Win XP Antivirus 2012

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Win XP Antivirus 2012 Stubborn virus unable to fully remove.

#1 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 16 January 2012 - 09:48 PM

Hello,

I followed the Instructions on this site to remove the Win Xp antivirus 2012 vire/rouge
and am still having an issue where malwarebytes tells me its blocking out going interactions to a website
before installing malwarebytes it was redirecting my firefox to multipel websites.

At this point i have

Run each of the following programs in safe mode, safemode with networking, and normal windows

malwarebytes
AVG antivirus
TDSS killer
spybot S & D
Super anti spyware

not really sure where to go from here any help would be greatly appreciated.

powti.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by enchauel at 22:07:44 on 2012-01-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.525 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.shu.edu/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: System=ziswin.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [iFolder] "c:\program files\ifolder\iFolderApp.exe" -checkautorun
mRun: [TpShocks] TpShocks.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NalView.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\web2~1\office12\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173732012937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{515EAFCB-2935-4A1D-BE11-95D6E6B96EDB} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: LMIinit - LMIinit.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli ACGina psqlpwd ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 149.150.209.1 mail01a
Hosts: 149.150.209.2 mail01b
Hosts: 149.150.209.5 mail05a
Hosts: 149.150.209.6 mail05b
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\s6mm22zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shu.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-3-16 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [1980-1-1 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-7 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-13 652872]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2007-3-16 49152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-6 24652]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2007-3-12 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-13 20464]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 gupdate1ca349eacfc099a;Google Update Service (gupdate1ca349eacfc099a);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-01-14 21:36:02 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-14 21:35:59 -------- d-----w- c:\program files\Trend Micro
2012-01-14 18:43:04 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-01-14 18:42:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 18:42:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-14 03:13:00 -------- d-----w- c:\documents and settings\user\application data\AVG2012
2012-01-14 03:12:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-14 03:11:10 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-14 03:11:10 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-01-14 03:09:44 -------- d-----w- c:\program files\AVG
2012-01-14 03:04:14 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-13 05:25:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 05:25:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 03:57:48 -------- d--h--w- C:\$AVG
2012-01-07 12:19:23 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn
2012-01-07 12:08:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-07 12:08:39 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-01-07 12:08:39 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-07 12:08:39 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-07 12:08:25 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-07 12:08:19 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2012-01-07 12:07:53 -------- d-----w- c:\program files\LogMeIn
2012-01-07 12:05:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Deployment
2012-01-01 02:15:17 -------- d-----w- c:\windows\CtDrvInstall
2012-01-01 02:15:14 24576 ----a-r- c:\windows\system32\P0620Aor.dll
2012-01-01 02:11:42 24576 ------w- c:\windows\system32\CTWEBFUN.DLL
2011-12-31 01:43:59 36864 ------w- c:\windows\system32\CTCamMgr.dll
2011-12-31 01:43:26 -------- d-----w- c:\program files\Creative
2011-12-31 01:42:30 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-12-31 01:42:30 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-12-31 01:42:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-12-31 01:42:30 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-12-31 01:42:30 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-12-31 01:42:29 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-12-31 01:42:28 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-12-23 04:42:48 -------- d-----w- c:\program files\Yahoo!
2011-12-22 02:36:13 -------- d-----w- c:\documents and settings\user\application data\Trillian
2011-12-19 22:59:03 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-21 00:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 22:45:39 256 ----a-w- c:\windows\system32\pool.bin
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\packager.exe
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:09:33.82 ===============
ng logs because i didnt read the guide first

edited to remove gmer report is huge will post if requested

EDIT: Posts merged ~Budapest

Attached File(s)

attach.txt (27.28K)
Number of downloads: 2

This post has been edited by Budapest: 18 January 2012 - 08:08 PM

#2 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 19 January 2012 - 09:11 AM

Hi,

Please do the following:

Please download aswMBR.exe and save it to your desktop.
Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
- Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
- You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#3 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 19 January 2012 - 10:00 PM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 21:02:44
-----------------------------
21:02:44.937 OS Version: Windows 5.1.2600 Service Pack 3
21:02:44.937 Number of processors: 2 586 0xF06
21:02:44.937 ComputerName: L32C1T5 UserName:
21:02:46.859 Initialize success
21:04:24.937 AVAST engine defs: 12011902
21:13:12.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:13:12.718 Disk 0 Vendor: HITACHI_ SBDI Size: 114473MB BusType: 3
21:13:12.750 Disk 0 MBR read successfully
21:13:12.750 Disk 0 MBR scan
21:13:12.796 Disk 0 unknown MBR code
21:13:12.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
21:13:12.812 Disk 0 scanning sectors +234435600
21:13:12.921 Disk 0 scanning C:\WINDOWS\system32\drivers
21:13:26.515 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
21:13:40.515 Disk 0 trace - called modules:
21:13:40.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
21:13:40.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a8ab8]
21:13:40.562 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a4[0x8a8c4b68]
21:13:41.078 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a871030]
21:13:41.953 AVAST engine scan C:\WINDOWS
21:14:01.843 AVAST engine scan C:\WINDOWS\system32
21:16:44.265 AVAST engine scan C:\WINDOWS\system32\drivers
21:16:54.359 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Aluroot-B [Rtk]
21:17:05.687 AVAST engine scan C:\Documents and Settings\User
21:20:33.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
21:20:33.796 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
21:30:16.000 AVAST engine scan C:\Documents and Settings\All Users
21:36:21.203 Scan finished successfully
21:57:40.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
21:57:40.562 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Attached File(s)

MBR.zip (481bytes)
Number of downloads: 0

#4 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 19 January 2012 - 10:03 PM

Hi,

Please do the following:

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#5 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 20 January 2012 - 01:04 AM

