 - ok

15:56:12.0031 3384 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:56:12.0078 3384 SynTP - ok

15:56:12.0125 3384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:56:12.0234 3384 sysaudio - ok

15:56:12.0296 3384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:56:12.0375 3384 Tcpip - ok

15:56:12.0406 3384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:56:12.0515 3384 TDPIPE - ok

15:56:12.0562 3384 tdrpman174 (d953f161177dab3c8440844a9ab6e5a2) C:\WINDOWS\system32\DRIVERS\tdrpm174.sys

15:56:12.0656 3384 tdrpman174 - ok

15:56:12.0671 3384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:56:12.0750 3384 TDTCP - ok

15:56:12.0781 3384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:56:12.0859 3384 TermDD - ok

15:56:12.0890 3384 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

15:56:12.0906 3384 tifsfilter - ok

15:56:12.0953 3384 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys

15:56:13.0000 3384 timounter - ok

15:56:13.0031 3384 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys

15:56:13.0062 3384 tmactmon - ok

15:56:13.0109 3384 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys

15:56:13.0140 3384 tmcomm - ok

15:56:13.0171 3384 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys

15:56:13.0187 3384 tmevtmgr - ok

15:56:13.0281 3384 TmFilter (717e406972bbc07f8fb2a989416cab73) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

15:56:13.0343 3384 TmFilter - ok

15:56:13.0390 3384 TmPreFilter (379c4f99994a56b66e11d1e32bb22a1c) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

15:56:13.0406 3384 TmPreFilter - ok

15:56:13.0453 3384 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

15:56:13.0484 3384 tmtdi - ok

15:56:13.0515 3384 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

15:56:13.0593 3384 TosIde - ok

15:56:13.0609 3384 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

15:56:13.0640 3384 TPDIGIMN - ok

15:56:13.0656 3384 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

15:56:13.0734 3384 TPHKDRV - ok

15:56:13.0781 3384 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys

15:56:13.0828 3384 tpm - ok

15:56:13.0859 3384 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

15:56:13.0890 3384 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

15:56:13.0890 3384 TPPWRIF - detected UnsignedFile.Multi.Generic (1)

15:56:13.0921 3384 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

15:56:13.0937 3384 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

15:56:13.0937 3384 TSMAPIP - detected UnsignedFile.Multi.Generic (1)

15:56:13.0968 3384 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

15:56:14.0000 3384 tvtfilter - ok

15:56:14.0046 3384 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

15:56:14.0062 3384 TVTI2C - ok

15:56:14.0125 3384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:56:14.0234 3384 Udfs - ok

15:56:14.0281 3384 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

15:56:14.0343 3384 ultra - ok

15:56:14.0359 3384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:56:14.0484 3384 Update - ok

15:56:14.0515 3384 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:56:14.0578 3384 USBAAPL - ok

15:56:14.0609 3384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:56:14.0703 3384 usbccgp - ok

15:56:14.0734 3384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:56:14.0828 3384 usbehci - ok

15:56:14.0843 3384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:56:14.0937 3384 usbhub - ok

15:56:14.0984 3384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:56:15.0062 3384 usbscan - ok

15:56:15.0109 3384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:56:15.0203 3384 USBSTOR - ok

15:56:15.0250 3384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:56:15.0343 3384 usbuhci - ok

15:56:15.0375 3384 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

15:56:15.0468 3384 usbvideo - ok

15:56:15.0500 3384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:56:15.0593 3384 VgaSave - ok

15:56:15.0625 3384 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

15:56:15.0718 3384 viaagp - ok

15:56:15.0734 3384 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

15:56:15.0828 3384 ViaIde - ok

15:56:15.0843 3384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:56:15.0968 3384 VolSnap - ok

15:56:16.0093 3384 VSApiNt (642eb152cb980ad9181b2161066be629) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

15:56:16.0234 3384 VSApiNt - ok

15:56:16.0250 3384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:56:16.0343 3384 Wanarp - ok

15:56:16.0390 3384 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

15:56:16.0468 3384 Wdf01000 - ok

15:56:16.0484 3384 WDICA - ok

15:56:16.0515 3384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:56:16.0609 3384 wdmaud - ok

15:56:16.0656 3384 winachsf (e08ca06bd56b66d6565123445adb37a6) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

15:56:16.0796 3384 winachsf - ok

15:56:16.0828 3384 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:56:16.0921 3384 WmiAcpi - ok

15:56:16.0953 3384 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:56:17.0062 3384 WpdUsb - ok

15:56:17.0109 3384 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:56:17.0218 3384 WSTCODEC - ok

15:56:17.0250 3384 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:56:17.0312 3384 WudfPf - ok

15:56:17.0359 3384 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:56:17.0375 3384 WudfRd - ok

15:56:17.0406 3384 MBR (0x1B8) (11c652d314ef304d5f5a85c7c3e6770e) \Device\Harddisk0\DR0

15:56:17.0453 3384 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:56:17.0453 3384 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:56:17.0468 3384 Boot (0x1200) (6a34a3efb5045d599beb3716ec05435a) \Device\Harddisk0\DR0\Partition0

15:56:17.0468 3384 \Device\Harddisk0\DR0\Partition0 - ok

15:56:17.0468 3384 ============================================================

15:56:17.0468 3384 Scan finished

15:56:17.0468 3384 ============================================================

15:56:17.0578 4720 Detected object count: 7

15:56:17.0578 4720 Actual detected object count: 7

15:56:29.0406 4720 ANC ( UnsignedFile.Multi.Generic ) - skipped by user

15:56:29.0406 4720 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:56:29.0406 4720 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

15:56:29.0406 4720 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:56:29.0500 4720 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

15:56:32.0765 4720 Backup copy not found, trying to cure infected file..

