Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trj/CI.A made me do it... Now i can only Boot in Safe Mode


  • This topic is locked This topic is locked
63 replies to this topic

#1 AltElvis

AltElvis

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 08 February 2011 - 07:17 PM

This is a continuation of a post i started in the XP forum.... http://www.bleepingcomputer.com/forums/topic377994.html

the current problem is my computer can only boot in Safe Mode... when ever it boots normal, the XP splash screen jus hangs there with the progress bar HD light running on & on & on.

I believe this happened from my deleting 2 files that were not disinfectable after last Panda Active Scan displayed results. So... i got mad and Erased em with Eraser. Now the computer loads up to the XP Splash screen and sits there with progress bar and HD light running nonstop.

The files were;
cd:windows\system32\spool\prtprocs\w32x86\x9317931oc.dll
and
c;windows\system32\spool\prtprocs\w32x86\xo931iq3.dll

the files were identified as Trj/CI.A Virus.

these files & eleven others came up on a Panda ActiveScan log after a scan of my puter on 2-1-11. i deleted the above files to the recycle bin. After running for couple of days & still getting search engine redirects(which had been getting for last month or so), ran another ActiveScan on 2-3-11... the log showed a Generic Trojan virus in the system volume information directory that had been Disinfected, and the above files in the recycle bin Not Disinfected... so I erased em! on this last scan there were 7 other files in the Temp folder that were questionable & sent to Panda to examine, or what ever they do with those things. They were temp files so i erased them too!

Now... i don't compute till someone can help me out... below are the DDS txt log & attached are the Attach & ark files for review.

Thank you for any assistance.

_______________________________________

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Cortez at 12:18:07.54 on Tue 02/08/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1006.769 [GMT -8:00]

AV: CA Anti-Virus Plus *Enabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Cortez\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.swimboat.com/
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
mStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8592
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - f:\programs\ez trust\ca anti-phishing\toolbar\caIEToolbar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - f:\programs\ez trust\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\programs\msoffi~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: PFW - UmxWnp.Dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - f:\programs\qualcomm\eudora\EuShlExt.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cortez\applic~1\mozilla\firefox\profiles\6ej23h4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - component: c:\documents and settings\cortez\application data\mozilla\firefox\profiles\6ej23h4x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\cortez\application data\mozilla\firefox\profiles\6ej23h4x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: f:\programs\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programs\firefox\firefox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - f:\programs\firefox\firefox3\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {09104EA0-EA35-40C5-9CC6-0241F8AA9CCD} - c:\documents and settings\cortez\local settings\application data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-1-25 18816]
S0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-1-29 28552]
S1 avgio;avgio;f:\programs\avira\avira\antivir desktop\avgio.sys [2011-2-1 11608]
S1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
S1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
S1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
S1 SASDIFSV;SASDIFSV;f:\programs\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;f:\programs\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programs\avira\avira\antivir desktop\sched.exe [2011-2-1 135336]
S2 AntiVirService;Avira AntiVir Guard;f:\programs\avira\avira\antivir desktop\avguard.exe [2011-2-1 267944]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-1 61960]
S2 CAAMSvc;CAAMSvc;f:\programs\ez trust\ca anti-virus plus\CAAMSvc.exe [2010-10-30 206152]
S2 CAISafe;CAISafe;f:\programs\ez trust\ca anti-virus plus\isafe.exe [2010-10-22 212992]
S2 ccSchedulerSVC;CA Common Scheduler Service;f:\programs\ez trust\ccschedulersvc.exe [2010-10-22 206160]
S2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
S2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2008-7-10 25824]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2010-8-24 740160]
S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2010-9-17 301648]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
S2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [2010-10-22 2347760]
S2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2010-10-22 1377008]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [2008-6-23 38479]

=============== Created Last 30 ================

2011-02-04 15:20:16 -------- d-----w- c:\windows\LastGood.Tmp
2011-02-03 17:43:35 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-03 17:43:30 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-02-02 04:53:54 -------- d-----w- c:\docume~1\cortez\applic~1\Avira
2011-02-02 04:41:59 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-02 04:41:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-02-01 16:38:37 -------- d-----w- c:\windows\LMI56.tmp
2011-01-31 14:09:19 -------- d-----w- c:\docume~1\cortez\applic~1\SUPERAntiSpyware.com
2011-01-31 02:10:08 161 ----a-w- c:\docume~1\cortez\applic~1\del.bat
2011-01-29 18:07:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-01-29 13:05:06 -------- d-----w- c:\program files\Panda Security
2011-01-26 00:48:50 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-01-26 00:15:42 -------- d-----w- c:\program files\Sophos
2011-01-24 14:52:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-24 14:43:29 -------- d-----w- c:\docume~1\cortez\applic~1\QuickScan
2011-01-24 04:52:03 -------- d-----w- c:\docume~1\cortez\applic~1\Malwarebytes
2011-01-24 04:51:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-24 04:51:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-24 04:51:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 19:05:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-23 19:05:06 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 12:34:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\kIeIo06510

==================== Find3M ====================

2011-02-02 18:19:06 49 ----a-w- c:\windows\wpd99.drv

============= FINISH: 12:18:39.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 AM

Posted 14 February 2011 - 08:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 14 February 2011 - 10:05 PM

Here... let me know what's next...

Thanx Mole




Better'nSantaShow'nUp

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 AM

Posted 15 February 2011 - 04:42 PM

Please run TDSSKiller and MBRCheck and let's see what's running this chaos

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 15 February 2011 - 04:51 PM

Thanx Much... coming right up...


jus thought of this... here's the last logs from ActiveScan

Panda ActiveScan

2-1-11
Trj/CI.A Virus Latent Not disinfectable
1. c:\documents and settings\cortez\application data\wrt7.exe
2. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp965\a0270613.exe
3. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp965\a0270627.exe
4. c:\windows\system32\spool\prtprocs\w32x86\x9317931oc.dll
5. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp965\a0270728.exe
6. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp965\a0270590.exe
7. c:\windows\system32\spool\prtprocs\w32x86\xo931iq3.dll
8. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp964\a0270430.exe
9. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp964\a0270574.exe
10. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp964\a0270497.exe
11. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp964\a0270486.exe
12. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp964\a0270464.exe
13. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp965\a0270741.exe




2-3-11
Generic Trojan Virus Latent Disinfected
1. c:\system volume information\_restore{a839367...3e-39928c5f4c89}\rp966\a0270755.exe


Trj/CI.A Virus Latent Not disinfectable
1. c:\recycler\s-1-5-21-3837218590-1173237617-435806185-1009\dc1.dll
2. c:\recycler\s-1-5-21-3837218590-1173237617-435806185-1009\dc2.dll


Questionable
c:\windows\temp\f5.tmp Sent
c:\windows\temp\c7.tmp Sent
c:\windows\temp\5f.tmp Sent
c:\windows\temp\f4.tmp Sent
c:\windows\temp\c6.tmp Sent
c:\windows\temp\5c.tmp Sent
c:\documents and settings\networkservice\loca...iles\content.ie5\g0eu2ho1\sd[1].exe Sent