22:19:15.0406 5936 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:19:15.0734 5936 ============================================================
22:19:15.0734 5936 Current date / time: 2012/01/19 22:19:15.0734
22:19:15.0734 5936 SystemInfo:
22:19:15.0734 5936
22:19:15.0734 5936 OS Version: 5.1.2600 ServicePack: 3.0
22:19:15.0734 5936 Product type: Workstation
22:19:15.0734 5936 ComputerName: L32C1T5
22:19:15.0734 5936 UserName: enchauel
22:19:15.0734 5936 Windows directory: C:\WINDOWS
22:19:15.0734 5936 System windows directory: C:\WINDOWS
22:19:15.0734 5936 Processor architecture: Intel x86
22:19:15.0734 5936 Number of processors: 2
22:19:15.0734 5936 Page size: 0x1000
22:19:15.0734 5936 Boot type: Normal boot
22:19:15.0734 5936 ============================================================
22:19:16.0062 5936 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:19:16.0109 5936 Initialize success
22:19:17.0406 6124 ============================================================
22:19:17.0406 6124 Scan started
22:19:17.0406 6124 Mode: Manual;
22:19:17.0406 6124 ============================================================
22:19:17.0906 6124 Abiosdsk - ok
22:19:17.0953 6124 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:19:17.0953 6124 abp480n5 - ok
22:19:17.0984 6124 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:19:17.0984 6124 ac97intc - ok
22:19:18.0093 6124 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:19:18.0093 6124 ACPI - ok
22:19:18.0109 6124 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:19:18.0109 6124 ACPIEC - ok
22:19:18.0187 6124 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:19:18.0187 6124 ADIHdAudAddService - ok
22:19:18.0250 6124 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:19:18.0250 6124 adpu160m - ok
22:19:18.0390 6124 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
22:19:18.0406 6124 AEAudioService - ok
22:19:18.0468 6124 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:19:18.0468 6124 aec - ok
22:19:18.0531 6124 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
22:19:18.0531 6124 Afc - ok
22:19:18.0593 6124 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:19:18.0593 6124 AFD - ok
22:19:18.0656 6124 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:19:18.0656 6124 agp440 - ok
22:19:18.0687 6124 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:19:18.0687 6124 agpCPQ - ok
22:19:18.0859 6124 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:19:18.0859 6124 Aha154x - ok
22:19:18.0890 6124 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:19:18.0890 6124 aic78u2 - ok
22:19:18.0921 6124 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:19:18.0921 6124 aic78xx - ok
22:19:18.0953 6124 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:19:18.0968 6124 AliIde - ok
22:19:19.0031 6124 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:19:19.0031 6124 alim1541 - ok
22:19:19.0062 6124 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:19:19.0062 6124 amdagp - ok
22:19:19.0250 6124 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:19:19.0250 6124 amsint - ok
22:19:19.0296 6124 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
22:19:19.0296 6124 ANC - ok
22:19:19.0406 6124 AR5211 (bd4a059b937a64f403e693dcaa26fe38) C:\WINDOWS\system32\DRIVERS\ar5211.sys
22:19:19.0406 6124 AR5211 - ok
22:19:19.0500 6124 AR5416 (182cdb8234456b1a4413b88fdcc0a893) C:\WINDOWS\system32\DRIVERS\ar5416.sys
22:19:19.0515 6124 AR5416 - ok
22:19:19.0687 6124 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:19:19.0687 6124 asc - ok
22:19:19.0718 6124 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:19:19.0718 6124 asc3350p - ok
22:19:19.0750 6124 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:19:19.0750 6124 asc3550 - ok
22:19:19.0812 6124 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:19:19.0812 6124 AsyncMac - ok
22:19:19.0859 6124 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:19:19.0875 6124 atapi - ok
22:19:19.0875 6124 Atdisk - ok
22:19:20.0031 6124 ati2mtag (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:19:20.0046 6124 ati2mtag - ok
22:19:20.0218 6124 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:19:20.0218 6124 Atmarpc - ok
22:19:20.0281 6124 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
22:19:20.0281 6124 atmeltpm - ok
22:19:20.0296 6124 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:19:20.0296 6124 audstub - ok
22:19:20.0390 6124 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:19:20.0390 6124 AVGIDSDriver - ok
22:19:20.0437 6124 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:19:20.0437 6124 AVGIDSEH - ok
22:19:20.0468 6124 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:19:20.0468 6124 AVGIDSFilter - ok
22:19:20.0484 6124 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:19:20.0500 6124 AVGIDSShim - ok
22:19:20.0656 6124 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:19:20.0671 6124 Avgldx86 - ok
22:19:20.0734 6124 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:19:20.0734 6124 Avgmfx86 - ok
22:19:20.0750 6124 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:19:20.0765 6124 Avgrkx86 - ok
22:19:20.0796 6124 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:19:20.0796 6124 Avgtdix - ok
22:19:20.0875 6124 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:19:20.0875 6124 Beep - ok
22:19:20.0890 6124 BlankScr (0d266f08aed52d9b17b3c61be01dd576) C:\WINDOWS\system32\drivers\BlankScr.sys
22:19:20.0890 6124 BlankScr - ok
22:19:21.0062 6124 btaudio (f5ad2f8f69445fdf21f0f6ae4da098aa) C:\WINDOWS\system32\drivers\btaudio.sys
22:19:21.0078 6124 btaudio - ok
22:19:21.0125 6124 BTDriver (ae2ae6a32b9450bca89ff71dd148faa5) C:\WINDOWS\system32\DRIVERS\btport.sys
22:19:21.0125 6124 BTDriver - ok
22:19:21.0250 6124 BTKRNL (7512c4f3f408dd9804500e275517a758) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:19:21.0265 6124 BTKRNL - ok
22:19:21.0437 6124 BTWDNDIS (e83259c865ab76c166759951a56e39c8) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:19:21.0453 6124 BTWDNDIS - ok
22:19:21.0484 6124 BTWUSB (eb68b380da558ba4f5d54519ec734dc9) C:\WINDOWS\system32\Drivers\btwusb.sys
22:19:21.0484 6124 BTWUSB - ok
22:19:21.0531 6124 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:19:21.0546 6124 cbidf - ok
22:19:21.0562 6124 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:19:21.0562 6124 cbidf2k - ok
22:19:21.0625 6124 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:19:21.0625 6124 CCDECODE - ok
22:19:21.0703 6124 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:19:21.0703 6124 cd20xrnt - ok
22:19:21.0750 6124 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:19:21.0765 6124 Cdaudio - ok
22:19:21.0921 6124 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:19:21.0937 6124 Cdfs - ok
22:19:21.0953 6124 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:19:21.0953 6124 Cdrom - ok
22:19:21.0968 6124 Changer - ok
22:19:22.0125 6124 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:19:22.0140 6124 CmBatt - ok
22:19:22.0187 6124 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:19:22.0187 6124 CmdIde - ok
22:19:22.0265 6124 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:19:22.0265 6124 Compbatt - ok
22:19:22.0312 6124 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:19:22.0312 6124 Cpqarray - ok
22:19:22.0375 6124 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:19:22.0375 6124 dac2w2k - ok
22:19:22.0531 6124 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:19:22.0531 6124 dac960nt - ok
22:19:22.0578 6124 Darpan (566cca06fb1b98dff3e9eea563b6334e) C:\WINDOWS\system32\DRIVERS\Darpan.sys
22:19:22.0578 6124 Darpan - ok
22:19:22.0656 6124 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:19:22.0656 6124 Disk - ok
22:19:22.0781 6124 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:19:22.0796 6124 DLABOIOM - ok
22:19:22.0921 6124 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:19:22.0921 6124 DLACDBHM - ok
22:19:23.0000 6124 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:19:23.0000 6124 DLADResN - ok
22:19:23.0015 6124 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:19:23.0031 6124 DLAIFS_M - ok
22:19:23.0031 6124 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:19:23.0046 6124 DLAOPIOM - ok
22:19:23.0062 6124 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:19:23.0062 6124 DLAPoolM - ok
22:19:23.0093 6124 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:19:23.0109 6124 DLARTL_N - ok
22:19:23.0125 6124 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:19:23.0125 6124 DLAUDFAM - ok
22:19:23.0171 6124 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:19:23.0171 6124 DLAUDF_M - ok
22:19:23.0281 6124 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:19:23.0281 6124 dmboot - ok
22:19:23.0484 6124 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:19:23.0484 6124 dmio - ok
22:19:23.0531 6124 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:19:23.0531 6124 dmload - ok
22:19:23.0578 6124 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:19:23.0578 6124 DMusic - ok
22:19:23.0640 6124 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:19:23.0640 6124 dpti2o - ok
22:19:23.0656 6124 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:19:23.0656 6124 drmkaud - ok
22:19:23.0671 6124 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:19:23.0687 6124 DRVMCDB - ok
22:19:23.0703 6124 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:19:23.0703 6124 DRVNDDM - ok
22:19:23.0734 6124 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:19:23.0734 6124 E100B - ok
22:19:23.0812 6124 e1express (27f19c1cd70ebe00817c1eefc5239de1) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:19:23.0828 6124 e1express - ok
22:19:23.0968 6124 EagleNT - ok
22:19:24.0046 6124 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:19:24.0046 6124 Fastfat - ok
22:19:24.0078 6124 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:19:24.0078 6124 Fdc - ok
22:19:24.0125 6124 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:19:24.0125 6124 Fips - ok
22:19:24.0156 6124 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:19:24.0156 6124 Flpydisk - ok
22:19:24.0218 6124 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:19:24.0218 6124 FltMgr - ok
22:19:24.0421 6124 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:19:24.0421 6124 Fs_Rec - ok
22:19:24.0484 6124 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:19:24.0484 6124 Ftdisk - ok
22:19:24.0546 6124 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:19:24.0546 6124 GEARAspiWDM - ok
22:19:24.0609 6124 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:19:24.0609 6124 Gpc - ok
22:19:24.0718 6124 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:19:24.0718 6124 HDAudBus - ok
22:19:24.0906 6124 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:19:24.0906 6124 HidUsb - ok
22:19:24.0953 6124 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:19:24.0968 6124 hpn - ok
22:19:25.0015 6124 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:19:25.0031 6124 HSFHWAZL - ok
22:19:25.0109 6124 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:19:25.0125 6124 HSF_DPV - ok
22:19:25.0343 6124 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
22:19:25.0343 6124 HSXHWAZL - ok
22:19:25.0437 6124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:19:25.0437 6124 HTTP - ok
22:19:25.0500 6124 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:19:25.0500 6124 i2omgmt - ok
22:19:25.0531 6124 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:19:25.0531 6124 i2omp - ok
22:19:25.0578 6124 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:19:25.0593 6124 i8042prt - ok
22:19:25.0656 6124 iaStor (865fec2d85069fd180ea75049829a7a2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:19:25.0671 6124 iaStor - ok
22:19:25.0906 6124 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
22:19:25.0906 6124 IBMPMDRV - ok
22:19:25.0953 6124 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
22:19:25.0953 6124 IBMTPCHK - ok
22:19:26.0015 6124 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:19:26.0015 6124 Imapi - ok
22:19:26.0109 6124 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:19:26.0109 6124 ini910u - ok
22:19:26.0140 6124 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:19:26.0140 6124 IntelIde - ok
22:19:26.0203 6124 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:19:26.0203 6124 intelppm - ok
22:19:26.0406 6124 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:19:26.0406 6124 Ip6Fw - ok
22:19:26.0484 6124 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:19:26.0484 6124 IpFilterDriver - ok
22:19:26.0531 6124 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:19:26.0531 6124 IpInIp - ok
22:19:26.0578 6124 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:19:26.0578 6124 IpNat - ok
22:19:26.0640 6124 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:19:26.0640 6124 IPSec - ok
22:19:26.0875 6124 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
22:19:26.0890 6124 irda - ok
22:19:26.0984 6124 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:19:26.0984 6124 IRENUM - ok
22:19:27.0109 6124 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:19:27.0109 6124 isapnp - ok
22:19:27.0140 6124 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
22:19:27.0140 6124 Iviaspi - ok
22:19:27.0203 6124 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:19:27.0203 6124 Kbdclass - ok
22:19:27.0234 6124 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:19:27.0234 6124 kmixer - ok
22:19:27.0359 6124 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:19:27.0359 6124 KSecDD - ok
22:19:27.0500 6124 lbrtfdc - ok
22:19:27.0640 6124 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
22:19:27.0640 6124 LMIInfo - ok
22:19:27.0703 6124 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:19:27.0703 6124 lmimirr - ok
22:19:27.0718 6124 LMIRfsClientNP - ok
22:19:27.0781 6124 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:19:27.0781 6124 LMIRfsDriver - ok
22:19:27.0890 6124 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:19:27.0890 6124 MBAMProtector - ok
22:19:28.0125 6124 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:19:28.0125 6124 mdmxsdk - ok
22:19:28.0156 6124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:19:28.0156 6124 mnmdd - ok
22:19:28.0218 6124 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:19:28.0218 6124 Modem - ok
22:19:28.0234 6124 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:19:28.0234 6124 Mouclass - ok
22:19:28.0296 6124 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:19:28.0296 6124 mouhid - ok
22:19:28.0312 6124 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:19:28.0312 6124 MountMgr - ok
22:19:28.0359 6124 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:19:28.0359 6124 mraid35x - ok
