Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR: \\. \PHYSICALDRIVE0\Partition 3

Started by padiwonLearner , Feb 16 2012 09:34 PM

  • This topic is locked This topic is locked
21 replies to this topic

#1 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 February 2012 - 09:34 PM

Discovered rootkit problem on win xp running on an IBM t61 laptop.

Malwarebytes found nothing.

Avast was used to discover a rootkit, but it cannot remove the rootkit. (supposedly because of the rootkit being on a separate parition??)

The message from Avast was

Filename: "MBR: \\. \PHYSICALDRIVE0\Partition 3"
Rootkit Name: "Hidden Boot Sector"

Was advised by friend to run HiJackThis and ComboFix and save logs and post them here for advice/guidance. If this is not the correct forum to seek this help please advise.

Here are the HiJackThis and ComboFix Logs respectively.

First: HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:50 PM, on 2/16/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Documents and Settings\[USER ACTUAL NAME REMOVED]\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Standby] "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 9525 bytes



Second: ComboFix

ComboFix 12-02-16.02 - [USER ACTUAL NAME REMOVED] 02/16/2012 18:11:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.466 [GMT -6:00]
Running from: c:\documents and settings\[USER ACTUAL NAME REMOVED]\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\windows-kb890830-v4.3.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-15 14:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 14:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 14:32 . 2012-02-14 14:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-02-14 06:51 . 2012-02-14 06:51 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Malwarebytes
2012-02-14 06:50 . 2012-02-14 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-14 06:50 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 06:47 . 2012-02-14 06:50 -------- d-----w- c:\program files\Malwarebytes
2012-02-14 06:35 . 2012-02-14 06:35 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Corel
2012-02-14 06:35 . 2012-02-14 06:35 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-02-14 06:33 . 2012-02-14 06:36 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Ulead Systems
2012-02-14 06:30 . 2012-02-14 06:32 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-02-14 06:27 . 2012-02-14 06:27 -------- d-----w- c:\windows\system32\windows media
2012-02-14 06:27 . 2012-02-14 06:27 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\program files\Common Files\Apple
2012-02-14 06:24 . 2012-02-14 06:26 -------- d-----w- c:\program files\QuickTime
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Local Settings\Application Data\Apple Computer
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2012-02-14 06:21 . 2012-02-14 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2012-02-14 06:16 . 2012-02-14 06:16 -------- d-----w- c:\program files\Common Files\Protexis
2012-02-14 06:12 . 2012-02-14 06:12 -------- d-----w- c:\program files\Windows Media Components
2012-02-14 06:11 . 2012-02-14 06:15 -------- d-----w- c:\program files\Common Files\Corel
2012-02-14 06:11 . 2012-02-14 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2012-02-14 06:11 . 2012-02-14 06:11 -------- d-----w- c:\program files\Common Files\Ulead Systems
2012-02-14 06:11 . 2012-02-14 06:11 -------- d-----w- c:\program files\Corel
2012-02-14 06:11 . 2007-10-22 09:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2012-02-11 19:17 . 2012-02-11 19:17 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Local Settings\Application Data\WMTools Downloaded Files
2012-01-25 07:01 . 2012-01-25 07:01 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\InterVideo
2012-01-22 21:54 . 2012-01-22 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-01-22 21:27 . 2012-01-22 22:45 -------- d-----w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\HP
2012-01-22 21:26 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-01-22 21:26 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-01-22 21:25 . 2009-04-16 20:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2012-01-22 21:25 . 2009-04-16 20:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2012-01-22 21:25 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2012-01-22 21:25 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2012-01-22 21:25 . 2009-02-10 20:03 966656 ----a-r- c:\windows\system32\hpost_p02c.dll
2012-01-22 21:25 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2012-01-22 21:25 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-01-22 21:25 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-01-22 21:25 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_p02c.dll
2012-01-22 21:21 . 2012-01-22 21:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-22 21:21 . 2012-01-22 21:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-22 21:21 . 2012-01-22 21:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-22 21:21 . 2012-01-22 21:21 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-04-30 06:55 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 14:42 . 2012-01-06 14:42 53248 ----a-r- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-04 16:19 . 2012-01-04 16:19 980616 ----a-w- c:\program files\SkypeSetup.exe
2011-12-20 16:20 . 2011-12-20 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2011-12-07 19:55 . 2011-12-07 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-07 19:55 . 2011-12-07 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-07 19:41 . 2011-12-07 19:41 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2011-12-07 19:41 . 2011-12-07 19:42 129784 ----a-w- c:\windows\system32\pxafs.dll
2011-12-07 19:41 . 2011-12-07 19:42 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2011-12-07 19:41 . 2011-12-07 19:42 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2011-12-07 19:41 . 2006-09-27 21:53 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2011-12-07 19:40 . 2011-12-07 19:40 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-12-07 19:19 . 2011-12-07 19:19 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-07 19:19 . 2011-12-07 19:19 21393 ----a-w- c:\windows\AegisP.sys
2011-11-28 18:01 . 2011-12-20 16:57 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-20 16:57 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-20 16:59 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-20 16:58 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-20 16:59 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-20 16:58 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-20 16:58 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-20 16:58 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-20 16:58 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-20 16:58 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-20 16:59 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-20 16:58 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-20 16:57 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-01-22 21:21 . 2011-12-19 15:22 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
c:\documents and settings\[USER ACTUAL NAME REMOVED]\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\[USER ACTUAL NAME REMOVED]\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [12/20/2011 10:57 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [12/20/2011 10:58 AM 195416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 7:47 PM 19760]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12/20/2011 10:59 AM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/20/2011 10:58 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/20/2011 10:59 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2011 10:59 AM 20568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [12/10/2011 4:33 PM 135168]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 3:26 AM 450848]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [12/7/2011 1:02 PM 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 2:42 PM 35264]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [12/20/2011 10:57 AM 127192]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 3:26 AM 22176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\135.tmp --> c:\windows\system32\135.tmp [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\RICHJE~1\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\mfe_rr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 DQ;DQ;c:\docume~1\RICHJE~1\LOCALS~1\Temp\DQ.exe --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\DQ.exe [?]
S4 ZF;ZF;c:\docume~1\RICHJE~1\LOCALS~1\Temp\ZF.exe --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\ZF.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2012-02-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-07 16:16]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Mozilla\Firefox\Profiles\85yzp8xf.default\
FF - prefs.js: browser.startup.homepage - Mindyum.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\135.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aavmker4]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
"ImagePath"="\SystemRoot\system32\DRIVERS\ABP480N5.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ac97intc]
"ImagePath"="system32\drivers\ac97intc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AcPrfMgrSvc]
"ImagePath"="c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AcSvc]
"ImagePath"="c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AEAudio]
"ImagePath"="system32\drivers\AEAudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\DRIVERS\agp440.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agpCPQ]
"ImagePath"="\SystemRoot\system32\DRIVERS\agpCPQ.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
"ImagePath"="\SystemRoot\system32\DRIVERS\aha154x.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78u2.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78xx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\aliide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\alim1541]
"ImagePath"="\SystemRoot\system32\DRIVERS\alim1541.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
"ImagePath"="\SystemRoot\system32\DRIVERS\amsint.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ANC]
"ImagePath"="System32\drivers\ANC.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc3350p.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
"ImagePath"="\SystemRoot\system32\DRIVERS\asc3550.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswFsBlk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswFW]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMon2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswNdis]
"ImagePath"="system32\DRIVERS\aswNdis.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswNdis2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswRdr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSnx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswSP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atmeltpm]
"ImagePath"="system32\DRIVERS\atmeltpm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Antivirus]
"ImagePath"="\"c:\program files\AVAST Software\Avast\AvastSvc.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast! Firewall]
"ImagePath"="\"c:\program files\AVAST Software\Avast\afwServ.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTKRNL]
"ImagePath"="system32\DRIVERS\btkrnl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\btwdins]
"ImagePath"="c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTWUSB]
"ImagePath"="System32\Drivers\btwusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\RICHJE~1\LOCALS~1\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf]
"ImagePath"="\SystemRoot\system32\DRIVERS\cbidf2k.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="\SystemRoot\system32\DRIVERS\cd20xrnt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CertPropSvc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CompFilter]
"ImagePath"="system32\DRIVERS\lvbusflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="\SystemRoot\system32\DRIVERS\cpqarray.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="\SystemRoot\system32\DRIVERS\dac2w2k.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="\SystemRoot\system32\DRIVERS\dac960nt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Diskeeper]
"ImagePath"="\"c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLABOIOM]
"ImagePath"="System32\DLA\DLABOIOM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLACDBHM]
"ImagePath"="System32\Drivers\DLACDBHM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLADResN]
"ImagePath"="System32\DLA\DLADResN.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLAIFS_M]
"ImagePath"="System32\DLA\DLAIFS_M.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLAOPIOM]
"ImagePath"="System32\DLA\DLAOPIOM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLAPoolM]
"ImagePath"="System32\DLA\DLAPoolM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLARTL_N]
"ImagePath"="System32\Drivers\DLARTL_N.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLAUDFAM]
"ImagePath"="System32\DLA\DLAUDFAM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DLAUDF_M]
"ImagePath"="System32\DLA\DLAUDF_M.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="\SystemRoot\system32\DRIVERS\dpti2o.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DQ]
"ImagePath"="c:\docume~1\RICHJE~1\LOCALS~1\Temp\DQ.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DRVMCDB]
"ImagePath"="System32\Drivers\DRVMCDB.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DRVNDDM]
"ImagePath"="System32\Drivers\DRVNDDM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e1express]
"ImagePath"="system32\DRIVERS\e1e5132.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EvtEng]
"ImagePath"="c:\program files\Intel\Wireless\Bin\EvtEng.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="\SystemRoot\system32\DRIVERS\hpn.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqcxs08]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPSLPSVC]
"ServiceDll"="c:\program files\HP\Digital Imaging\bin\HPSLPSVC32.DLL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWAZL]
"ImagePath"="system32\DRIVERS\HSFHWAZL.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DPV]
"ImagePath"="system32\DRIVERS\HSF_DPV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\DRIVERS\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IBMPMDRV]
"ImagePath"="system32\DRIVERS\ibmpmdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IBMPMSVC]
"ImagePath"="%SystemRoot%\system32\ibmpmsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IBMTPCHK]
"ImagePath"="\??\c:\windows\system32\Drivers\IBMBLDID.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="\SystemRoot\system32\DRIVERS\ini910u.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSSVC]
"ImagePath"="%SystemRoot%\system32\IPSSVC.EXE"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iviaspi]
"ImagePath"="system32\drivers\iviaspi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IviRegMgr]
"ImagePath"="c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LenovoRd]
"ImagePath"="System32\Drivers\LenovoRd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVRS]
"ImagePath"="system32\DRIVERS\lvrs.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUVC]
"ImagePath"="system32\DRIVERS\lvuvc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="system32\DRIVERS\mdmxsdk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\135.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR]
"ImagePath"="\??\c:\docume~1\RICHJE~1\LOCALS~1\Temp\mfe_rr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="\SystemRoot\system32\DRIVERS\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETw4x32]
"ImagePath"="system32\DRIVERS\NETw4x32.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NPDriver]
"ImagePath"="\??\c:\windows\system32\Drivers\NPDRIVER.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NProtectService]
"ImagePath"="c:\program files\Norton Utilities\NPROTECT.EXE"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="\SystemRoot\system32\DRIVERS\perc2hib.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmem]
"ImagePath"="\??\c:\windows\System32\drivers\pmemnt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PROCDD]
"ImagePath"="system32\DRIVERS\PROCDD.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\psadd]
"ImagePath"="system32\DRIVERS\psadd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSI_SVC_2]
"ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1080.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql10wnt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql12160.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1240.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql1280.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegSrvc]
"ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rimmptsk]
"ImagePath"="system32\DRIVERS\rimmptsk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rimsptsk]
"ImagePath"="system32\DRIVERS\rimsptsk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rismxdp]
"ImagePath"="system32\DRIVERS\rixdptsk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitor]
"ImagePath"="c:\program files\Intel\Wireless\Bin\S24EvMon.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s24trans]
"ImagePath"="system32\DRIVERS\s24trans.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Shockprf]
"ImagePath"="System32\DRIVERS\Apsx86.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="\SystemRoot\system32\DRIVERS\sparrow.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Speed Disk service]
"ImagePath"="c:\program files\Speed Disk\nopdb.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SUService]
"ImagePath"="c:\program files\lenovo\system update\suservice.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{6DB330A3-8CC9-4272-8D33-F9A05B79EAAB}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc810.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]
"ImagePath"="\??\c:\program files\Symantec\SYMEVENT.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThinkVantage Registry Monitor Service]
"ImagePath"="\"c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\toside.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TPDIGIMN]
"ImagePath"="System32\DRIVERS\ApsHM86.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TPHDEXLGSVC]
"ImagePath"="System32\TPHDEXLG.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TPHKDRV]
"ImagePath"="system32\DRIVERS\TPHKDRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TPPWRIF]
"ImagePath"="System32\drivers\Tppwrif.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSMAPIP]
"ImagePath"="System32\drivers\TSMAPIP.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSSCoreService]
"ImagePath"="\"c:\program files\Lenovo\Client Security Solution\tvttcsd.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVT Backup Protection Service]
"ImagePath"="\"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVT Backup Service]
"ImagePath"="\"c:\program files\Lenovo\Rescue and Recovery\rrservice.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVT Scheduler]
"ImagePath"="\"c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvtfilter]
"ImagePath"="system32\DRIVERS\tvtfilter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVTI2C]
"ImagePath"="system32\DRIVERS\Tvti2c.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvtnetwk]
"ImagePath"="c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TVTPktFilter]
"ImagePath"="system32\DRIVERS\tvtpktfilter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UIUSys]
"ImagePath"="system32\DRIVERS\UIUSYS.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="\SystemRoot\system32\DRIVERS\ultra.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMVPFSrv]
"ImagePath"="c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="System32\Drivers\wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMConnectCDS]
"ImagePath"="c:\program files\Windows Media Connect 2\wmccds.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZF]
"ImagePath"="c:\docume~1\RICHJE~1\LOCALS~1\Temp\ZF.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{028A42E4-4CA4-4D0A-9D4A-31C13879676C}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6CC31B2C-FB83-41FF-8BF7-961525849B6D}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7F453750-55AC-4688-8E36-E6ACF9E39F57}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{F1AEB9B6-C49A-4CA3-8CBA-79750E7ABAFE}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(276)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
- - - - - - - > 'explorer.exe'(6112)
c:\windows\system32\WININET.dll
c:\documents and settings\[USER ACTUAL NAME REMOVED]\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Canon\MyPrinter\BJMyPrt.exe
c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
c:\program files\HP\HP Software Update\HPWuSchd2.exe
c:\program files\AVAST Software\Avast\avastUI.exe
c:\program files\Logitech\LWS\Webcam Software\LWS.exe
c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
c:\program files\Common Files\Corel\Standby\Standby.exe
.
**************************************************************************
.
Completion time: 2012-02-16 19:03:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 01:03
.
Pre-Run: 66,744,197,120 bytes free
Post-Run: 67,138,084,864 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6CAE4FC43ACC9E1EE62CC1D74AEF74EC