#6 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 15 February 2011 - 05:14 PM

Mole...

here's two TDSSKiller logs... 1st one i clicked on the exe icon n ran a scan(caught that's not how you asked to run the scan after)... the 2nd ran with the run command

and the MBR log below


the oops TDSS scan;

2011/02/15 13:53:22.0015 1056 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 13:53:22.0046 1056 ================================================================================
2011/02/15 13:53:22.0046 1056 SystemInfo:
2011/02/15 13:53:22.0046 1056
2011/02/15 13:53:22.0046 1056 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/15 13:53:22.0046 1056 Product type: Workstation
2011/02/15 13:53:22.0046 1056 ComputerName: MOBILONE
2011/02/15 13:53:22.0046 1056 UserName: Cortez
2011/02/15 13:53:22.0046 1056 Windows directory: C:\WINDOWS
2011/02/15 13:53:22.0046 1056 System windows directory: C:\WINDOWS
2011/02/15 13:53:22.0046 1056 Processor architecture: Intel x86
2011/02/15 13:53:22.0046 1056 Number of processors: 2
2011/02/15 13:53:22.0046 1056 Page size: 0x1000
2011/02/15 13:53:22.0046 1056 Boot type: Safe boot
2011/02/15 13:53:22.0046 1056 ================================================================================
2011/02/15 13:53:22.0453 1056 Initialize success
2011/02/15 13:53:26.0453 1292 ================================================================================
2011/02/15 13:53:26.0453 1292 Scan started
2011/02/15 13:53:26.0453 1292 Mode: Manual;
2011/02/15 13:53:26.0453 1292 ================================================================================
2011/02/15 13:53:28.0109 1292 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/15 13:53:28.0171 1292 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/02/15 13:53:28.0203 1292 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 13:53:28.0296 1292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/15 13:53:28.0375 1292 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/02/15 13:53:28.0437 1292 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/15 13:53:28.0562 1292 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/02/15 13:53:28.0609 1292 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 13:53:28.0671 1292 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/15 13:53:28.0718 1292 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 13:53:28.0843 1292 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/15 13:53:28.0875 1292 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/15 13:53:28.0921 1292 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/15 13:53:28.0968 1292 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/15 13:53:29.0000 1292 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/15 13:53:29.0140 1292 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/15 13:53:29.0187 1292 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/15 13:53:29.0218 1292 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/15 13:53:29.0281 1292 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/15 13:53:29.0328 1292 ANC (186eedd6780f0c1e04644477486928f4) C:\WINDOWS\system32\drivers\ANC.SYS
2011/02/15 13:53:29.0343 1292 ANC - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/15 13:53:29.0515 1292 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/15 13:53:29.0546 1292 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/15 13:53:29.0593 1292 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/15 13:53:29.0687 1292 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 13:53:29.0734 1292 atapi (2218e3fd674dc284ce98c807086cab14) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 13:53:29.0890 1292 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 13:53:29.0937 1292 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/02/15 13:53:29.0984 1292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 13:53:30.0156 1292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) F:\Programs\Avira\Avira\AntiVir Desktop\avgio.sys
2011/02/15 13:53:30.0265 1292 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/15 13:53:30.0328 1292 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/15 13:53:30.0390 1292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 13:53:30.0500 1292 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/02/15 13:53:30.0640 1292 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/02/15 13:53:30.0765 1292 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/15 13:53:30.0843 1292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 13:53:30.0906 1292 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/15 13:53:30.0937 1292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 13:53:30.0984 1292 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 13:53:31.0031 1292 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 13:53:31.0187 1292 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/15 13:53:31.0312 1292 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/15 13:53:31.0343 1292 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/15 13:53:31.0421 1292 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/15 13:53:31.0468 1292 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/15 13:53:31.0515 1292 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/15 13:53:31.0671 1292 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 13:53:31.0718 1292 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/15 13:53:31.0750 1292 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/15 13:53:31.0796 1292 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/15 13:53:31.0843 1292 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/15 13:53:31.0875 1292 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/15 13:53:31.0906 1292 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/15 13:53:31.0953 1292 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/15 13:53:32.0000 1292 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/15 13:53:32.0109 1292 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/15 13:53:32.0218 1292 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 13:53:32.0359 1292 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 13:53:32.0390 1292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 13:53:32.0453 1292 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 13:53:32.0500 1292 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/15 13:53:32.0546 1292 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 13:53:32.0578 1292 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/15 13:53:32.0687 1292 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/15 13:53:32.0750 1292 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/15 13:53:32.0812 1292 e1express (e1e31cb759ced9bae730b86171b9c9fd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/15 13:53:32.0906 1292 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 13:53:32.0953 1292 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 13:53:33.0062 1292 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 13:53:33.0109 1292 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 13:53:33.0156 1292 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/15 13:53:33.0203 1292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 13:53:33.0250 1292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 13:53:33.0390 1292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/15 13:53:33.0437 1292 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 13:53:33.0500 1292 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/15 13:53:33.0562 1292 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 13:53:33.0687 1292 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/15 13:53:33.0750 1292 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/02/15 13:53:33.0812 1292 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/02/15 13:53:33.0953 1292 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 13:53:34.0031 1292 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/15 13:53:34.0062 1292 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/15 13:53:34.0109 1292 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 13:53:34.0156 1292 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/15 13:53:34.0250 1292 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/02/15 13:53:34.0312 1292 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2011/02/15 13:53:34.0375 1292 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 13:53:34.0468 1292 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/15 13:53:34.0578 1292 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/15 13:53:34.0640 1292 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/15 13:53:34.0671 1292 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/15 13:53:34.0718 1292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 13:53:34.0750 1292 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 13:53:34.0812 1292 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 13:53:34.0937 1292 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 13:53:34.0984 1292 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 13:53:35.0031 1292 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 13:53:35.0078 1292 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/02/15 13:53:35.0234 1292 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 13:53:35.0281 1292 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 13:53:35.0343 1292 KmxAgent (bf236f7a7a4b437dae22cf7665055e71) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
2011/02/15 13:53:35.0375 1292 KmxAMRT (431f909c73deaf60522e0be5e81aa6ef) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
2011/02/15 13:53:35.0437 1292 KmxAMVet (041b29c8e3bed6e833ade367ecfa51f9) C:\WINDOWS\system32\Drivers\KmxAMVet.sys
2011/02/15 13:53:35.0562 1292 KmxCF (c9c6c7edc44f274705a881d0ecc6be77) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
2011/02/15 13:53:35.0593 1292 KmxCfg (ebec5bc094f7127de83751deba0111c7) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
2011/02/15 13:53:35.0640 1292 KmxFile (776b22d0708d527452c17ab0685437ec) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
2011/02/15 13:53:35.0687 1292 KmxFw (9ea53f75df547e59040b4da03fa32f80) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
2011/02/15 13:53:35.0796 1292 KmxSbx (694e1b995586c94bd8355a7bda7c6ca0) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
2011/02/15 13:53:35.0843 1292 KmxStart (ba870f60f3662d82ddd20e4d34843c8e) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
2011/02/15 13:53:35.0890 1292 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 13:53:36.0062 1292 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/15 13:53:36.0265 1292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 13:53:36.0312 1292 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 13:53:36.0375 1292 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 13:53:36.0453 1292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 13:53:36.0531 1292 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 13:53:36.0578 1292 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/15 13:53:36.0640 1292 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 13:53:36.0703 1292 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 13:53:36.0828 1292 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 13:53:36.0875 1292 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 13:53:36.0906 1292 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 13:53:36.0953 1292 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 13:53:37.0000 1292 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 13:53:37.0062 1292 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 13:53:37.0125 1292 NDIS (bc84c4f67d0e880b0c46dc0ce2b8cbaa) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 13:53:37.0218 1292 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 13:53:37.0265 1292 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 13:53:37.0312 1292 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 13:53:37.0343 1292 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 13:53:37.0390 1292 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 13:53:37.0437 1292 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 13:53:37.0640 1292 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/02/15 13:53:37.0812 1292 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 13:53:37.0875 1292 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 13:53:37.0937 1292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 13:53:38.0171 1292 nv (be701381b9c277a2bb84b0aa1e9b6789) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 13:53:38.0500 1292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 13:53:38.0531 1292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 13:53:38.0578 1292 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 13:53:38.0625 1292 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 13:53:38.0656 1292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 13:53:38.0718 1292 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/02/15 13:53:38.0828 1292 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 13:53:38.0921 1292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 13:53:38.0953 1292 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/15 13:53:39.0156 1292 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/15 13:53:39.0187 1292 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/15 13:53:39.0375 1292 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/02/15 13:53:39.0453 1292 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 13:53:39.0500 1292 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2011/02/15 13:53:39.0562 1292 Processor (9e372a156f92425a1904b84589093a37) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/15 13:53:39.0609 1292 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/02/15 13:53:39.0718 1292 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 13:53:39.0765 1292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 13:53:39.0812 1292 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/15 13:53:39.0843 1292 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/15 13:53:39.0890 1292 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/15 13:53:39.0921 1292 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/15 13:53:40.0031 1292 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/15 13:53:40.0078 1292 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/15 13:53:40.0109 1292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 13:53:40.0171 1292 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 13:53:40.0203 1292 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 13:53:40.0265 1292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 13:53:40.0312 1292 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 13:53:40.0343 1292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 13:53:40.0390 1292 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/15 13:53:40.0531 1292 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 13:53:40.0578 1292 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 13:53:40.0718 1292 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/02/15 13:53:40.0828 1292 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) F:\Programs\SuperAntiSpyware\SASDIFSV.SYS
2011/02/15 13:53:40.0859 1292 SASKUTIL (61db0d0756a99506207fd724e3692b25) F:\Programs\SuperAntiSpyware\SASKUTIL.SYS
2011/02/15 13:53:40.0968 1292 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/02/15 13:53:41.0078 1292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 13:53:41.0156 1292 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 13:53:41.0187 1292 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 13:53:41.0359 1292 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/02/15 13:53:41.0437 1292 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2011/02/15 13:53:41.0515 1292 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/15 13:53:41.0593 1292 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2011/02/15 13:53:41.0718 1292 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/15 13:53:41.0796 1292 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/15 13:53:41.0843 1292 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 13:53:41.0921 1292 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 13:53:42.0046 1292 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 13:53:42.0109 1292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/15 13:53:42.0171 1292 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 13:53:42.0234 1292 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 13:53:42.0343 1292 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/15 13:53:42.0390 1292 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/15 13:53:42.0421 1292 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/15 13:53:42.0484 1292 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/15 13:53:42.0531 1292 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/15 13:53:42.0562 1292 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 13:53:42.0718 1292 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 13:53:42.0781 1292 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/02/15 13:53:42.0812 1292 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 13:53:42.0921 1292 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 13:53:42.0953 1292 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 13:53:43.0046 1292 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/15 13:53:43.0109 1292 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2011/02/15 13:53:43.0156 1292 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2011/02/15 13:53:43.0296 1292 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/02/15 13:53:43.0359 1292 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/02/15 13:53:43.0484 1292 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2011/02/15 13:53:43.0531 1292 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2011/02/15 13:53:43.0656 1292 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2011/02/15 13:53:43.0703 1292 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 13:53:43.0796 1292 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/15 13:53:43.0906 1292 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 13:53:44.0078 1292 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/15 13:53:44.0109 1292 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/15 13:53:44.0203 1292 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 13:53:44.0250 1292 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 13:53:44.0312 1292 usbhub (a874d1629762019ceaf824ad8a8c5660) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 13:53:44.0406 1292 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 13:53:44.0453 1292 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 13:53:44.0500 1292 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 13:53:44.0562 1292 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 13:53:44.0625 1292 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/15 13:53:44.0703 1292 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/15 13:53:44.0750 1292 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 13:53:44.0828 1292 VVRUSB (e538948f7b7ff2e8004c7ea0c6031bb4) C:\WINDOWS\system32\DRIVERS\VVRUSB.sys
2011/02/15 13:53:44.0937 1292 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 13:53:45.0062 1292 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 13:53:45.0156 1292 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/15 13:53:45.0406 1292 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/15 13:53:45.0484 1292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/15 13:53:45.0703 1292 ================================================================================
2011/02/15 13:53:45.0703 1292 Scan finished
2011/02/15 13:53:45.0703 1292 ================================================================================
2011/02/15 13:53:45.0750 0708 Detected object count: 1
2011/02/15 13:54:03.0687 0708 ANC (186eedd6780f0c1e04644477486928f4) C:\WINDOWS\system32\drivers\ANC.SYS
2011/02/15 13:54:06.0687 0708 Backup copy not found, trying to cure infected file..
2011/02/15 13:54:06.0687 0708 Cure success, using it..
2011/02/15 13:54:06.0718 0708 C:\WINDOWS\system32\drivers\ANC.SYS - will be cured after reboot
2011/02/15 13:54:06.0718 0708 Rootkit.Win32.TDSS.tdl3(ANC) - User select action: Cure
2011/02/15 13:54:58.0140 1232 Deinitialize success