22:19:28.0468 6124 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:19:28.0468 6124 MRxDAV - ok
22:19:28.0687 6124 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:19:28.0687 6124 Msfs - ok
22:19:28.0718 6124 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:19:28.0718 6124 MSKSSRV - ok
22:19:28.0765 6124 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:19:28.0765 6124 MSPCLOCK - ok
22:19:28.0812 6124 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:19:28.0812 6124 MSPQM - ok
22:19:28.0843 6124 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:19:28.0859 6124 mssmbios - ok
22:19:29.0062 6124 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:19:29.0062 6124 MSTEE - ok
22:19:29.0140 6124 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:19:29.0140 6124 Mup - ok
22:19:29.0187 6124 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:19:29.0187 6124 NABTSFEC - ok
22:19:29.0281 6124 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:19:29.0281 6124 NDIS - ok
22:19:29.0328 6124 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:19:29.0328 6124 NdisIP - ok
22:19:29.0531 6124 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:19:29.0546 6124 NdisTapi - ok
22:19:29.0593 6124 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:19:29.0593 6124 Ndisuio - ok
22:19:29.0609 6124 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:19:29.0609 6124 NdisWan - ok
22:19:29.0687 6124 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:19:29.0687 6124 NDProxy - ok
22:19:29.0718 6124 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:19:29.0718 6124 NetBIOS - ok
22:19:29.0750 6124 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:19:29.0750 6124 NetBT - ok
22:19:29.0875 6124 NetwareWorkstation (9152b3a38ad0147eae4342281ae65883) C:\WINDOWS\system32\NetWare\nwfs.sys
22:19:29.0875 6124 NetwareWorkstation - ok
22:19:30.0093 6124 NICM (c501404558ea82e8a875de6331f0748d) C:\WINDOWS\system32\drivers\nicm.sys
22:19:30.0093 6124 NICM - ok
22:19:30.0125 6124 nipplpt2 (99341b1bddf4b9a6aa0b673bab0530be) C:\WINDOWS\system32\drivers\nipplpt.sys
22:19:30.0125 6124 nipplpt2 - ok
22:19:30.0156 6124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:19:30.0156 6124 Npfs - ok
22:19:30.0203 6124 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
22:19:30.0203 6124 NSCIRDA - ok
22:19:30.0250 6124 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:19:30.0265 6124 Ntfs - ok
22:19:30.0328 6124 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:19:30.0328 6124 Null - ok
22:19:30.0437 6124 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:19:30.0468 6124 nv - ok
22:19:30.0656 6124 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys
22:19:30.0656 6124 NWDHCP - ok
22:19:30.0687 6124 NWDNS (6327cec99fd740dd1cff11a047789bcc) C:\WINDOWS\system32\NetWare\nwdns.sys
22:19:30.0687 6124 NWDNS - ok
22:19:30.0734 6124 NWFILTER (7bbf493e2b4979312fa5b350fcf5a4c4) C:\WINDOWS\system32\NetWare\nwfilter.sys
22:19:30.0734 6124 NWFILTER - ok
22:19:30.0796 6124 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys
22:19:30.0812 6124 NWHOST - ok
22:19:30.0906 6124 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:19:30.0906 6124 NwlnkFlt - ok
22:19:31.0046 6124 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:19:31.0062 6124 NwlnkFwd - ok
22:19:31.0125 6124 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
22:19:31.0125 6124 NWSAP - ok
22:19:31.0203 6124 NWSIPX32 (0c19ea7bf54f23ef37d8a14c61f64891) C:\WINDOWS\system32\NetWare\nwsipx32.sys
22:19:31.0203 6124 NWSIPX32 - ok
22:19:31.0265 6124 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys
22:19:31.0265 6124 NWSLP - ok
22:19:31.0281 6124 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys
22:19:31.0281 6124 NWSNS - ok
22:19:31.0421 6124 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:19:31.0421 6124 Parport - ok
22:19:31.0562 6124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:19:31.0562 6124 PartMgr - ok
22:19:31.0609 6124 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:19:31.0609 6124 ParVdm - ok
22:19:31.0625 6124 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:19:31.0640 6124 PCI - ok
22:19:31.0656 6124 PCIDump - ok
22:19:31.0703 6124 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:19:31.0703 6124 PCIIde - ok
22:19:31.0718 6124 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:19:31.0734 6124 Pcmcia - ok
22:19:31.0796 6124 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
22:19:31.0796 6124 PD0620VID - ok
22:19:31.0812 6124 PDCOMP - ok
22:19:31.0828 6124 PDFRAME - ok
22:19:31.0843 6124 PDRELI - ok
22:19:31.0859 6124 PDRFRAME - ok
22:19:31.0906 6124 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:19:31.0906 6124 perc2 - ok
22:19:31.0984 6124 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:19:32.0000 6124 perc2hib - ok
22:19:32.0234 6124 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
22:19:32.0234 6124 PMEM - ok
22:19:32.0296 6124 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:19:32.0296 6124 PptpMiniport - ok
22:19:32.0312 6124 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
22:19:32.0312 6124 PROCDD - ok
22:19:32.0343 6124 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:19:32.0359 6124 Processor - ok
22:19:32.0406 6124 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
22:19:32.0406 6124 psadd - ok
22:19:32.0421 6124 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:19:32.0437 6124 PSched - ok
22:19:32.0453 6124 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:19:32.0453 6124 Ptilink - ok
22:19:32.0500 6124 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:19:32.0500 6124 PxHelp20 - ok
22:19:32.0718 6124 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:19:32.0718 6124 ql1080 - ok
22:19:32.0796 6124 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:19:32.0796 6124 Ql10wnt - ok
22:19:32.0843 6124 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:19:32.0843 6124 ql12160 - ok
22:19:32.0875 6124 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:19:32.0875 6124 ql1240 - ok
22:19:32.0921 6124 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:19:32.0921 6124 ql1280 - ok
22:19:32.0968 6124 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:19:32.0968 6124 RasAcd - ok
22:19:33.0187 6124 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:19:33.0187 6124 Rasirda - ok
22:19:33.0234 6124 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:19:33.0234 6124 Rasl2tp - ok
22:19:33.0250 6124 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:19:33.0250 6124 RasPppoe - ok
22:19:33.0296 6124 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:19:33.0296 6124 Raspti - ok
22:19:33.0328 6124 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:19:33.0343 6124 Rdbss - ok
22:19:33.0359 6124 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:19:33.0359 6124 RDPCDD - ok
22:19:33.0375 6124 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:19:33.0390 6124 rdpdr - ok
22:19:33.0437 6124 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:19:33.0437 6124 RDPWD - ok
22:19:33.0484 6124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:19:33.0484 6124 redbook - ok
22:19:33.0625 6124 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys
22:19:33.0625 6124 RESMGR - ok
22:19:33.0796 6124 RimUsb - ok
22:19:33.0859 6124 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:19:33.0859 6124 RimVSerPort - ok
22:19:33.0890 6124 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:19:33.0890 6124 ROOTMODEM - ok
22:19:34.0078 6124 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:19:34.0078 6124 SASDIFSV - ok
22:19:34.0109 6124 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:19:34.0109 6124 SASKUTIL - ok
22:19:34.0156 6124 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:19:34.0156 6124 Secdrv - ok
22:19:34.0375 6124 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:19:34.0375 6124 serenum - ok
22:19:34.0421 6124 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:19:34.0421 6124 Serial - ok
22:19:34.0453 6124 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:19:34.0453 6124 Sfloppy - ok
22:19:34.0531 6124 Shockprf (e22ef09693396bfeda7edc47b6c16e26) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
22:19:34.0531 6124 Shockprf - ok
22:19:34.0546 6124 Simbad - ok
22:19:34.0593 6124 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:19:34.0593 6124 sisagp - ok
22:19:34.0796 6124 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:19:34.0796 6124 SLIP - ok
22:19:34.0890 6124 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
22:19:34.0890 6124 Smapint - ok
22:19:35.0015 6124 smihlp2 (30f3bd4007ac9916b18a79a4c2985a08) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
22:19:35.0015 6124 smihlp2 - ok
22:19:35.0062 6124 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:19:35.0062 6124 Sparrow - ok
22:19:35.0125 6124 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:19:35.0125 6124 splitter - ok
22:19:35.0156 6124 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:19:35.0156 6124 sr - ok
22:19:35.0375 6124 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:19:35.0390 6124 Srv - ok
22:19:35.0515 6124 SRVLOC (21d0242d37ab7b275261ed030adaaad5) C:\WINDOWS\system32\NetWare\srvloc.sys
22:19:35.0515 6124 SRVLOC - ok
22:19:35.0625 6124 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:19:35.0625 6124 streamip - ok
22:19:35.0671 6124 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:19:35.0671 6124 swenum - ok
22:19:35.0796 6124 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:19:35.0796 6124 swmidi - ok
22:19:35.0906 6124 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:19:35.0906 6124 symc810 - ok
22:19:35.0953 6124 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:19:35.0953 6124 symc8xx - ok
22:19:36.0031 6124 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:19:36.0031 6124 sym_hi - ok
22:19:36.0062 6124 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:19:36.0062 6124 sym_u3 - ok
22:19:36.0125 6124 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:19:36.0125 6124 SynTP - ok
22:19:36.0187 6124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:19:36.0187 6124 sysaudio - ok
22:19:36.0359 6124 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:19:36.0375 6124 Tcpip - ok
22:19:36.0484 6124 TcUsb (125f5adc14839b4afd31cc581629d2b3) C:\WINDOWS\system32\Drivers\tcusb.sys
22:19:36.0484 6124 TcUsb - ok
22:19:36.0515 6124 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:19:36.0515 6124 TDPIPE - ok
22:19:36.0562 6124 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
22:19:36.0562 6124 TDSMAPI - ok
22:19:36.0625 6124 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:19:36.0625 6124 TDTCP - ok
22:19:36.0734 6124 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:19:36.0734 6124 TermDD - ok
22:19:36.0890 6124 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:19:36.0890 6124 TosIde - ok
22:19:36.0953 6124 TPDIGIMN (a44928f04032d49a6c2e151f869fb152) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
22:19:36.0953 6124 TPDIGIMN - ok
22:19:37.0000 6124 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
22:19:37.0015 6124 TPHKDRV - ok
22:19:37.0046 6124 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
22:19:37.0046 6124 TPPWRIF - ok
22:19:37.0234 6124 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
22:19:37.0234 6124 TSMAPIP - ok
22:19:37.0343 6124 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
22:19:37.0343 6124 tvtfilter - ok
22:19:37.0375 6124 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
22:19:37.0375 6124 TVTI2C - ok
22:19:37.0453 6124 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
22:19:37.0453 6124 TVTPktFilter - ok
22:19:37.0484 6124 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
22:19:37.0500 6124 TwoTrack - ok
22:19:37.0546 6124 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:19:37.0546 6124 Udfs - ok
22:19:37.0640 6124 UIUSys - ok
22:19:37.0750 6124 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:19:37.0750 6124 ultra - ok
22:19:37.0843 6124 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:19:37.0843 6124 Update - ok
22:19:37.0921 6124 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:19:37.0921 6124 usbccgp - ok
22:19:37.0968 6124 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:19:37.0968 6124 usbehci - ok
22:19:38.0109 6124 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:19:38.0109 6124 usbhub - ok
22:19:38.0187 6124 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:19:38.0203 6124 usbprint - ok
22:19:38.0218 6124 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:19:38.0218 6124 usbscan - ok
22:19:38.0265 6124 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:19:38.0265 6124 USBSTOR - ok
22:19:38.0312 6124 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:19:38.0312 6124 usbuhci - ok
22:19:38.0328 6124 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:19:38.0328 6124 VgaSave - ok
22:19:38.0390 6124 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:19:38.0390 6124 viaagp - ok
22:19:38.0531 6124 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:19:38.0546 6124 ViaIde - ok
22:19:38.0640 6124 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:19:38.0640 6124 VolSnap - ok
22:19:38.0703 6124 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:19:38.0718 6124 Wanarp - ok
22:19:38.0734 6124 WDICA - ok
22:19:38.0750 6124 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:19:38.0765 6124 wdmaud - ok
22:19:38.0859 6124 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:19:38.0875 6124 winachsf - ok
22:19:39.0125 6124 WNTHW (c214dd6d6905f01fe3e0a2c334e2244e) C:\WINDOWS\system32\DRIVERS\WNTHW.SYS
22:19:39.0125 6124 WNTHW - ok
22:19:39.0218 6124 WSIMD (2ea107f535b0b7bfb1d8d6bd79325dbb) C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:19:39.0218 6124 WSIMD - ok
22:19:39.0265 6124 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:19:39.0281 6124 WSTCODEC - ok
22:19:39.0328 6124 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:19:39.0328 6124 WudfPf - ok
22:19:39.0375 6124 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:19:39.0375 6124 WudfRd - ok
22:19:39.0453 6124 MBR (0x1B8) (d8b7fa1dfce288420b9f89738e22c57a) \Device\Harddisk0\DR0
22:19:39.0484 6124 \Device\Harddisk0\DR0 - ok
22:19:39.0500 6124 Boot (0x1200) (e70b747f08c3a1388895b636e3c5280b) \Device\Harddisk0\DR0\Partition0
22:19:39.0500 6124 \Device\Harddisk0\DR0\Partition0 - ok
22:19:39.0500 6124 ============================================================
22:19:39.0500 6124 Scan finished
22:19:39.0500 6124 ============================================================
22:19:39.0515 5256 Detected object count: 0
22:19:39.0515 5256 Actual detected object count: 0
22:19:47.0093 1944 Deinitialize success