------------------
Update:
Read instructions, posting more here now
Contents of DDS.txt below
------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by [actual user replaced] at 21:06:41 on 2012-02-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.279 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
svchost.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\[actual user replaced]\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Corel\Standby\Standby.exe
.
============== Pseudo HJT Report ===============
.
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
StartupFolder: c:\docume~1\richje~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\[actual user replaced]\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{6CC31B2C-FB83-41FF-8BF7-961525849B6D} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\[actual user replaced]\application data\mozilla\firefox\profiles\85yzp8xf.default\
FF - prefs.js: browser.startup.homepage - Mindyum.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-12-20 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-12-20 195416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-12-20 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-20 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-20 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-20 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-20 44768]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-12-20 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NProtectService;Norton Unerase Protection;c:\program files\norton utilities\NPROTECT.EXE [2011-12-10 135168]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2011-12-7 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-8-19 22176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\135.tmp --> c:\windows\system32\135.tmp [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\richje~1\locals~1\temp\mfe_rr.sys --> c:\docume~1\richje~1\locals~1\temp\mfe_rr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DQ;DQ;c:\docume~1\richje~1\locals~1\temp\dq.exe --> c:\docume~1\richje~1\locals~1\temp\DQ.exe [?]
S4 ZF;ZF;c:\docume~1\richje~1\locals~1\temp\zf.exe --> c:\docume~1\richje~1\locals~1\temp\ZF.exe [?]
.
=============== Created Last 30 ================
.
2012-02-17 00:06:54 -------- d-sha-r- C:\cmdcons
2012-02-17 00:03:36 98816 ----a-w- c:\windows\sed.exe
2012-02-17 00:03:36 518144 ----a-w- c:\windows\SWREG.exe
2012-02-17 00:03:36 256000 ----a-w- c:\windows\PEV.exe
2012-02-17 00:03:36 208896 ----a-w- c:\windows\MBR.exe
2012-02-17 00:03:19 -------- d-----w- C:\ComboFix
2012-02-15 14:37:28 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 14:37:28 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 06:51:11 -------- d-----w- c:\documents and settings\[actual user replaced]\application data\Malwarebytes
2012-02-14 06:50:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-14 06:50:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 06:47:07 -------- d-----w- c:\program files\Malwarebytes
2012-02-14 06:35:06 952 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-02-14 06:27:58 -------- d-----w- c:\windows\system32\windows media
2012-02-14 06:27:19 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-02-14 06:26:17 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-02-14 06:24:37 -------- d-----w- c:\documents and settings\[actual user replaced]\local settings\application data\Apple Computer
2012-02-14 06:24:03 -------- d-----w- c:\documents and settings\all users\application data\InterVideo
2012-02-14 06:21:42 -------- d-----w- c:\documents and settings\all users\application data\Corel
2012-02-14 06:16:14 -------- d-----w- c:\program files\common files\Protexis
2012-02-14 06:12:26 -------- d-----w- c:\program files\Windows Media Components
2012-02-14 06:11:50 -------- d-----w- c:\program files\common files\Ulead Systems
2012-02-14 06:11:50 -------- d-----w- c:\program files\common files\Corel
2012-02-14 06:11:12 -------- d-----w- c:\program files\Corel
2012-02-14 06:11:00 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2012-02-11 19:17:05 -------- d-----w- c:\documents and settings\[actual user replaced]\local settings\application data\WMTools Downloaded Files
2012-01-22 21:54:22 -------- d-----w- c:\documents and settings\all users\application data\WEBREG
2012-01-22 21:26:39 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-01-22 21:26:29 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-01-22 21:25:47 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2012-01-22 21:25:46 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2012-01-22 21:25:44 452408 ----a-r- c:\windows\system32\hpzids01.dll
2012-01-22 21:25:35 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2012-01-22 21:25:21 966656 ----a-r- c:\windows\system32\hpost_p02c.dll
2012-01-22 21:25:21 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-01-22 21:25:21 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2012-01-22 21:25:21 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-01-22 21:25:20 712704 ----a-r- c:\windows\system32\hposwia_p02c.dll
2012-01-22 21:21:23 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-22 21:21:23 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-22 21:21:23 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-22 21:21:23 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 16:19:58 980616 ----a-w- c:\program files\SkypeSetup.exe
2011-12-20 16:20:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
2011-12-07 19:55:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-07 19:55:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-07 19:41:42 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2011-12-07 19:41:27 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2011-12-07 19:41:27 129784 ----a-w- c:\windows\system32\pxafs.dll
2011-12-07 19:41:27 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2011-12-07 19:41:27 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2011-12-07 19:40:40 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-12-07 19:19:15 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-07 19:19:15 21393 ----a-w- c:\windows\AegisP.sys
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:26:19 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
.
============= FINISH: 21:08:30.73 ===============

Edited by Orange Blossom, 17 February 2012 - 12:35 AM.
Moved to log forum. ~ OB

 

  • BC Ads
  • BleepingComputer.com

#2 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 17 February 2012 - 02:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#3 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 17 February 2012 - 11:38 AM

Results of Antirootkit scan: (TDSSKiller)