15:56:32.0765 4720 C:\WINDOWS\system32\DRIVERS\netbt.sys - Cure failed (FFFFFFFF)

15:56:32.0765 4720 C:\WINDOWS\system32\DRIVERS\netbt.sys - processing error

15:56:32.0765 4720 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

15:56:32.0765 4720 pmem ( UnsignedFile.Multi.Generic ) - skipped by user

15:56:32.0765 4720 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:56:32.0765 4720 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

15:56:32.0765 4720 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:56:32.0765 4720 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

15:56:32.0765 4720 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:56:32.0765 4720 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:56:32.0765 4720 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:57:22.0859 3784 Deinitialize success

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    netbt.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I put the file from the other computer under the root directory, here's the log...

SystemLook 30.07.11 by jpshortstuff

Log created at 09:12 on 12/11/2011 by JimW

Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"

C:\netbt.sys --a---- 162816 bytes [20:37 11/11/2011] [12:00 04/08/2004] 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [22:49 21/07/2008] [12:00 14/04/2008] ED154B290F10BB9CDE8893C589CFEBE9

-= EOF =-

Link to post
Share on other sites

Delete your current copy of ComboFix, download a new fresh one and then:

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

FCopy::
C:\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of CFScript.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 11-11-12.04 - JimW 11/12/2011 15:38:05.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1235 [GMT -5:00]

Running from: c:\documents and settings\jimw\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\jimw\Desktop\CFScript.txt

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {45AB79F7-2079-41B4-97A8-9709DE6E116B}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\ATGinaHook.dll

c:\windows\system32\AV Security 2012v121.exe

.

.

--------------- FCopy ---------------

.

c:\netbt.sys --> c:\WINDOWS\system32\drivers\netbt.sys

.

((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))

.

.

2011-11-11 20:37 . 2004-08-04 12:00 162816 ------w- C:\netbt.sys

2011-11-10 20:41 . 2011-11-10 20:41 -------- d-----w- c:\documents and settings\jimw\Application Data\mnGG44aQH6sW7fL

2011-11-10 03:04 . 2011-11-10 03:04 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 12:34 . 2010-02-22 22:56 40960 ------w- c:\windows\system32\TpKmpSvc.exe

2011-11-09 04:20 . 2009-03-19 09:48 1680632 ------w- c:\windows\system32\AtService.exe

2011-11-09 02:56 . 2009-11-25 23:50 38176 ------w- c:\windows\system32\ibmpmsvc.exe

2011-11-09 02:18 . 2009-03-19 09:53 98304 ------w- c:\windows\system32\DTS.exe

2011-10-02 21:45 . 2011-06-01 13:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-07-21 22:49 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-21 22:49 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2008-07-21 22:50 1858944 ------w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2010-08-23 13:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48 . 2008-07-21 22:50 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2008-07-21 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-09_15.06.30 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-12 20:53 . 2011-11-12 20:53 16384 c:\windows\temp\Perflib_Perfdata_354.dat

+ 2008-07-21 22:49 . 2008-04-14 12:00 162816 c:\windows\system32\dllcache\netbt.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-20 1594664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-16 513384]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-12-11 431464]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-12-11 181608]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-22 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2009-03-19 09:55 180224 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\1\0]

"Script"=SMS-Public.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-2940\Scripts\Logon\2\0]

"Script"=Accounting.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2232656509-361406962-1938170613-6778\Scripts\Logon\0\0]

"Script"=SEG-DriveMappings.bat

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]

2010-02-03 18:38 11136360 ------w- c:\program files\Garmin\ANT Agent\ANT Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraApplicationLauncher]

2009-03-13 02:12 16384 ------w- c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"44668:TCP"= 44668:TCP:Trend Micro OfficeScan Listener

.

R0 46670402;46670402 Boot Guard Driver;c:\windows\system32\drivers\46670402.sys [6/17/2010 11:51 AM 37392]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2/22/2010 5:57 PM 24304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/23/2010 9:31 AM 64288]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 12:10 PM 20520]

R1 46670401;46670401;c:\windows\system32\drivers\46670401.sys [6/17/2010 11:51 AM 128016]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 3:15 AM 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 4:48 AM 1680632]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2/22/2010 5:57 PM 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 4:53 AM 98304]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/25/2009 7:21 PM 53248]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/16/2010 8:43 AM 51792]

R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [9/30/2009 2:38 PM 262416]

R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/30/2009 2:37 PM 36624]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 9:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 524288]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [11/25/2009 7:11 PM 482176]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/25/2009 6:49 PM 243856]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 9:21 PM 45424]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 4:52 AM 106496]

S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 4:55 AM 118784]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2010 3:04 PM 136176]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]

S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2/4/2008 3:00 PM 497008]

S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2/4/2008 3:00 PM 689416]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-11-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

.

2011-11-13 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-11-26 06:12]

.

2011-11-10 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://finance.yahoo.com/p?k=pf_2

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-12 19:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1104)

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

.

- - - - - - - > 'explorer.exe'(5244)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Trend Micro\BM\TMBMSRV.exe

c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\TpShocks.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\windows\system32\rundll32.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\igfxext.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\windows\System32\logon.scr

.

**************************************************************************

.

Completion time: 2011-11-12 20:04:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-13 01:04

ComboFix2.txt 2011-11-09 19:16

ComboFix3.txt 2011-11-09 15:13

.

Pre-Run: 35,848,175,616 bytes free

Post-Run: 35,788,951,552 bytes free

.

- - End Of File - - 81B95A6C669243DDE76F4FB44807B1BA

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.