==================================

requested run command TDSS scan;
2011/02/15 13:53:22.0015 1056 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 13:53:22.0046 1056 ================================================================================
2011/02/15 13:53:22.0046 1056 SystemInfo:
2011/02/15 13:53:22.0046 1056
2011/02/15 13:53:22.0046 1056 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/15 13:53:22.0046 1056 Product type: Workstation
2011/02/15 13:53:22.0046 1056 ComputerName: MOBILONE
2011/02/15 13:53:22.0046 1056 UserName: Cortez
2011/02/15 13:53:22.0046 1056 Windows directory: C:\WINDOWS
2011/02/15 13:53:22.0046 1056 System windows directory: C:\WINDOWS
2011/02/15 13:53:22.0046 1056 Processor architecture: Intel x86
2011/02/15 13:53:22.0046 1056 Number of processors: 2
2011/02/15 13:53:22.0046 1056 Page size: 0x1000
2011/02/15 13:53:22.0046 1056 Boot type: Safe boot
2011/02/15 13:53:22.0046 1056 ================================================================================
2011/02/15 13:53:22.0453 1056 Initialize success
2011/02/15 13:53:26.0453 1292 ================================================================================
2011/02/15 13:53:26.0453 1292 Scan started
2011/02/15 13:53:26.0453 1292 Mode: Manual;
2011/02/15 13:53:26.0453 1292 ================================================================================
2011/02/15 13:53:28.0109 1292 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/15 13:53:28.0171 1292 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/02/15 13:53:28.0203 1292 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 13:53:28.0296 1292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/15 13:53:28.0375 1292 ADIHdAudAddService (d537f3d03c6301fefa21f3eee8cc82d8) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/02/15 13:53:28.0437 1292 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/15 13:53:28.0562 1292 AEAudio (860df7676869cd8690cb2b23ab6de66a) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/02/15 13:53:28.0609 1292 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 13:53:28.0671 1292 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/15 13:53:28.0718 1292 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 13:53:28.0843 1292 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/15 13:53:28.0875 1292 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/15 13:53:28.0921 1292 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/15 13:53:28.0968 1292 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/15 13:53:29.0000 1292 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/15 13:53:29.0140 1292 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/15 13:53:29.0187 1292 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/15 13:53:29.0218 1292 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/15 13:53:29.0281 1292 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/15 13:53:29.0328 1292 ANC (186eedd6780f0c1e04644477486928f4) C:\WINDOWS\system32\drivers\ANC.SYS
2011/02/15 13:53:29.0343 1292 ANC - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/15 13:53:29.0515 1292 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/15 13:53:29.0546 1292 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/15 13:53:29.0593 1292 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/15 13:53:29.0687 1292 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 13:53:29.0734 1292 atapi (2218e3fd674dc284ce98c807086cab14) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 13:53:29.0890 1292 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 13:53:29.0937 1292 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/02/15 13:53:29.0984 1292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 13:53:30.0156 1292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) F:\Programs\Avira\Avira\AntiVir Desktop\avgio.sys
2011/02/15 13:53:30.0265 1292 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/15 13:53:30.0328 1292 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/15 13:53:30.0390 1292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 13:53:30.0500 1292 BTKRNL (9da09b5800b9de8336948664e3b9cc94) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/02/15 13:53:30.0640 1292 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/02/15 13:53:30.0765 1292 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/15 13:53:30.0843 1292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 13:53:30.0906 1292 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/15 13:53:30.0937 1292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 13:53:30.0984 1292 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 13:53:31.0031 1292 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 13:53:31.0187 1292 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/15 13:53:31.0312 1292 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/15 13:53:31.0343 1292 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/15 13:53:31.0421 1292 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/15 13:53:31.0468 1292 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/15 13:53:31.0515 1292 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/15 13:53:31.0671 1292 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 13:53:31.0718 1292 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/15 13:53:31.0750 1292 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/15 13:53:31.0796 1292 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/15 13:53:31.0843 1292 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/15 13:53:31.0875 1292 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/15 13:53:31.0906 1292 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/15 13:53:31.0953 1292 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/15 13:53:32.0000 1292 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/15 13:53:32.0109 1292 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/15 13:53:32.0218 1292 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 13:53:32.0359 1292 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 13:53:32.0390 1292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 13:53:32.0453 1292 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 13:53:32.0500 1292 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/15 13:53:32.0546 1292 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 13:53:32.0578 1292 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/15 13:53:32.0687 1292 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/15 13:53:32.0750 1292 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/15 13:53:32.0812 1292 e1express (e1e31cb759ced9bae730b86171b9c9fd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/15 13:53:32.0906 1292 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 13:53:32.0953 1292 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 13:53:33.0062 1292 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 13:53:33.0109 1292 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 13:53:33.0156 1292 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/15 13:53:33.0203 1292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 13:53:33.0250 1292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 13:53:33.0390 1292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/15 13:53:33.0437 1292 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 13:53:33.0500 1292 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/15 13:53:33.0562 1292 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 13:53:33.0687 1292 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/15 13:53:33.0750 1292 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/02/15 13:53:33.0812 1292 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/02/15 13:53:33.0953 1292 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 13:53:34.0031 1292 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/15 13:53:34.0062 1292 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/15 13:53:34.0109 1292 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 13:53:34.0156 1292 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/15 13:53:34.0250 1292 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/02/15 13:53:34.0312 1292 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2011/02/15 13:53:34.0375 1292 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 13:53:34.0468 1292 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/15 13:53:34.0578 1292 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/15 13:53:34.0640 1292 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/15 13:53:34.0671 1292 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/15 13:53:34.0718 1292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 13:53:34.0750 1292 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 13:53:34.0812 1292 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 13:53:34.0937 1292 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 13:53:34.0984 1292 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 13:53:35.0031 1292 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 13:53:35.0078 1292 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/02/15 13:53:35.0234 1292 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 13:53:35.0281 1292 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 13:53:35.0343 1292 KmxAgent (bf236f7a7a4b437dae22cf7665055e71) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
2011/02/15 13:53:35.0375 1292 KmxAMRT (431f909c73deaf60522e0be5e81aa6ef) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
2011/02/15 13:53:35.0437 1292 KmxAMVet (041b29c8e3bed6e833ade367ecfa51f9) C:\WINDOWS\system32\Drivers\KmxAMVet.sys
2011/02/15 13:53:35.0562 1292 KmxCF (c9c6c7edc44f274705a881d0ecc6be77) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
2011/02/15 13:53:35.0593 1292 KmxCfg (ebec5bc094f7127de83751deba0111c7) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
2011/02/15 13:53:35.0640 1292 KmxFile (776b22d0708d527452c17ab0685437ec) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
2011/02/15 13:53:35.0687 1292 KmxFw (9ea53f75df547e59040b4da03fa32f80) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
2011/02/15 13:53:35.0796 1292 KmxSbx (694e1b995586c94bd8355a7bda7c6ca0) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