10:36:28.0015 4148 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:36:28.0390 4148 ============================================================
10:36:28.0390 4148 Current date / time: 2012/02/17 10:36:28.0390
10:36:28.0390 4148 SystemInfo:
10:36:28.0390 4148
10:36:28.0390 4148 OS Version: 5.1.2600 ServicePack: 3.0
10:36:28.0390 4148 Product type: Workstation
10:36:28.0390 4148 ComputerName: LENOVO-1E8ECC6B
10:36:28.0390 4148 UserName: [replaced actual user info]
10:36:28.0390 4148 Windows directory: C:\WINDOWS
10:36:28.0390 4148 System windows directory: C:\WINDOWS
10:36:28.0390 4148 Processor architecture: Intel x86
10:36:28.0390 4148 Number of processors: 2
10:36:28.0390 4148 Page size: 0x1000
10:36:28.0390 4148 Boot type: Normal boot
10:36:28.0390 4148 ============================================================
10:36:30.0531 4148 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:36:30.0546 4148 \Device\Harddisk0\DR0:
10:36:30.0546 4148 MBR used
10:36:30.0546 4148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD46A171
10:36:30.0593 4148 Initialize success
10:36:30.0593 4148 ============================================================
10:36:39.0140 6004 ============================================================
10:36:39.0140 6004 Scan started
10:36:39.0140 6004 Mode: Manual;
10:36:39.0140 6004 ============================================================
10:36:39.0562 6004 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:36:39.0562 6004 Aavmker4 - ok
10:36:39.0593 6004 Abiosdsk - ok
10:36:39.0656 6004 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:36:39.0656 6004 abp480n5 - ok
10:36:39.0750 6004 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
10:36:39.0750 6004 ac97intc - ok
10:36:39.0843 6004 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:36:39.0859 6004 ACPI - ok
10:36:39.0890 6004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:36:39.0890 6004 ACPIEC - ok
10:36:39.0953 6004 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:36:39.0968 6004 ADIHdAudAddService - ok
10:36:40.0093 6004 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:36:40.0109 6004 adpu160m - ok
10:36:40.0156 6004 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
10:36:40.0171 6004 AEAudio - ok
10:36:40.0218 6004 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:36:40.0234 6004 aec - ok
10:36:40.0312 6004 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:36:40.0312 6004 AegisP - ok
10:36:40.0390 6004 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:36:40.0406 6004 AFD - ok
10:36:40.0484 6004 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:36:40.0484 6004 agp440 - ok
10:36:40.0625 6004 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:36:40.0625 6004 agpCPQ - ok
10:36:40.0687 6004 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:36:40.0687 6004 Aha154x - ok
10:36:40.0734 6004 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:36:40.0734 6004 aic78u2 - ok
10:36:40.0765 6004 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:36:40.0765 6004 aic78xx - ok
10:36:40.0828 6004 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:36:40.0828 6004 AliIde - ok
10:36:40.0906 6004 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:36:40.0906 6004 alim1541 - ok
10:36:41.0000 6004 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:36:41.0000 6004 amdagp - ok
10:36:41.0125 6004 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:36:41.0125 6004 amsint - ok
10:36:41.0218 6004 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
10:36:41.0218 6004 ANC - ok
10:36:41.0296 6004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:36:41.0296 6004 Arp1394 - ok
10:36:41.0359 6004 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:36:41.0375 6004 asc - ok
10:36:41.0421 6004 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:36:41.0421 6004 asc3350p - ok
10:36:41.0468 6004 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:36:41.0484 6004 asc3550 - ok
10:36:41.0562 6004 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:36:41.0562 6004 aswFsBlk - ok
10:36:41.0625 6004 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys
10:36:41.0625 6004 aswFW - ok
10:36:41.0750 6004 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
10:36:41.0750 6004 aswMon2 - ok
10:36:41.0812 6004 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
10:36:41.0812 6004 aswNdis - ok
10:36:41.0859 6004 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys
10:36:41.0875 6004 aswNdis2 - ok
10:36:41.0937 6004 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
10:36:41.0937 6004 aswRdr - ok
10:36:42.0000 6004 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
10:36:42.0046 6004 aswSnx - ok
10:36:42.0125 6004 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
10:36:42.0140 6004 aswSP - ok
10:36:42.0296 6004 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
10:36:42.0296 6004 aswTdi - ok
10:36:42.0359 6004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:36:42.0359 6004 AsyncMac - ok
10:36:42.0437 6004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:36:42.0437 6004 atapi - ok
10:36:42.0484 6004 Atdisk - ok
10:36:42.0546 6004 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:36:42.0562 6004 Atmarpc - ok
10:36:42.0640 6004 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
10:36:42.0640 6004 atmeltpm - ok
10:36:42.0687 6004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:36:42.0687 6004 audstub - ok
10:36:42.0765 6004 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:36:42.0765 6004 Beep - ok
10:36:42.0937 6004 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:36:43.0015 6004 BTKRNL - ok
10:36:43.0109 6004 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
10:36:43.0109 6004 BTWUSB - ok
10:36:43.0140 6004 catchme - ok
10:36:43.0203 6004 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:36:43.0218 6004 cbidf - ok
10:36:43.0265 6004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:36:43.0265 6004 cbidf2k - ok
10:36:43.0359 6004 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:36:43.0375 6004 CCDECODE - ok
10:36:43.0421 6004 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:36:43.0421 6004 cd20xrnt - ok
10:36:43.0531 6004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:36:43.0531 6004 Cdaudio - ok
10:36:43.0609 6004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:36:43.0609 6004 Cdfs - ok
10:36:43.0687 6004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:36:43.0687 6004 Cdrom - ok
10:36:43.0734 6004 Changer - ok
10:36:43.0781 6004 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:36:43.0781 6004 CmBatt - ok
10:36:43.0906 6004 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:36:43.0906 6004 CmdIde - ok
10:36:44.0000 6004 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:36:44.0000 6004 Compbatt - ok
10:36:44.0078 6004 CompFilter (bc6b87086ff0d99f87fe8af9a919a1e7) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
10:36:44.0078 6004 CompFilter - ok
10:36:44.0156 6004 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:36:44.0156 6004 Cpqarray - ok
10:36:44.0234 6004 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:36:44.0234 6004 dac2w2k - ok
10:36:44.0281 6004 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:36:44.0296 6004 dac960nt - ok
10:36:44.0375 6004 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:36:44.0375 6004 Disk - ok
10:36:44.0531 6004 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:36:44.0531 6004 DLABOIOM - ok
10:36:44.0578 6004 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:36:44.0578 6004 DLACDBHM - ok
10:36:44.0609 6004 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
10:36:44.0625 6004 DLADResN - ok
10:36:44.0656 6004 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:36:44.0656 6004 DLAIFS_M - ok
10:36:44.0703 6004 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:36:44.0703 6004 DLAOPIOM - ok
10:36:44.0734 6004 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:36:44.0734 6004 DLAPoolM - ok
10:36:44.0812 6004 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:36:44.0812 6004 DLARTL_N - ok
10:36:44.0968 6004 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:36:44.0968 6004 DLAUDFAM - ok
10:36:45.0000 6004 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:36:45.0015 6004 DLAUDF_M - ok
10:36:45.0125 6004 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:36:45.0171 6004 dmboot - ok
10:36:45.0203 6004 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:36:45.0218 6004 dmio - ok
10:36:45.0250 6004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:36:45.0250 6004 dmload - ok
10:36:45.0359 6004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:36:45.0359 6004 DMusic - ok
10:36:45.0421 6004 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:36:45.0421 6004 dpti2o - ok
10:36:45.0531 6004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:36:45.0531 6004 drmkaud - ok
10:36:45.0609 6004 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:36:45.0609 6004 DRVMCDB - ok
10:36:45.0640 6004 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:36:45.0640 6004 DRVNDDM - ok
10:36:45.0687 6004 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:36:45.0703 6004 E100B - ok