ComboFix 12-01-19.02 - enchauel 01/19/2012 22:42:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
c:\windows\$NtUninstallKB52741$
c:\windows\$NtUninstallKB52741$\1675910962
c:\windows\$NtUninstallKB52741$\2865063104\@
c:\windows\$NtUninstallKB52741$\2865063104\bckfg.tmp
c:\windows\$NtUninstallKB52741$\2865063104\cfg.ini
c:\windows\$NtUninstallKB52741$\2865063104\Desktop.ini
c:\windows\$NtUninstallKB52741$\2865063104\keywords
c:\windows\$NtUninstallKB52741$\2865063104\kwrd.dll
c:\windows\$NtUninstallKB52741$\2865063104\L\hevodexp
c:\windows\$NtUninstallKB52741$\2865063104\lsflt7.ver
c:\windows\$NtUninstallKB52741$\2865063104\U\00000001.@
c:\windows\$NtUninstallKB52741$\2865063104\U\00000002.@
c:\windows\$NtUninstallKB52741$\2865063104\U\00000004.@
c:\windows\$NtUninstallKB52741$\2865063104\U\80000000.@
c:\windows\$NtUninstallKB52741$\2865063104\U\80000004.@
c:\windows\$NtUninstallKB52741$\2865063104\U\80000032.@
c:\windows\system32\NWGINA.DLL
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\spool\prtprocs\w32x86\PSS04556.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS057BC.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS09351.DLL
c:\windows\system32\spool\prtprocs\w32x86\PSS09352.DLL
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it