2011/02/15 13:53:35.0843 1292 KmxStart (ba870f60f3662d82ddd20e4d34843c8e) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
2011/02/15 13:53:35.0890 1292 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 13:53:36.0062 1292 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/15 13:53:36.0265 1292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 13:53:36.0312 1292 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 13:53:36.0375 1292 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 13:53:36.0453 1292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 13:53:36.0531 1292 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 13:53:36.0578 1292 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/15 13:53:36.0640 1292 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 13:53:36.0703 1292 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 13:53:36.0828 1292 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 13:53:36.0875 1292 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 13:53:36.0906 1292 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 13:53:36.0953 1292 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 13:53:37.0000 1292 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 13:53:37.0062 1292 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 13:53:37.0125 1292 NDIS (bc84c4f67d0e880b0c46dc0ce2b8cbaa) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 13:53:37.0218 1292 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 13:53:37.0265 1292 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 13:53:37.0312 1292 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 13:53:37.0343 1292 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 13:53:37.0390 1292 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 13:53:37.0437 1292 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 13:53:37.0640 1292 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/02/15 13:53:37.0812 1292 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 13:53:37.0875 1292 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 13:53:37.0937 1292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 13:53:38.0171 1292 nv (be701381b9c277a2bb84b0aa1e9b6789) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 13:53:38.0500 1292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 13:53:38.0531 1292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 13:53:38.0578 1292 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 13:53:38.0625 1292 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 13:53:38.0656 1292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 13:53:38.0718 1292 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/02/15 13:53:38.0828 1292 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 13:53:38.0921 1292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 13:53:38.0953 1292 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/15 13:53:39.0156 1292 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/15 13:53:39.0187 1292 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/15 13:53:39.0375 1292 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/02/15 13:53:39.0453 1292 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 13:53:39.0500 1292 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2011/02/15 13:53:39.0562 1292 Processor (9e372a156f92425a1904b84589093a37) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/15 13:53:39.0609 1292 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/02/15 13:53:39.0718 1292 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 13:53:39.0765 1292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 13:53:39.0812 1292 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/15 13:53:39.0843 1292 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/15 13:53:39.0890 1292 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/15 13:53:39.0921 1292 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/15 13:53:40.0031 1292 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/15 13:53:40.0078 1292 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/15 13:53:40.0109 1292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 13:53:40.0171 1292 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 13:53:40.0203 1292 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 13:53:40.0265 1292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 13:53:40.0312 1292 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 13:53:40.0343 1292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 13:53:40.0390 1292 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/15 13:53:40.0531 1292 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 13:53:40.0578 1292 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 13:53:40.0718 1292 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/02/15 13:53:40.0828 1292 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) F:\Programs\SuperAntiSpyware\SASDIFSV.SYS
2011/02/15 13:53:40.0859 1292 SASKUTIL (61db0d0756a99506207fd724e3692b25) F:\Programs\SuperAntiSpyware\SASKUTIL.SYS
2011/02/15 13:53:40.0968 1292 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/02/15 13:53:41.0078 1292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 13:53:41.0156 1292 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 13:53:41.0187 1292 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/15 13:53:41.0359 1292 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/02/15 13:53:41.0437 1292 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2011/02/15 13:53:41.0515 1292 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/15 13:53:41.0593 1292 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2011/02/15 13:53:41.0718 1292 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/15 13:53:41.0796 1292 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/15 13:53:41.0843 1292 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 13:53:41.0921 1292 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 13:53:42.0046 1292 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 13:53:42.0109 1292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/15 13:53:42.0171 1292 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 13:53:42.0234 1292 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 13:53:42.0343 1292 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/15 13:53:42.0390 1292 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/15 13:53:42.0421 1292 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/15 13:53:42.0484 1292 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/15 13:53:42.0531 1292 SynTP (b248b5fe80b285b91cb1e6f85b0ae1d7) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/15 13:53:42.0562 1292 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 13:53:42.0718 1292 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 13:53:42.0781 1292 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/02/15 13:53:42.0812 1292 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 13:53:42.0921 1292 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 13:53:42.0953 1292 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 13:53:43.0046 1292 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/15 13:53:43.0109 1292 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2011/02/15 13:53:43.0156 1292 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2011/02/15 13:53:43.0296 1292 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/02/15 13:53:43.0359 1292 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/02/15 13:53:43.0484 1292 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2011/02/15 13:53:43.0531 1292 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2011/02/15 13:53:43.0656 1292 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2011/02/15 13:53:43.0703 1292 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 13:53:43.0796 1292 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/15 13:53:43.0906 1292 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 13:53:44.0078 1292 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/15 13:53:44.0109 1292 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/15 13:53:44.0203 1292 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 13:53:44.0250 1292 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 13:53:44.0312 1292 usbhub (a874d1629762019ceaf824ad8a8c5660) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 13:53:44.0406 1292 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 13:53:44.0453 1292 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 13:53:44.0500 1292 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 13:53:44.0562 1292 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 13:53:44.0625 1292 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/15 13:53:44.0703 1292 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/15 13:53:44.0750 1292 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 13:53:44.0828 1292 VVRUSB (e538948f7b7ff2e8004c7ea0c6031bb4) C:\WINDOWS\system32\DRIVERS\VVRUSB.sys
2011/02/15 13:53:44.0937 1292 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 13:53:45.0062 1292 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 13:53:45.0156 1292 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/15 13:53:45.0406 1292 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/15 13:53:45.0484 1292 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/15 13:53:45.0703 1292 ================================================================================
2011/02/15 13:53:45.0703 1292 Scan finished
2011/02/15 13:53:45.0703 1292 ================================================================================
2011/02/15 13:53:45.0750 0708 Detected object count: 1
2011/02/15 13:54:03.0687 0708 ANC (186eedd6780f0c1e04644477486928f4) C:\WINDOWS\system32\drivers\ANC.SYS
2011/02/15 13:54:06.0687 0708 Backup copy not found, trying to cure infected file..
2011/02/15 13:54:06.0687 0708 Cure success, using it..
2011/02/15 13:54:06.0718 0708 C:\WINDOWS\system32\drivers\ANC.SYS - will be cured after reboot
2011/02/15 13:54:06.0718 0708 Rootkit.Win32.TDSS.tdl3(ANC) - User select action: Cure
2011/02/15 13:54:58.0140 1232 Deinitialize success