10:36:45.0812 6004 e1express (b1e9161ba28d5b826e49a1d0ded7fcc4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:36:45.0828 6004 e1express - ok
10:36:46.0031 6004 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:36:46.0031 6004 Fastfat - ok
10:36:46.0093 6004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:36:46.0093 6004 Fdc - ok
10:36:46.0156 6004 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:36:46.0156 6004 Fips - ok
10:36:46.0203 6004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:36:46.0203 6004 Flpydisk - ok
10:36:46.0312 6004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:36:46.0312 6004 FltMgr - ok
10:36:46.0390 6004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:36:46.0390 6004 Fs_Rec - ok
10:36:46.0484 6004 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:36:46.0500 6004 Ftdisk - ok
10:36:46.0578 6004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:36:46.0578 6004 Gpc - ok
10:36:46.0609 6004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:36:46.0609 6004 HDAudBus - ok
10:36:46.0671 6004 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:36:46.0687 6004 HidUsb - ok
10:36:46.0718 6004 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:36:46.0750 6004 hpn - ok
10:36:46.0812 6004 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:36:46.0812 6004 HPZid412 - ok
10:36:46.0859 6004 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:36:46.0859 6004 HPZipr12 - ok
10:36:46.0921 6004 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:36:46.0937 6004 HPZius12 - ok
10:36:46.0984 6004 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:36:47.0000 6004 HSFHWAZL - ok
10:36:47.0078 6004 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:36:47.0125 6004 HSF_DPV - ok
10:36:47.0218 6004 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:36:47.0218 6004 HTTP - ok
10:36:47.0312 6004 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:36:47.0312 6004 i2omgmt - ok
10:36:47.0453 6004 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:36:47.0453 6004 i2omp - ok
10:36:47.0531 6004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:36:47.0546 6004 i8042prt - ok
10:36:47.0640 6004 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:36:47.0640 6004 iaStor - ok
10:36:47.0718 6004 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
10:36:47.0718 6004 IBMPMDRV - ok
10:36:47.0812 6004 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
10:36:47.0812 6004 IBMTPCHK - ok
10:36:47.0953 6004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:36:47.0953 6004 Imapi - ok
10:36:48.0046 6004 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:36:48.0046 6004 ini910u - ok
10:36:48.0125 6004 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:36:48.0125 6004 IntelIde - ok
10:36:48.0171 6004 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:36:48.0171 6004 intelppm - ok
10:36:48.0234 6004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:36:48.0234 6004 Ip6Fw - ok
10:36:48.0296 6004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:36:48.0312 6004 IpFilterDriver - ok
10:36:48.0375 6004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:36:48.0375 6004 IpInIp - ok
10:36:48.0531 6004 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:36:48.0531 6004 IpNat - ok
10:36:48.0593 6004 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:36:48.0593 6004 IPSec - ok
10:36:48.0671 6004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:36:48.0671 6004 IRENUM - ok
10:36:48.0750 6004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:36:48.0750 6004 isapnp - ok
10:36:48.0828 6004 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
10:36:48.0843 6004 Iviaspi - ok
10:36:48.0968 6004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:36:48.0968 6004 Kbdclass - ok
10:36:49.0015 6004 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:36:49.0015 6004 kmixer - ok
10:36:49.0078 6004 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:36:49.0078 6004 KSecDD - ok
10:36:49.0140 6004 lbrtfdc - ok
10:36:49.0218 6004 LenovoRd (007c3a7e6a864ab2b8c52df717a7254c) C:\WINDOWS\system32\Drivers\LenovoRd.sys
10:36:49.0234 6004 LenovoRd - ok
10:36:49.0359 6004 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys
10:36:49.0375 6004 LVRS - ok
10:36:49.0656 6004 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
10:36:49.0859 6004 LVUVC - ok
10:36:50.0015 6004 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:36:50.0015 6004 mdmxsdk - ok
10:36:50.0046 6004 MEMSWEEP2 - ok
10:36:50.0156 6004 MFE_RR - ok
10:36:50.0203 6004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:36:50.0203 6004 mnmdd - ok
10:36:50.0312 6004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:36:50.0312 6004 Modem - ok
10:36:50.0421 6004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:36:50.0437 6004 Mouclass - ok
10:36:50.0546 6004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:36:50.0546 6004 mouhid - ok
10:36:50.0609 6004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:36:50.0609 6004 MountMgr - ok
10:36:50.0656 6004 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:36:50.0656 6004 mraid35x - ok
10:36:50.0703 6004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:36:50.0703 6004 MRxDAV - ok
10:36:50.0812 6004 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:36:50.0859 6004 MRxSmb - ok
10:36:50.0953 6004 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:36:50.0968 6004 Msfs - ok
10:36:51.0046 6004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:36:51.0046 6004 MSKSSRV - ok
10:36:51.0078 6004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:36:51.0078 6004 MSPCLOCK - ok
10:36:51.0109 6004 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:36:51.0109 6004 MSPQM - ok
10:36:51.0140 6004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:36:51.0140 6004 mssmbios - ok
10:36:51.0203 6004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:36:51.0203 6004 MSTEE - ok
10:36:51.0250 6004 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:36:51.0250 6004 Mup - ok
10:36:51.0281 6004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:36:51.0296 6004 NABTSFEC - ok
10:36:51.0375 6004 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:36:51.0375 6004 NDIS - ok
10:36:51.0421 6004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:36:51.0421 6004 NdisIP - ok
10:36:51.0515 6004 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:36:51.0515 6004 NdisTapi - ok
10:36:51.0656 6004 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:36:51.0671 6004 Ndisuio - ok
10:36:51.0703 6004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:36:51.0703 6004 NdisWan - ok
10:36:51.0781 6004 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:36:51.0781 6004 NDProxy - ok
10:36:51.0828 6004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:36:51.0828 6004 NetBIOS - ok
10:36:51.0921 6004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:36:51.0921 6004 NetBT - ok
10:36:52.0156 6004 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
10:36:52.0265 6004 NETw4x32 - ok
10:36:52.0375 6004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:36:52.0375 6004 NIC1394 - ok
10:36:52.0453 6004 NPDriver (c0e6afd4c945331475141f0fbb7f950e) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
10:36:52.0468 6004 NPDriver - ok
10:36:52.0546 6004 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:36:52.0546 6004 Npfs - ok
10:36:52.0640 6004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:36:52.0671 6004 Ntfs - ok
10:36:52.0765 6004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:36:52.0765 6004 Null - ok
10:36:53.0156 6004 nv (8f91d713ebb1682f36dd93525861149f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:36:53.0468 6004 nv - ok
10:36:53.0562 6004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:36:53.0578 6004 NwlnkFlt - ok
10:36:53.0671 6004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:36:53.0671 6004 NwlnkFwd - ok
10:36:53.0750 6004 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:36:53.0750 6004 ohci1394 - ok
10:36:53.0796 6004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:36:53.0796 6004 Parport - ok
10:36:53.0984 6004 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:36:53.0984 6004 PartMgr - ok
10:36:54.0078 6004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:36:54.0078 6004 ParVdm - ok
10:36:54.0125 6004 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:36:54.0140 6004 PCI - ok
10:36:54.0156 6004 PCIDump - ok
10:36:54.0203 6004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:36:54.0203 6004 PCIIde - ok
10:36:54.0312 6004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:36:54.0328 6004 Pcmcia - ok
10:36:54.0343 6004 PDCOMP - ok
10:36:54.0390 6004 PDFRAME - ok
10:36:54.0421 6004 PDRELI - ok
10:36:54.0453 6004 PDRFRAME - ok
10:36:54.0562 6004 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:36:54.0578 6004 perc2 - ok
10:36:54.0609 6004 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:36:54.0609 6004 perc2hib - ok
10:36:54.0703 6004 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
10:36:54.0703 6004 pmem - ok
10:36:54.0843 6004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:36:54.0843 6004 PptpMiniport - ok