.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-14 21:36 . 2012-01-14 21:36 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 21:35 . 2012-01-14 21:35 -------- d-----w- c:\program files\Trend Micro
2012-01-14 18:43 . 2012-01-14 18:43 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-01-14 18:42 . 2012-01-14 18:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 18:42 . 2012-01-14 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-14 03:13 . 2012-01-14 03:13 -------- d-----w- c:\documents and settings\User\Application Data\AVG2012
2012-01-14 03:12 . 2012-01-14 03:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-14 03:11 . 2012-01-20 01:56 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-14 03:11 . 2012-01-13 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-14 03:09 . 2012-01-14 03:09 -------- d-----w- c:\program files\AVG
2012-01-14 03:04 . 2012-01-20 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-13 05:25 . 2012-01-13 05:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 05:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 03:57 . 2012-01-13 03:57 -------- d-----w- C:\$AVG
2012-01-13 02:33 . 2012-01-13 02:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-10 23:54 . 2012-01-10 23:54 -------- d-----w- c:\documents and settings\User\Application Data\Creative
2012-01-07 12:19 . 2012-01-07 12:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogMeIn
2012-01-07 12:08 . 2011-12-07 23:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-07 12:08 . 2011-12-07 23:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-07 12:08 . 2011-12-07 23:22 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-07 12:08 . 2011-09-16 19:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-07 12:08 . 2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-07 12:08 . 2012-01-20 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2012-01-07 12:07 . 2012-01-10 23:38 -------- d-----w- c:\program files\LogMeIn
2012-01-07 12:05 . 2012-01-07 12:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2012-01-02 20:57 . 2012-01-02 20:57 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-01 02:15 . 2012-01-01 02:15 -------- d-----w- c:\windows\CtDrvInstall
2012-01-01 02:15 . 2005-05-10 17:00 24576 ----a-r- c:\windows\system32\P0620Aor.dll
2012-01-01 02:11 . 2005-03-14 17:00 24576 ------w- c:\windows\system32\CTWEBFUN.DLL
2011-12-31 01:43 . 2005-03-31 06:06 36864 ------w- c:\windows\system32\CTCamMgr.dll
2011-12-31 01:43 . 2012-01-01 02:12 -------- d-----w- c:\program files\Creative
2011-12-31 01:42 . 2003-11-10 23:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-12-31 01:42 . 2003-11-10 23:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-12-31 01:42 . 2003-11-10 23:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-12-31 01:42 . 2003-11-10 23:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-12-31 01:42 . 2003-11-10 23:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-12-31 01:42 . 2011-12-31 01:42 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-12-31 01:42 . 2011-12-31 01:42 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-12-31 01:37 . 2011-12-31 02:58 -------- d-----w- c:\documents and settings\User\Application Data\U3
2011-12-23 04:44 . 2011-12-23 04:44 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2011-12-23 04:44 . 2012-01-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-12-23 04:42 . 2012-01-01 02:23 -------- d-----w- c:\program files\Yahoo!
2011-12-22 02:36 . 2011-12-22 02:36 -------- d-----w- c:\documents and settings\User\Application Data\Trillian
2011-12-22 02:35 . 2011-12-23 04:43 -------- d-----w- c:\program files\Trillian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 1980-01-01 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 1980-01-01 08:00 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-21 00:20 . 2011-10-29 18:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 1980-01-01 08:00 60416 ------w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 1980-01-01 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 1980-01-01 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 1980-01-01 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 1980-01-01 08:00 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 1980-01-01 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 1980-01-01 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 1980-01-01 08:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 1980-01-01 08:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-21 07:24 . 2012-01-17 03:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]
@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]
2005-12-13 18:16 21504 ------w- c:\program files\iFolder\iFolderShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]
@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]
2005-12-13 18:16 21504 ------w- c:\program files\iFolder\iFolderShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"Akamai NetSession Interface"="c:\documents and settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-23 3334432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-27 120368]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 208896]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-19 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-10-19 69632]
"iFolder"="c:\program files\iFolder\iFolderApp.exe" [2005-12-13 983040]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2007-08-30 205480]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-20 273528]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2005-8-1 35840]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-14 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-05 417792]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-10-19 06:08 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 21:36 24576 ------w- c:\windows\system32\Novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-08 23:44 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 16:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
IME File REG_SZ IMSC40A.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]
IME File REG_SZ MSTCICJA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]
IME File REG_SZ MSTCIPHA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMEKR70.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0100804]
IME File REG_SZ WINWB86.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0110804]
IME File REG_SZ WINWB98.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-29 18:55 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-01 02:52 366400 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iFolder\\web\\bin\\SimiasApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1101:TCP"= 1101:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/28/2007 4:28 PM 19504]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [3/16/2007 9:33 AM 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/1/1980 3:00 AM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 5:47 PM 6899]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 6:21 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/13/2012 12:25 AM 652872]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 2:33 PM 163840]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12/8/2006 6:37 PM 11152]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [3/16/2007 10:44 AM 49152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11 PM 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/6/2008 7:59 AM 24652]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [3/12/2007 4:40 PM 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [1/10/2005 4:36 PM 61440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 5:11 PM 2773]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/13/2012 12:25 AM 20464]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 11:42 AM 35264]
S2 gupdate1ca349eacfc099a;Google Update Service (gupdate1ca349eacfc099a);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:19 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:19 PM 133104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TSCENSUS_COLLECTION_CLIENT
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-L32C1T5-enchauel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-11 07:44]
.
2012-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 18:18]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 18:18]
.
2012-01-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2012-01-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-03-05 06:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shu.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\s6mm22zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shu.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
AddRemove-Remove Multimedia Center - c:\ibmtools\apps\recnow\sequencer.exe
AddRemove-TSCensus Client Apps - c:\program files\Novell\ZENworks\Asset Management\UninstFA.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 23:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'lsass.exe'(1892)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL
c:\windows\system32\PROCHLP.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\iFolder\iFolderShell.dll
c:\program files\iFolder\iFolderComponent.dll
c:\program files\iFolder\Novell.iFolder.dll
c:\program files\iFolder\web\bin\simiasclient.dll
c:\windows\system32\ieframe.dll
c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\lotus\notes\ntmulti.exe
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Novell\ZENworks\Asset Management\bin\CClient.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Novell\ZENworks\wm.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Novell\ZENworks\NalAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2012-01-19 23:26:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-20 04:26
.
Pre-Run: 33,035,079,680 bytes free
Post-Run: 33,883,607,040 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 25138C4869200A338E918798023848DD