=========================================================

MBR Log;

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 84):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7AB3000 \WINDOWS\system32\KDCOM.DLL
0xF79C3000 \WINDOWS\system32\BOOTVID.dll
0xF7580000 klmdb.sys
0xF7552000 ACPI.sys
0xF7AB5000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7541000 pci.sys
0xF75B3000 isapnp.sys
0xF79C7000 compbatt.sys
0xF79CB000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B7B000 pciide.sys
0xF7833000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7523000 pcmcia.sys
0xF75C3000 MountMgr.sys
0xF7504000 ftdisk.sys
0xF7AB7000 dmload.sys
0xF74DE000 dmio.sys
0xF783B000 PartMgr.sys
0xF79CF000 ACPIEC.sys
0xF7B7C000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75D3000 VolSnap.sys
0xF74C6000 atapi.sys
0xF7408000 iaStor.sys
0xF75E3000 disk.sys
0xF75F3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73E8000 fltMgr.sys
0xF73D6000 sr.sys
0xF73A3000 KmxAMRT.sys
0xF738D000 DRVMCDB.SYS
0xF7603000 PxHelp20.sys
0xF7376000 KSecDD.sys
0xF72E9000 Ntfs.sys
0xF72BC000 NDIS.sys
0xF72A0000 Apsx86.sys
0xF784B000 ApsHM86.sys
0xF7285000 Mup.sys
0xF7923000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7156000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7953000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7131000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7623000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79AB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7105000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AC1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF787B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7883000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xF7A9F000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF7633000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78A3000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7AC7000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7643000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7653000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF70E2000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78F3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7227000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF70B1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7663000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ACD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7058000 \SystemRoot\system32\DRIVERS\update.sys
0xF720F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7673000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AD3000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF786B000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xF7ADB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C5E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78E3000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF78FB000 \SystemRoot\System32\drivers\vga.sys
0xF701C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF791B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7933000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF76B3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6F16000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7030000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7903000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BD5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF799B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF670B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 12):
0 System Idle Process
4 System
236 C:\WINDOWS\system32\smss.exe
284 csrss.exe
308 C:\WINDOWS\system32\winlogon.exe
352 C:\WINDOWS\system32\services.exe
364 C:\WINDOWS\system32\lsass.exe
512 C:\WINDOWS\system32\svchost.exe
572 svchost.exe
652 C:\WINDOWS\system32\svchost.exe
932 C:\WINDOWS\explorer.exe
1224 C:\Documents and Settings\Cortez\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000005`0339a000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000009`2a59a000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000000c`5b12e000 (NTFS)

PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC15V

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 8B917BD12D0F5001FFCBEDC46A3E004F4279C60B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#7 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 15 February 2011 - 05:38 PM

breaking news...

SO STOKED!!!
the computer boots in normal mode now... jus no connection with the wireless.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 AM

Posted 15 February 2011 - 06:08 PM

Please reboot the machine and run MBRCheck again for me. Let's make sure that we've got it for good.
Posted Image
m0le is a proud member of UNITE

#9 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 15 February 2011 - 06:23 PM

Mole,

Jus rebooted... checked the start up in configsys... keep finding(last 2 times) this checked, even after uncheck and apply;
scheduler_proxy c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe


here's the MBR log;
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 166):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7A69000 \WINDOWS\system32\KDCOM.DLL
0xF7979000 \WINDOWS\system32\BOOTVID.dll
0xF743A000 ACPI.sys
0xF7A6B000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7429000 pci.sys
0xF7569000 isapnp.sys
0xF797D000 compbatt.sys
0xF7981000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B31000 pciide.sys
0xF77E9000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF740B000 pcmcia.sys
0xF7579000 MountMgr.sys
0xF73EC000 ftdisk.sys
0xF7A6D000 dmload.sys
0xF73C6000 dmio.sys
0xF77F1000 PartMgr.sys
0xF7985000 ACPIEC.sys
0xF7B32000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77F9000 pavboot.sys
0xF7589000 VolSnap.sys
0xF73AE000 atapi.sys
0xF72F0000 iaStor.sys
0xF7599000 disk.sys
0xF75A9000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72D0000 fltMgr.sys
0xF72BE000 sr.sys
0xF728B000 KmxAMRT.sys
0xF7275000 DRVMCDB.SYS
0xF75B9000 PxHelp20.sys
0xF725E000 KSecDD.sys
0xF71D1000 Ntfs.sys
0xF71A4000 NDIS.sys
0xF7188000 Apsx86.sys
0xF7801000 ApsHM86.sys
0xF716D000 Mup.sys
0xF714C000 kmxstart.sys
0xF76E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5BE9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5BD5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5B94000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF7889000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5B70000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7891000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5B4B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5930000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF76F9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7899000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5904000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AB1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78A1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78A9000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xF708A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7086000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF7709000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78B1000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7AB3000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF7719000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7729000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF58E1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF78C1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF707A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF5811000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF78D1000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xF7B89000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7739000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7072000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF57FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7749000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7759000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78D9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF57C1000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7769000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF57AA000 \SystemRoot\System32\DRIVERS\kmxagent.sys
0xF576A000 \SystemRoot\System32\DRIVERS\kmxcfg.sys
0xF7959000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7961000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5739000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7969000 \SystemRoot\system32\DRIVERS\psadd.sys
0xF7971000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xF7AB9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF56E0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7124000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7799000 \SystemRoot\system32\DRIVERS\VVRUSB.sys
0xF62F5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6295000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF3A17000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xF39F5000 \SystemRoot\system32\drivers\portcls.sys
0xF7619000 \SystemRoot\system32\drivers\drmk.sys
0xF39DD000 \SystemRoot\system32\drivers\AEAudio.sys
0xF39A9000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF38B7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF3804000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78E9000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B25000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF1AB4000 \SystemRoot\System32\DRIVERS\KmxFile.sys
0xF7849000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xF313D000 \SystemRoot\System32\Drivers\tcusb.sys
0xF0C18000 \SystemRoot\System32\DRIVERS\kmxfw.sys
0xF7A93000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF1220000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A95000 \SystemRoot\System32\Drivers\Beep.SYS
0xF1F63000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF1F5B000 \SystemRoot\System32\drivers\vga.sys
0xF7A97000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A99000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF1F53000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF1F4B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF2FA4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF0BE5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF0B8C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0B64000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF0B43000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF1FB9000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF20F6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF0B21000 \SystemRoot\System32\drivers\afd.sys
0xF20E6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1F43000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF1F3B000 \SystemRoot\System32\drivers\Tppwrif.sys
0xF7829000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xF149D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEBB97000 \??\F:\Programs\SuperAntiSpyware\SASKUTIL.SYS
0xED45E000 \??\F:\Programs\SuperAntiSpyware\SASDIFSV.SYS
0xEBB6C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEBAFD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7AFB000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xED00A000 \SystemRoot\System32\Drivers\Fips.SYS
0xEBAD7000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B03000 \??\F:\Programs\Avira\Avira\AntiVir Desktop\avgio.sys
0xED7CC000 \SystemRoot\system32\drivers\tsk15.tmp
0xEC23E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEBA19000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xECB93000 \SystemRoot\System32\drivers\Dxapi.sys
0xEBD7B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xEC31C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB7B37000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEC22E000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xEC21E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C9A000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB7B21000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEE568000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7AE3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB7B0F000 \SystemRoot\System32\DRIVERS\KmxSbx.sys
0xF7AE5000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0xEBDB3000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB7AF7000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB7AE1000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEE22C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF7104000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF709E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB7885000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEE234000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xB745C000 \SystemRoot\System32\DRIVERS\KmxCF.sys
0xB73E2000 \SystemRoot\system32\DRIVERS\srv.sys
0xB75A3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEC14A000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xB6ADD000 \SystemRoot\system32\drivers\wdmaud.sys
0xB6D03000 \SystemRoot\system32\drivers\sysaudio.sys
0xB621C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
1240 C:\WINDOWS\system32\smss.exe
1312 csrss.exe
1340 C:\WINDOWS\system32\winlogon.exe
1384 C:\WINDOWS\system32\services.exe
1396 C:\WINDOWS\system32\lsass.exe
1540 F:\Programs\Avira\Avira\AntiVir Desktop\avguard.exe
1592 F:\Programs\Avira\Avira\AntiVir Desktop\avshadow.exe
1724 C:\WINDOWS\system32\ibmpmsvc.exe
1752 C:\WINDOWS\system32\svchost.exe
1848 svchost.exe
1920 C:\WINDOWS\system32\svchost.exe
1948 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
284 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
424 svchost.exe
504 svchost.exe
808 C:\WINDOWS\system32\spoolsv.exe
852 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
864 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
920 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
968 C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
1036 F:\Programs\Avira\Avira\AntiVir Desktop\sched.exe
1288 svchost.exe
1360 C:\WINDOWS\system32\IPSSVC.EXE
1564 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
600 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
648 C:\Program Files\Bonjour\mDNSResponder.exe
1200 F:\Programs\EZ Trust\CA Anti-Virus Plus\CAAMSvc.exe
1760 F:\Programs\EZ Trust\CA Anti-Virus Plus\isafe.exe
1784 F:\Programs\EZ Trust\ccschedulersvc.exe
2028 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2164 C:\Program Files\Java\jre6\bin\jqs.exe
2260 C:\Program Files\Common Files\Motive\McciCMService.exe
2380 C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
2520 sqlservr.exe
2536 C:\WINDOWS\system32\nvsvc32.exe
2636 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2720 C:\WINDOWS\system32\svchost.exe
2764 C:\Program Files\Lenovo\System Update\SUService.exe
2948 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2980 C:\WINDOWS\system32\TPHDEXLG.exe
2996 tvttcsd.exe
3044 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
3080 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
3104 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3116 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3168 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3184 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3212 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
3260 C:\WINDOWS\system32\mdmcls32.exe
3284 C:\WINDOWS\system32\svcprs32.exe
3308 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3452 C:\WINDOWS\system32\wuauclt.exe
3776 alg.exe
340 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
3920 C:\WINDOWS\system32\wscntfy.exe
4072 C:\WINDOWS\explorer.exe
2440 F:\Programs\EZ Trust\ccevtmgr.exe
4976 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
5068 F:\Programs\EZ Trust\ccprovsp.exe
5076 C:\WINDOWS\system32\ctfmon.exe
6028 C:\WINDOWS\system32\wuauclt.exe
5992 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
6072 C:\Documents and Settings\Cortez\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000005`0339a000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000009`2a59a000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000000c`5b12e000 (NTFS)

PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC15V

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 8B917BD12D0F5001FFCBEDC46A3E004F4279C60B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 AM

Posted 15 February 2011 - 07:15 PM

Please run Combofix, we have a few things to deal with

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 15 February 2011 - 08:15 PM

coupla things i noticed... on boot up the start up sound sorta stutters... also some program i don't recognize runs a progress bar to connect the wireless, i keep clicking it off since i haven't seen this on start up before... when ComboFix rebooted, it hung up on the exit screen, i waited 5min and did a force quit... the ComboFix.txt file ended up in the C:\ComboFix\ComboFix.txt.

Also, with out the wireless, i don't have internet connection on the computer we are working on. So "Windows Recovery Console" didn't download to be installed... i do have an XP sp2 Disc MicroSoft just sent me over the weekend.


here's the ComboFix.txt
ComboFix 11-02-15.01 - Cortez 02/15/2011 16:41:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1006.440 [GMT -8:00]
Running from: C:\Documents and Settings\Cortez\Desktop\ComFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: CA Anti-Virus Plus *Disabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WD
C:\Documents and Settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}
C:\Documents and Settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome.manifest
C:\Documents and Settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome\content\_cfg.js
C:\Documents and Settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome\content\overlay.xul
C:\Documents and Settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\install.rdf
C:\Program Files\wd
C:\Program Files\wd\WD Anywhere Backup\BackupPlanMigrationTool.exe
C:\Program Files\wd\WD Anywhere Backup\config\Applications.xml
C:\Program Files\wd\WD Anywhere Backup\config\BackMeUp.xml
C:\Program Files\wd\WD Anywhere Backup\config\blacklist.txt
C:\Program Files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
C:\Program Files\wd\WD Anywhere Backup\config\Branding.xml
C:\Program Files\wd\WD Anywhere Backup\config\DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
C:\Program Files\wd\WD Anywhere Backup\config\images\1Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\1On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\2Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\2On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\3Off.png
C:\Program Files\wd\WD Anywhere Backup\config\images\3On.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AppLogo.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ButtonImage.png
C:\Program Files\wd\WD Anywhere Backup\config\images\BuyNow.png
C:\Program Files\wd\WD Anywhere Backup\config\images\CopyApps.png
C:\Program Files\wd\WD Anywhere Backup\config\images\FileTransfer.gif
C:\Program Files\wd\WD Anywhere Backup\config\images\harddisk.png
C:\Program Files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\iPod.png
C:\Program Files\wd\WD Anywhere Backup\config\images\iPod_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\images\MioNet.png
C:\Program Files\wd\WD Anywhere Backup\config\images\network.png
C:\Program Files\wd\WD Anywhere Backup\config\images\network_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
C:\Program Files\wd\WD Anywhere Backup\config\images\PoweredByMemeoSmall.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
C:\Program Files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\removable.png
C:\Program Files\wd\WD Anywhere Backup\config\images\removable_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore16.png
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore32.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\Restore48.png
C:\Program Files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
C:\Program Files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
C:\Program Files\wd\WD Anywhere Backup\config\images\swapdrive.png
C:\Program Files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
C:\Program Files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\Locale.xml
C:\Program Files\wd\WD Anywhere Backup\config\OCRBranding.xml
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\AppLogo.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\ButtonImage.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\PoweredByMemeo.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\ProtectYourDigitalLife.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\Restore32.ico
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\Restore48.png
C:\Program Files\wd\WD Anywhere Backup\config\OCRImages\TopPanelBackground.png
C:\Program Files\wd\WD Anywhere Backup\config\rssuserprefs.xml
C:\Program Files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
C:\Program Files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
C:\Program Files\wd\WD Anywhere Backup\ConfigManager.xml
C:\Program Files\wd\WD Anywhere Backup\DevComponents.DotNetBar.dll
C:\Program Files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
C:\Program Files\wd\WD Anywhere Backup\dsofile.dll
C:\Program Files\wd\WD Anywhere Backup\eWebClient.dll
C:\Program Files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
C:\Program Files\wd\WD Anywhere Backup\ID3.dll
C:\Program Files\wd\WD Anywhere Backup\InstUtil.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.DSOFile.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.eWebControl.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.IWshRuntimeLibrary.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.Microsoft.Office.Core.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.Outlook.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.ProfMan.dll
C:\Program Files\wd\WD Anywhere Backup\Interop.Redemption.dll
C:\Program Files\wd\WD Anywhere Backup\license.txt
C:\Program Files\wd\WD Anywhere Backup\MBSstarter.exe
C:\Program Files\wd\WD Anywhere Backup\Memeo.Shadow.Vista.dll
C:\Program Files\wd\WD Anywhere Backup\Memeo.Shadow.XP.dll
C:\Program Files\wd\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoBackgroundService.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoBackup.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher2.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
C:\Program Files\wd\WD Anywhere Backup\MemeoOneClickRestore.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoRemoteCore.dll
C:\Program Files\wd\WD Anywhere Backup\MemeoRestore.exe
C:\Program Files\wd\WD Anywhere Backup\MemeoRestore.exe.config
C:\Program Files\wd\WD Anywhere Backup\Microsoft.Samples.MediaCatalog.dll
C:\Program Files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
C:\Program Files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
C:\Program Files\wd\WD Anywhere Backup\MSVCR71D.dll
C:\Program Files\wd\WD Anywhere Backup\NamedPipes.dll
C:\Program Files\wd\WD Anywhere Backup\OCR.exe
C:\Program Files\wd\WD Anywhere Backup\OCR.exe.config
C:\Program Files\wd\WD Anywhere Backup\ProfMan.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FileCopyBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FTPBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.HardDiskBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.iPodBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.RemovableStorageBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.ShutterflyBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.SwapDriveBackupProvider.resources.dll
C:\Program Files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Net.SecureSocket.dll
C:\Program Files\wd\WD Anywhere Backup\Rebex.Security.dll
C:\Program Files\wd\WD Anywhere Backup\Redemption.dll
C:\Program Files\wd\WD Anywhere Backup\SQLite.NET.dll
C:\Program Files\wd\WD Anywhere Backup\sqlite3.dll
C:\Program Files\wd\WD Anywhere Backup\stdole.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.BMU.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Interop.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
C:\Program Files\wd\WD Anywhere Backup\Tanagra.Utility.dll
C:\Program Files\wd\WD Anywhere Backup\WDDriveInfo.exe
C:\Program Files\wd\WD Anywhere Backup\XMLSettings.dll
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MemeoBackgroundService
-------\Legacy_MemeoBackgroundService
-------\Service_MemeoBackgroundService
-------\Service_MemeoBackgroundService