10:36:54.0921 6004 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
10:36:54.0921 6004 PROCDD - ok
10:36:54.0953 6004 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:36:54.0968 6004 Processor - ok
10:36:55.0078 6004 psadd (ce5114c9d3ab67e6f6f8017c5f975292) C:\WINDOWS\system32\DRIVERS\psadd.sys
10:36:55.0093 6004 psadd - ok
10:36:55.0125 6004 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:36:55.0125 6004 PSched - ok
10:36:55.0187 6004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:36:55.0203 6004 Ptilink - ok
10:36:55.0328 6004 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:36:55.0343 6004 PxHelp20 - ok
10:36:55.0375 6004 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:36:55.0390 6004 ql1080 - ok
10:36:55.0421 6004 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:36:55.0421 6004 Ql10wnt - ok
10:36:55.0484 6004 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:36:55.0500 6004 ql12160 - ok
10:36:55.0515 6004 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:36:55.0531 6004 ql1240 - ok
10:36:55.0546 6004 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:36:55.0562 6004 ql1280 - ok
10:36:55.0625 6004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:36:55.0640 6004 RasAcd - ok
10:36:55.0765 6004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:36:55.0765 6004 Rasl2tp - ok
10:36:55.0796 6004 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:36:55.0796 6004 RasPppoe - ok
10:36:55.0859 6004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:36:55.0875 6004 Raspti - ok
10:36:55.0906 6004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:36:55.0921 6004 Rdbss - ok
10:36:55.0984 6004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:36:56.0000 6004 RDPCDD - ok
10:36:56.0031 6004 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:36:56.0031 6004 rdpdr - ok
10:36:56.0109 6004 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:36:56.0125 6004 RDPWD - ok
10:36:56.0250 6004 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:36:56.0250 6004 redbook - ok
10:36:56.0343 6004 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:36:56.0343 6004 rimmptsk - ok
10:36:56.0406 6004 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:36:56.0421 6004 rimsptsk - ok
10:36:56.0437 6004 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:36:56.0453 6004 rismxdp - ok
10:36:56.0531 6004 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:36:56.0546 6004 s24trans - ok
10:36:56.0640 6004 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:36:56.0640 6004 sdbus - ok
10:36:56.0765 6004 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:36:56.0765 6004 Secdrv - ok
10:36:56.0828 6004 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:36:56.0828 6004 serenum - ok
10:36:56.0875 6004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:36:56.0875 6004 Serial - ok
10:36:56.0968 6004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:36:56.0968 6004 Sfloppy - ok
10:36:57.0062 6004 Shockprf (6873edc0d75e1e255208442ea3e018c1) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
10:36:57.0062 6004 Shockprf - ok
10:36:57.0093 6004 Simbad - ok
10:36:57.0171 6004 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:36:57.0171 6004 sisagp - ok
10:36:57.0312 6004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:36:57.0312 6004 SLIP - ok
10:36:57.0390 6004 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:36:57.0406 6004 Sparrow - ok
10:36:57.0468 6004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:36:57.0468 6004 splitter - ok
10:36:57.0484 6004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:36:57.0500 6004 sr - ok
10:36:57.0578 6004 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:36:57.0593 6004 Srv - ok
10:36:57.0640 6004 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:36:57.0640 6004 streamip - ok
10:36:57.0687 6004 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:36:57.0687 6004 swenum - ok
10:36:57.0703 6004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:36:57.0718 6004 swmidi - ok
10:36:57.0765 6004 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:36:57.0765 6004 symc810 - ok
10:36:57.0781 6004 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:36:57.0781 6004 symc8xx - ok
10:36:57.0875 6004 SymEvent (a7e2d7ff88cc7a60874deaa0c7630217) C:\Program Files\Symantec\SYMEVENT.SYS
10:36:57.0875 6004 SymEvent - ok
10:36:57.0953 6004 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:36:57.0953 6004 sym_hi - ok
10:36:58.0046 6004 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:36:58.0062 6004 sym_u3 - ok
10:36:58.0156 6004 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:36:58.0156 6004 SynTP - ok
10:36:58.0234 6004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:36:58.0250 6004 sysaudio - ok
10:36:58.0343 6004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:36:58.0359 6004 Tcpip - ok
10:36:58.0421 6004 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:36:58.0421 6004 TDPIPE - ok
10:36:58.0546 6004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:36:58.0546 6004 TDTCP - ok
10:36:58.0625 6004 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:36:58.0625 6004 TermDD - ok
10:36:58.0734 6004 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:36:58.0750 6004 TosIde - ok
10:36:58.0843 6004 TPDIGIMN (9c72fdd0fa2d3be3bd5cca211fb19916) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
10:36:58.0843 6004 TPDIGIMN - ok
10:36:58.0921 6004 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
10:36:58.0921 6004 TPHKDRV - ok
10:36:59.0015 6004 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
10:36:59.0015 6004 TPPWRIF - ok
10:36:59.0109 6004 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
10:36:59.0125 6004 TSMAPIP - ok
10:36:59.0265 6004 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
10:36:59.0265 6004 tvtfilter - ok
10:36:59.0328 6004 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
10:36:59.0343 6004 TVTI2C - ok
10:36:59.0421 6004 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
10:36:59.0437 6004 TVTPktFilter - ok
10:36:59.0500 6004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:36:59.0515 6004 Udfs - ok
10:36:59.0609 6004 UIUSys - ok
10:36:59.0671 6004 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:36:59.0687 6004 ultra - ok
10:36:59.0765 6004 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:36:59.0781 6004 Update - ok
10:36:59.0890 6004 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:36:59.0890 6004 usbaudio - ok
10:36:59.0968 6004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:36:59.0968 6004 usbccgp - ok
10:37:00.0046 6004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:37:00.0046 6004 usbehci - ok
10:37:00.0156 6004 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:37:00.0171 6004 usbhub - ok
10:37:00.0265 6004 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:37:00.0265 6004 usbprint - ok
10:37:00.0296 6004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:37:00.0312 6004 usbscan - ok
10:37:00.0343 6004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:37:00.0343 6004 USBSTOR - ok
10:37:00.0390 6004 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:37:00.0390 6004 usbuhci - ok
10:37:00.0484 6004 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:37:00.0484 6004 usbvideo - ok
10:37:00.0640 6004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:37:00.0640 6004 VgaSave - ok
10:37:00.0734 6004 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:37:00.0734 6004 viaagp - ok
10:37:00.0796 6004 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:37:00.0796 6004 ViaIde - ok
10:37:00.0859 6004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:37:00.0875 6004 VolSnap - ok
10:37:00.0921 6004 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:37:00.0921 6004 Wanarp - ok
10:37:01.0015 6004 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:37:01.0046 6004 Wdf01000 - ok
10:37:01.0125 6004 WDICA - ok
10:37:01.0218 6004 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:37:01.0234 6004 wdmaud - ok
10:37:01.0359 6004 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:37:01.0406 6004 winachsf - ok
10:37:01.0468 6004 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:37:01.0484 6004 WmiAcpi - ok
10:37:01.0546 6004 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:37:01.0562 6004 WS2IFSL - ok
10:37:01.0640 6004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:37:01.0640 6004 WSTCODEC - ok
10:37:01.0796 6004 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:37:01.0796 6004 WudfPf - ok
10:37:01.0906 6004 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:37:01.0921 6004 WudfRd - ok
10:37:01.0968 6004 MBR (0x1B8) (90592680cac722714df57c2b9f49c539) \Device\Harddisk0\DR0
10:37:02.0000 6004 \Device\Harddisk0\DR0 - ok
10:37:02.0015 6004 Boot (0x1200) (49316afa585ca64b17d7a5e9316ec217) \Device\Harddisk0\DR0\Partition0
10:37:02.0015 6004 \Device\Harddisk0\DR0\Partition0 - ok
10:37:02.0015 6004 ============================================================
10:37:02.0015 6004 Scan finished
10:37:02.0015 6004 ============================================================
10:37:02.0031 6008 Detected object count: 0
10:37:02.0031 6008 Actual detected object count: 0