#6 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 20 January 2012 - 05:07 PM

Please run the following:

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer

IN I.E.

In I.E.

Check internet options settings.
Tools > Internet Options > Connections
LAN settings
Choose "automatically detect settings"
uncheck both proxy settings boxes

In F.F.

Open up Firefox

go to Tools and select the Options button:
Click on the Advanced button then the Network tab then Setttings
By default, the No Proxy option should be selected.
If it is set to anything else > reset it to No Proxy
then click on the OK button at the bottom of the window:
Click on the OK button again to close the Options window:

NEXT

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#7 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 20 January 2012 - 11:24 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.20.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
enchauel :: L32C1T5 [administrator]

Protection: Enabled

1/20/2012 7:20:22 PM
mbam-log-2012-01-20 (19-20-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199032
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\15505bcf-76dabafc a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\18ffe592-48248ad1 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\2c945dd3-54f5d51d a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\270c07d4-39bade71 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-549cfec4 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-5eba71d7 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-67503499 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-264635fe a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-72822260 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-79f76a41 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-21a86d87 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\3e671b30-283195b7 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\62383ef0-4d5a77b3 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-1c2042ed a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-748f9375 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\25\53df0b99-664eef98 Java/Exploit.CVE-2011-3544.T trojan
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\49\34ee7bb1-450d22f8 Java/Agent.EA trojan
C:\Documents and Settings\User\My Documents\LimeWire\Incomplete\T-3403439-El Gran Combo de Puerto Rico - Que me lo den en vida.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\dookie booty.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\el balie del perito 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\el balie del perito original studio version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\El Gran Combo de Puerto Rico - Que me lo den en vida.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\so obsesed club version mariah [club mix].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.HQ trojan

#8 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 21 January 2012 - 07:13 AM

Hi

Please do the following:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

File::
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\15505bcf-76dabafc 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\18ffe592-48248ad1 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\2c945dd3-54f5d51d 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\270c07d4-39bade71 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-549cfec4 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-5eba71d7 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-67503499 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-264635fe 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-72822260 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-79f76a41 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-21a86d87 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\3e671b30-283195b7 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\62383ef0-4d5a77b3 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-1c2042ed 
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-748f9375 
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\25\53df0b99-664eef98 
C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\6.0\49\34ee7bb1-450d22f8 
C:\Documents and Settings\User\My Documents\LimeWire\Incomplete\T-3403439-El Gran Combo de Puerto Rico - Que me lo den en vida.mp3 
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\dookie booty.mp3 
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\el balie del perito 2009.mp3 
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\el balie del perito original studio version.mp3 
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\El Gran Combo de Puerto Rico - Que me lo den en vida.mp3 
C:\Documents and Settings\User\My Documents\LimeWire\Saved music\so obsesed club version mariah [club mix].mp3

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Also. please advise how the computer is running now and if there are any outstanding issues.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#9 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 21 January 2012 - 01:29 PM

It seems to be running much better not getting the outgoing net pop ups from malawarebytes anymore. comobo fix did have an issue writing a file before it finished though

ComboFix 12-01-21.02 - enchauel 01/21/2012 13:10:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1262 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\15505bcf-76dabafc"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\18ffe592-48248ad1"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\2c945dd3-54f5d51d"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\270c07d4-39bade71"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-549cfec4"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-5eba71d7"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-67503499"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-264635fe"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-72822260"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-79f76a41"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\154d9fe9-21a86d87"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\3e671b30-283195b7"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\48\62383ef0-4d5a77b3"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-1c2042ed"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\3efb53a-748f9375"
"c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\25\53df0b99-664eef98"
"c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\49\34ee7bb1-450d22f8"
"c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-3403439-El Gran Combo de Puerto Rico - Que me lo den en vida.mp3"
"c:\documents and settings\User\My Documents\LimeWire\Saved music\dookie booty.mp3"
"c:\documents and settings\User\My Documents\LimeWire\Saved music\el balie del perito 2009.mp3"
"c:\documents and settings\User\My Documents\LimeWire\Saved music\el balie del perito original studio version.mp3"
"c:\documents and settings\User\My Documents\LimeWire\Saved music\El Gran Combo de Puerto Rico - Que me lo den en vida.mp3"
"c:\documents and settings\User\My Documents\LimeWire\Saved music\so obsesed club version mariah [club mix].mp3"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-3403439-El Gran Combo de Puerto Rico - Que me lo den en vida.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved music\dookie booty.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved music\el balie del perito 2009.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved music\el balie del perito original studio version.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved music\El Gran Combo de Puerto Rico - Que me lo den en vida.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved music\so obsesed club version mariah [club mix].mp3
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-14 21:36 . 2012-01-14 21:36 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-14 21:35 . 2012-01-14 21:35 -------- d-----w- c:\program files\Trend Micro
2012-01-14 18:43 . 2012-01-14 18:43 -------- d-----w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com
2012-01-14 18:42 . 2012-01-14 18:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 18:42 . 2012-01-14 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-14 03:13 . 2012-01-14 03:13 -------- d-----w- c:\documents and settings\User\Application Data\AVG2012
2012-01-14 03:12 . 2012-01-14 03:12 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-01-14 03:11 . 2012-01-21 17:57 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-14 03:11 . 2012-01-13 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-14 03:09 . 2012-01-14 03:09 -------- d-----w- c:\program files\AVG
2012-01-14 03:04 . 2012-01-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-13 05:25 . 2012-01-13 05:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 05:25 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 03:57 . 2012-01-13 03:57 -------- d-----w- C:\$AVG
2012-01-13 02:33 . 2012-01-13 02:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-10 23:54 . 2012-01-10 23:54 -------- d-----w- c:\documents and settings\User\Application Data\Creative
2012-01-07 12:19 . 2012-01-07 12:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogMeIn
2012-01-07 12:08 . 2011-12-07 23:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-07 12:08 . 2011-12-07 23:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-07 12:08 . 2011-12-07 23:22 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-07 12:08 . 2011-09-16 19:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-07 12:08 . 2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-07 12:08 . 2012-01-21 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2012-01-07 12:07 . 2012-01-10 23:38 -------- d-----w- c:\program files\LogMeIn
2012-01-07 12:05 . 2012-01-07 12:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2012-01-02 20:57 . 2012-01-02 20:57 -------- d-----w- c:\program files\Microsoft Silverlight
2012-01-01 02:15 . 2012-01-01 02:15 -------- d-----w- c:\windows\CtDrvInstall
2012-01-01 02:15 . 2005-05-10 17:00 24576 ----a-r- c:\windows\system32\P0620Aor.dll
2012-01-01 02:11 . 2005-03-14 17:00 24576 ------w- c:\windows\system32\CTWEBFUN.DLL
2011-12-31 01:43 . 2005-03-31 06:06 36864 ------w- c:\windows\system32\CTCamMgr.dll
2011-12-31 01:43 . 2012-01-01 02:12 -------- d-----w- c:\program files\Creative
2011-12-31 01:42 . 2003-11-10 23:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-12-31 01:42 . 2003-11-10 23:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-12-31 01:42 . 2003-11-10 23:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-12-31 01:42 . 2003-11-10 23:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-12-31 01:42 . 2003-11-10 23:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-12-31 01:42 . 2011-12-31 01:42 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-12-31 01:42 . 2011-12-31 01:42 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-12-31 01:37 . 2011-12-31 02:58 -------- d-----w- c:\documents and settings\User\Application Data\U3
2011-12-23 04:44 . 2011-12-23 04:44 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
2011-12-23 04:44 . 2012-01-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-12-23 04:42 . 2012-01-01 02:23 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 1980-01-01 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 1980-01-01 08:00 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-21 00:20 . 2011-10-29 18:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 12:35 . 1980-01-01 08:00 60416 ------w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 1980-01-01 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 1980-01-01 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 1980-01-01 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 1980-01-01 08:00 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 1980-01-01 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 1980-01-01 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 1980-01-01 08:00 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 1980-01-01 08:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
2011-12-21 07:24 . 2012-01-17 03:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-20_04.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 03:51 . 2011-04-19 03:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2012-01-21 17:47 . 2012-01-21 17:47 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2012-01-21 17:47 . 2012-01-21 17:47 16384 c:\windows\Temp\Perflib_Perfdata_428.dat
+ 2012-01-21 17:47 . 2012-01-21 17:47 16384 c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2011-04-19 03:51 . 2011-04-19 03:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2012-01-21 17:56 . 2012-01-21 17:56 223744 c:\windows\Installer\8d2ee.msi
+ 2011-04-19 03:51 . 2011-04-19 03:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 03:51 . 2011-04-19 03:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder0]
@="{AA81D830-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D830-3B41-497c-B508-E9D02F8DF421}]
2005-12-13 18:16 21504 ------w- c:\program files\iFolder\iFolderShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\iFolder1]
@="{AA81D831-3B41-497c-B508-E9D02F8DF421}"
[HKEY_CLASSES_ROOT\CLSID\{AA81D831-3B41-497c-B508-E9D02F8DF421}]
2005-12-13 18:16 21504 ------w- c:\program files\iFolder\iFolderShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"Akamai NetSession Interface"="c:\documents and settings\User\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-23 3334432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-27 120368]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 208896]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-19 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-10-19 69632]
"iFolder"="c:\program files\iFolder\iFolderApp.exe" [2005-12-13 983040]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2007-08-30 205480]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-20 273528]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2005-8-1 35840]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-14 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2005-08-05 417792]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-10-19 06:08 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-07 23:21 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 21:36 24576 ------w- c:\windows\system32\Novell\xtnotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-08 23:44 89600 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 16:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
IME File REG_SZ IMSC40A.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]
IME File REG_SZ MSTCICJA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]
IME File REG_SZ MSTCIPHA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMEKR70.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0100804]
IME File REG_SZ WINWB86.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0110804]
IME File REG_SZ WINWB98.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-29 18:55 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-02-01 02:52 366400 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iFolder\\web\\bin\\SimiasApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\Sony Online Entertainment\\Installed Games\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1099:TCP"= 1099:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [9/28/2007 4:28 PM 19504]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [3/16/2007 9:33 AM 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/1/1980 3:00 AM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 5:47 PM 6899]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 6:21 PM 374152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/13/2012 12:25 AM 652872]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [7/11/2005 2:33 PM 163840]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12/8/2006 6:37 PM 11152]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [3/16/2007 10:44 AM 49152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11 PM 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/6/2008 7:59 AM 24652]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [3/12/2007 4:40 PM 9176]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [1/10/2005 4:36 PM 61440]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 5:11 PM 2773]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/13/2012 12:25 AM 20464]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 11:42 AM 35264]
S2 gupdate1ca349eacfc099a;Google Update Service (gupdate1ca349eacfc099a);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:19 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 12856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2009 1:19 PM 133104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TSCENSUS_COLLECTION_CLIENT
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-L32C1T5-enchauel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-11 07:44]
.
2012-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 18:18]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 18:18]
.
2012-01-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2012-01-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-03-05 06:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shu.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\s6mm22zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shu.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1808)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'lsass.exe'(1868)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
.
Completion time: 2012-01-21 13:23:00
ComboFix-quarantined-files.txt 2012-01-21 18:22
ComboFix2.txt 2012-01-20 04:27
.
Pre-Run: 33,838,813,184 bytes free
Post-Run: 33,873,076,224 bytes free
.
- - End Of File - - 910C3CC4A90C8963FF60F9188FA370BE