Edited by padiwonLearner, 17 February 2012 - 11:40 AM.

#4 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 17 February 2012 - 12:07 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 10:41:54
-----------------------------
10:41:54.578 OS Version: Windows 5.1.2600 Service Pack 3
10:41:54.578 Number of processors: 2 586 0xF0B
10:41:54.578 ComputerName: LENOVO-1E8ECC6B UserName: [replaced user actual info]
10:41:55.234 Initialize success
10:41:55.984 AVAST engine defs: 12021700
10:42:20.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:42:20.468 Disk 0 Vendor: FUJITSU_ 0084 Size: 114473MB BusType: 3
10:42:20.484 Disk 0 MBR read successfully
10:42:20.500 Disk 0 MBR scan
10:42:20.968 Disk 0 unknown MBR code
10:42:20.984 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 108756 MB offset 63
10:42:21.500 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5714 MB offset 222732720
10:42:21.718 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 234435600
10:42:21.875 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
10:42:21.906 Disk 0 scanning sectors +234441632
10:42:22.812 Disk 0 scanning C:\WINDOWS\system32\drivers
10:42:50.406 Service scanning
10:42:51.859 Modules scanning
10:43:02.703 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:43:04.093 Disk 0 trace - called modules:
10:43:04.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
10:43:04.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b20030]
10:43:04.125 3 CLASSPNP.SYS[f7569fd7] -> nt!IofCallDriver -> \Device\0000009d[0x86b41a28]
10:43:04.125 5 ACPI.sys[f7400620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86b56030]
10:43:04.953 AVAST engine scan C:\WINDOWS
10:43:14.109 AVAST engine scan C:\WINDOWS\system32
10:46:09.703 AVAST engine scan C:\WINDOWS\system32\drivers
10:46:31.171 AVAST engine scan C:\Documents and Settings\[replaced user actual info]
10:51:09.187 AVAST engine scan C:\Documents and Settings\All Users
10:52:55.562 Scan finished successfully
11:04:47.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\[replaced user actual info]\Desktop\[replaced user actual info]\MBR.dat"
11:04:47.968 The log file has been saved successfully to "C:\Documents and Settings\[replaced user actual info]\Desktop\[replaced user actual info]\aswMBR.txt"