#10 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 21 January 2012 - 02:11 PM

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image

Your Java is out of date.
Java™ 6 Update 17 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.

Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.

On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH Checked
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.

NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#11 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 21 January 2012 - 02:15 PM

Is the DDS log just running combofix ?

#12 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 21 January 2012 - 02:18 PM

no,

DDS is the very first diagnostic log you ran, you should still have it on your desktop,

of not I'll give you the full instructions:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any script blocking protection
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011

#13 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 21 January 2012 - 03:22 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by enchauel at 14:46:18 on 2012-01-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1724 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.shu.edu/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [NWTRAY] NWTRAY.EXE
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [iFolder] "c:\program files\ifolder\iFolderApp.exe" -checkautorun
mRun: [TpShocks] TpShocks.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NalView.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\web2~1\office12\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173732012937
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{515EAFCB-2935-4A1D-BE11-95D6E6B96EDB} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: LMIinit - LMIinit.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Application Explorer: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\NalShell.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\s6mm22zq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.shu.edu/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-9-28 19504]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-3-16 34671]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [1980-1-1 14336]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-5-23 6899]
S2 gupdate1ca349eacfc099a;Google Update Service (gupdate1ca349eacfc099a);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-7 47640]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-13 652872]
S2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-7-11 163840]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
S2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2007-3-16 49152]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-6 24652]
S2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2007-3-12 9176]
S2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-5-23 2773]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-13 20464]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-01-21 19:34:46 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-21 19:34:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-20 03:29:38 -------- d-sha-r- C:\cmdcons
2012-01-20 03:25:28 98816 ----a-w- c:\windows\sed.exe
2012-01-20 03:25:28 518144 ----a-w- c:\windows\SWREG.exe
2012-01-20 03:25:28 256000 ----a-w- c:\windows\PEV.exe
2012-01-20 03:25:28 208896 ----a-w- c:\windows\MBR.exe
2012-01-14 21:36:02 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-14 21:35:59 -------- d-----w- c:\program files\Trend Micro
2012-01-14 18:43:04 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
2012-01-14 18:42:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-14 18:42:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-14 03:13:00 -------- d-----w- c:\documents and settings\user\application data\AVG2012
2012-01-14 03:12:14 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-14 03:11:10 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-14 03:11:10 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-01-14 03:09:44 -------- d-----w- c:\program files\AVG
2012-01-14 03:04:14 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-13 05:25:55 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 05:25:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 03:57:48 -------- d-----w- C:\$AVG
2012-01-07 12:19:23 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn
2012-01-07 12:08:39 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-07 12:08:39 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-01-07 12:08:39 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-07 12:08:39 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-07 12:08:25 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-07 12:08:19 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2012-01-07 12:07:53 -------- d-----w- c:\program files\LogMeIn
2012-01-07 12:05:02 -------- d-----w- c:\documents and settings\user\local settings\application data\Deployment
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-01 02:15:17 -------- d-----w- c:\windows\CtDrvInstall
2012-01-01 02:15:14 24576 ----a-r- c:\windows\system32\P0620Aor.dll
2012-01-01 02:11:42 24576 ------w- c:\windows\system32\CTWEBFUN.DLL
2011-12-31 01:43:59 36864 ------w- c:\windows\system32\CTCamMgr.dll
2011-12-31 01:43:26 -------- d-----w- c:\program files\Creative
2011-12-31 01:42:30 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-12-31 01:42:30 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-12-31 01:42:30 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-12-31 01:42:30 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-12-31 01:42:30 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-12-31 01:42:29 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-12-31 01:42:28 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-12-23 04:42:48 -------- d-----w- c:\program files\Yahoo!
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-21 00:20:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-20 22:45:39 256 ----a-w- c:\windows\system32\pool.bin
2011-11-18 12:35:08 60416 ------w- c:\windows\system32\packager.exe
2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ------w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ------w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 14:47:45.70 ===============

Attached File(s)

attach.zip (6.32K)
Number of downloads: 3

#14 Enchauto

New Member

Group: Members
Posts: 12
Joined: 14-January 12

Posted 21 January 2012 - 03:24 PM

Also the machine is working alot better slips in to safe mode at 2 to 3 times the speed it was and startup times are a heck of alot faster.

#15 CatByte

Bleepin' curls!

Group: Malware Response Team
Posts: 7,861
Joined: 09-November 08
Gender:Not Telling
Location:Canada

Posted 21 January 2012 - 03:27 PM

Hi

Just some housekeeping to do now,

Please do the following:

You can delete the DDS and aswMBR logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

Make sure your security programs are totally disabled.
Click START then RUN
Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Download TFC to your desktop
- Close any open windows.
- Double click the TFC icon to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
PC Safety and Security--What Do I Need?.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011