Should I click "fix MBR" or just exit?

#5 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 18 February 2012 - 12:14 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#6 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 18 February 2012 - 06:56 PM

screenshot1.jpg attached

Attached File  screenshot1.jpg   141.22K   11 downloads

#7 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 18 February 2012 - 08:13 PM

Hello


Very good - I need you to boot back into GParted and right click on the hidden partition (2.95MB) and select delete


boot back into windows and run aswMBR again for me


gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#8 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 18 February 2012 - 09:06 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-18 19:29:13
-----------------------------
19:29:13.156 OS Version: Windows 5.1.2600 Service Pack 3
19:29:13.156 Number of processors: 2 586 0xF0B
19:29:13.171 ComputerName: LENOVO-1E8ECC6B UserName: [user info replaced]
19:29:17.609 Initialize success
19:29:19.093 AVAST engine defs: 12021802
19:29:22.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:29:22.187 Disk 0 Vendor: FUJITSU_ 0084 Size: 114473MB BusType: 3
19:29:22.281 Disk 0 MBR read successfully
19:29:22.281 Disk 0 MBR scan
19:29:24.171 Disk 0 unknown MBR code
19:29:24.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 108756 MB offset 63
19:29:26.562 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5714 MB offset 222732720
19:29:27.171 Disk 0 scanning sectors +234435600
19:29:28.828 Disk 0 scanning C:\WINDOWS\system32\drivers
19:29:58.312 Service scanning
19:30:00.312 Modules scanning
19:30:10.312 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
19:30:12.312 Disk 0 trace - called modules:
19:30:12.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
19:30:12.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b1e030]
19:30:12.671 3 CLASSPNP.SYS[f7569fd7] -> nt!IofCallDriver -> \Device\0000009d[0x86b2aa28]
19:30:12.671 5 ACPI.sys[f7400620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86aee030]
19:30:14.187 AVAST engine scan C:\WINDOWS
19:30:25.468 AVAST engine scan C:\WINDOWS\system32
19:33:21.703 AVAST engine scan C:\WINDOWS\system32\drivers
19:33:44.843 AVAST engine scan C:\Documents and Settings\[user info replaced]
19:38:45.437 AVAST engine scan C:\Documents and Settings\All Users
19:40:49.171 Scan finished successfully
20:05:23.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\[user info replaced]\Desktop\[user info replaced] Work on PC\MBR.dat"
20:05:23.328 The log file has been saved successfully to "C:\Documents and Settings\[user info replaced]\Desktop\[user info replaced] Work on PC\aswMBR-2.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 18 February 2012 - 09:16 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window: 

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#10 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 18 February 2012 - 10:09 PM

Here is the latest ComboFix log

------------------


ComboFix 12-02-16.02 - [user info replaced] 02/18/2012 20:36:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1006.472 [GMT -6:00]
Running from: c:\documents and settings\[user info replaced]\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\[user info replaced]\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-17 16:32 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-02-15 14:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 14:37 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 14:32 . 2012-02-14 14:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2012-02-14 06:51 . 2012-02-14 06:51 -------- d-----w- c:\documents and settings\[user info replaced]\Application Data\Malwarebytes
2012-02-14 06:50 . 2012-02-14 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-14 06:50 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-14 06:47 . 2012-02-14 06:50 -------- d-----w- c:\program files\Malwarebytes
2012-02-14 06:35 . 2012-02-14 06:35 -------- d-----w- c:\documents and settings\[user info replaced]\Application Data\Corel
2012-02-14 06:35 . 2012-02-14 06:35 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-02-14 06:33 . 2012-02-14 06:36 -------- d-----w- c:\documents and settings\[user info replaced]\Application Data\Ulead Systems
2012-02-14 06:30 . 2012-02-14 06:32 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-02-14 06:27 . 2012-02-14 06:27 -------- d-----w- c:\windows\system32\windows media
2012-02-14 06:27 . 2012-02-14 06:27 -------- d--h--w- c:\windows\msdownld.tmp
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-02-14 06:26 . 2012-02-14 06:26 143360 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\program files\Common Files\Apple
2012-02-14 06:24 . 2012-02-14 06:26 -------- d-----w- c:\program files\QuickTime
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\documents and settings\[user info replaced]\Local Settings\Application Data\Apple Computer
2012-02-14 06:24 . 2012-02-14 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2012-02-14 06:21 . 2012-02-14 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2012-02-14 06:16 . 2012-02-14 06:16 -------- d-----w- c:\program files\Common Files\Protexis
2012-02-14 06:12 . 2012-02-14 06:12 -------- d-----w- c:\program files\Windows Media Components
2012-02-14 06:11 . 2012-02-14 06:15 -------- d-----w- c:\program files\Common Files\Corel
2012-02-14 06:11 . 2012-02-14 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2012-02-14 06:11 . 2012-02-14 06:11 -------- d-----w- c:\program files\Common Files\Ulead Systems
2012-02-14 06:11 . 2012-02-14 06:11 -------- d-----w- c:\program files\Corel
2012-02-14 06:11 . 2007-10-22 09:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2012-02-11 19:17 . 2012-02-11 19:17 -------- d-----w- c:\documents and settings\[user info replaced]\Local Settings\Application Data\WMTools Downloaded Files
2012-01-25 07:01 . 2012-01-25 07:01 -------- d-----w- c:\documents and settings\[user info replaced]\Application Data\InterVideo
2012-01-22 21:54 . 2012-01-22 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-01-22 21:27 . 2012-01-22 22:45 -------- d-----w- c:\documents and settings\[user info replaced]\Application Data\HP
2012-01-22 21:26 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2012-01-22 21:26 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2012-01-22 21:25 . 2009-04-16 20:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2012-01-22 21:25 . 2009-04-16 20:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2012-01-22 21:25 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2012-01-22 21:25 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2012-01-22 21:25 . 2009-02-10 20:03 966656 ----a-r- c:\windows\system32\hpost_p02c.dll
2012-01-22 21:25 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_p02a.dll
2012-01-22 21:25 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-01-22 21:25 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-01-22 21:25 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_p02c.dll
2012-01-22 21:21 . 2012-01-22 21:21 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-22 21:21 . 2012-01-22 21:21 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-22 21:21 . 2012-01-22 21:21 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-22 21:21 . 2012-01-22 21:21 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2006-04-30 06:55 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 14:42 . 2012-01-06 14:42 53248 ----a-r- c:\documents and settings\[user info replaced]\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-01-04 16:19 . 2012-01-04 16:19 980616 ----a-w- c:\program files\SkypeSetup.exe
2011-12-20 16:20 . 2011-12-20 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2011-12-07 19:55 . 2011-12-07 19:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-07 19:55 . 2011-12-07 19:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-07 19:41 . 2011-12-07 19:41 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2011-12-07 19:41 . 2011-12-07 19:42 129784 ----a-w- c:\windows\system32\pxafs.dll
2011-12-07 19:41 . 2011-12-07 19:42 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2011-12-07 19:41 . 2011-12-07 19:42 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2011-12-07 19:41 . 2006-09-27 21:53 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2011-12-07 19:40 . 2011-12-07 19:40 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2011-12-07 19:19 . 2011-12-07 19:19 21393 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-12-07 19:19 . 2011-12-07 19:19 21393 ----a-w- c:\windows\AegisP.sys
2011-11-28 18:01 . 2011-12-20 16:57 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-12-20 16:57 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-12-20 16:59 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2011-12-20 16:58 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-12-20 16:59 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2011-12-20 16:58 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2011-12-20 16:58 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-12-20 16:58 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-12-20 16:58 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-12-20 16:58 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-12-20 16:59 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-12-20 16:58 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-28 17:26 . 2011-12-20 16:57 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-25 21:57 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-01-22 21:21 . 2011-12-19 15:22 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-17_00.37.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-19 01:27 . 2012-02-19 01:27 16384 c:\windows\Temp\Perflib_Perfdata_e84.dat
+ 2012-02-17 03:25 . 2012-02-17 03:25 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
+ 2012-02-18 00:02 . 2011-12-07 22:36 182688 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2012-02-17 03:25 . 2012-02-17 03:25 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\5b2066cece646c758c73a13cca7c82b7\WindowsFormsIntegration.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1bc856ec98668f28b06dc195e6f73603\UIAutomationClient.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f1a00750deae84241a140f4e4233fe71\System.ServiceModel.Routing.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 1057792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\e06dfa0ecf8c6c4f9848eedb9f8db0c5\UIAutomationClientsideProviders.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\f9d4746b5e5edf68c3001feaa0f03893\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 1859584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ce22f267e17c7749c6a0dd2aa3403484\System.Web.Services.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 2011136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\7a9b2475f61a6db6393750142765c5f1\System.Speech.ni.dll
+ 2012-02-17 03:25 . 2012-02-17 03:25 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b663714058d4a0c1fcaa56e4ac223be5\System.ServiceModel.Discovery.ni.dll
+ 2012-02-17 03:24 . 2012-02-17 03:24 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\685616ff1660152acefb312db7061435\System.ServiceModel.Activities.ni.dll
+ 2012-02-17 03:24 . 2012-02-17 03:24 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[user info replaced]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[user info replaced]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[user info replaced]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\[user info replaced]\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-08-21 105616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13549568]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
.
c:\documents and settings\[user info replaced]\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\[user info replaced]\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\[user info replaced]\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [12/20/2011 10:57 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [12/20/2011 10:58 AM 195416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 7:47 PM 19760]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [12/20/2011 10:59 AM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/20/2011 10:58 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/20/2011 10:59 AM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2011 10:59 AM 20568]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [12/20/2011 10:57 AM 127192]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton Utilities\NPROTECT.EXE [12/10/2011 4:33 PM 135168]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 3:26 AM 450848]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [12/7/2011 1:02 PM 81280]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 2:42 PM 35264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 3:26 AM 22176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\135.tmp --> c:\windows\system32\135.tmp [?]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\RICHJE~1\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\mfe_rr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 DQ;DQ;c:\docume~1\RICHJE~1\LOCALS~1\Temp\DQ.exe --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\DQ.exe [?]
S4 ZF;ZF;c:\docume~1\RICHJE~1\LOCALS~1\Temp\ZF.exe --> c:\docume~1\RICHJE~1\LOCALS~1\Temp\ZF.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2012-02-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-07 16:16]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\documents and settings\[user info replaced]\Application Data\Mozilla\Firefox\Profiles\85yzp8xf.default\
FF - prefs.js: browser.startup.homepage - Mindyum.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\135.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(260)
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2012-02-18 21:00:38
ComboFix-quarantined-files.txt 2012-02-19 03:00
ComboFix2.txt 2012-02-17 01:04
.
Pre-Run: 66,797,899,776 bytes free
Post-Run: 66,813,509,632 bytes free
.
- - End Of File - - DC4AC06BB0D2F6CD526A4D5F123EC0B3



Now and then there is blue screen of death, but I am not sure that has anything to do with this rootkit issue.

Appreciate your guidance. We are making progress.

What next?

#11 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 18 February 2012 - 10:15 PM

Hello

How is the computer doing now?



I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#12 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 18 February 2012 - 10:21 PM

32 Bit HP CIO Components Installer
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
avast! Internet Security
BufferChm
C4700
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 4.1
Canon MX410 series MP Drivers
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Client Security Solution
Contents
Corel VideoStudio 2010
Destinations
DeviceDiscovery
DeviceIO
Diskeeper Lite
Dropbox
erLT
FileSync
GPBaseService2
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ICA
IHMC CmapTools v5.04.02
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
IPM_V
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 29
Lenovo Registration
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Maintenance Manager
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MLE
mMHouse
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird 10.0.1 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mWlsSafe
Network
Norton Speed Disk 6.0 for Windows NT
Norton Utilities 2002 for Windows
NVIDIA Drivers
On Screen Display
PC-Doctor 5 for Windows
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
PS_AIO_06_C4700_SW_Min
PureHD
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Setup
Share
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
Sophos Anti-Rootkit 1.5.20
SoundMAX
Status
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VDS10
VIO
Wallpapers
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows XP Service Pack 3
XP Themes
Yahoo! Toolbar

#13 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 18 February 2012 - 11:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 29
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

#14 padiwonLearner

padiwonLearner

    New Member

  • Members
  • Pip
  • 11 posts

Posted 19 February 2012 - 02:47 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rich Jewett :: LENOVO-1E8ECC6B [administrator]

2/19/2012 1:37:06 AM
mbam-log-2012-02-19 (01-37-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197056
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HiJackThis coming next

#15 gringo_pr

gringo_pr

    Bleepin Gringo

  • Malware Response Team
  • PipPipPipPipPipPip
  • 122,838 posts
  • Gender:Male
  • Location:Puerto rico

Posted 19 February 2012 - 02:55 AM

:thumbup2:

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·