((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-15 22:33:58 . 2011-02-15 22:33:58 -------- d-----w- C:\Documents and Settings\Cortez\Application Data\Intel
2011-02-15 22:30:52 . 2011-02-15 22:30:52 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\Intel
2011-02-15 21:54:06 . 2011-02-15 21:54:06 77912 ----a-w- C:\WINDOWS\system32\drivers\klmdb.sys
2011-02-15 21:54:06 . 2011-02-15 21:54:06 11520 ----a-w- C:\WINDOWS\system32\drivers\tsk15.tmp
2011-02-03 17:43:35 . 2010-06-14 14:30:28 743936 ------w- C:\WINDOWS\system32\dllcache\helpsvc.exe
2011-02-03 17:43:30 . 2009-06-21 22:04:41 153088 ------w- C:\WINDOWS\system32\dllcache\triedit.dll
2011-02-02 04:53:54 . 2011-02-02 04:53:54 -------- d-----w- C:\Documents and Settings\Cortez\Application Data\Avira
2011-02-02 04:41:59 . 2010-12-13 16:40:21 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-02-02 04:41:59 . 2010-12-13 16:40:21 135096 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-02-02 04:41:59 . 2010-06-17 22:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-02-02 04:41:59 . 2010-06-17 22:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-02-02 04:41:58 . 2011-02-02 04:41:58 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-02-01 16:38:37 . 2011-02-01 17:24:57 -------- d-----w- C:\WINDOWS\LMI56.tmp
2011-01-31 14:09:19 . 2011-01-31 14:09:19 -------- d-----w- C:\Documents and Settings\Cortez\Application Data\SUPERAntiSpyware.com
2011-01-31 02:10:08 . 2011-02-01 02:07:21 161 ----a-w- C:\Documents and Settings\Cortez\Application Data\del.bat
2011-01-29 18:07:48 . 2009-06-30 17:37:16 28552 ----a-w- C:\WINDOWS\system32\drivers\pavboot.sys
2011-01-29 13:05:06 . 2011-01-29 13:05:06 -------- d-----w- C:\Program Files\Panda Security
2011-01-26 17:07:20 . 2011-02-01 20:07:39 177 ----a-w- C:\Documents and Settings\NetworkService\Application Data\del.bat
2011-01-26 00:48:50 . 2010-05-26 18:45:04 18816 ------w- C:\WINDOWS\system32\SAVRKBootTasks.sys
2011-01-26 00:15:42 . 2011-01-26 00:15:42 -------- d-----w- C:\Program Files\Sophos
2011-01-24 14:52:35 . 2011-01-24 14:52:35 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 14:43:29 . 2011-01-30 00:20:42 -------- d-----w- C:\Documents and Settings\Cortez\Application Data\QuickScan
2011-01-24 04:52:03 . 2011-01-24 04:52:03 -------- d-----w- C:\Documents and Settings\Cortez\Application Data\Malwarebytes
2011-01-24 04:51:50 . 2010-12-21 02:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-24 04:51:49 . 2011-01-24 04:51:49 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-01-24 04:51:45 . 2010-12-21 02:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-23 19:05:06 . 2011-01-23 19:05:06 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-01-20 12:34:12 . 2011-01-23 19:04:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\kIeIo06510

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}]
2010-09-29 08:43:14 406864 ----a-w- F:\Programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}"= "F:\Programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll" [2010-09-29 08:43:14 406864]

[HKEY_CLASSES_ROOT\clsid\{0123b506-0ad9-43aa-b0cf-916c122ad4c5}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2267C5C-9C05-4C07-9E32-6AA35D350233}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}"= "F:\Programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll" [2010-09-29 08:43:14 406864]

[HKEY_CLASSES_ROOT\clsid\{0123b506-0ad9-43aa-b0cf-916c122ad4c5}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2267C5C-9C05-4C07-9E32-6AA35D350233}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-06-03 10:03:03 8495104]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 20:19:44 536576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "F:\Programs\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 21:57:20 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27:04 79368 ----a-w- C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17:12 89600 ----a-w- C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37:30 34344 ----a-w- C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06:42 28672 ----a-w- C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=C:\WINDOWS\pss\WD Anywhere Backup Launcher.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qilqudps

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16:38 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-09 02:39:34 2356088 ----a-w- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00:01 419376 ----a-w- C:\Program Files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 16:39:54 281768 ----a-w- F:\Programs\Avira\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51:40 91688 ----a-w- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-12-06 16:22:00 208896 ----a-w- C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]
2010-10-31 01:07:40 337232 ----a-w- F:\Programs\EZ Trust\CA Personal Firewall\capfupgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
2010-10-31 01:07:42 1766736 ----a-w- F:\Programs\EZ Trust\casc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 23:35:38 2630968 ----a-w- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20:00 122940 ----a-w- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2003-07-25 18:15:48 536576 ----a-w- F:\Programs\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2007-03-28 17:32:00 243248 ----a-w- C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50:42 221184 ----a-w- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50:18 81920 ----a-w- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16:42 141608 ----a-w- F:\Programs\Itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10:00 120368 ----a-w- C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-01-05 01:20:14 37403080 ----a-w- C:\WINDOWS\system32\MRT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-10 04:03:00 81920 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-10 04:03:00 1626112 ----a-w- C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2007-12-06 16:22:00 200704 ----a-w- C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08:18 417792 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 02:55:08 839680 ----a-w- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-04-09 07:23:56 1015808 ----a-w- C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 23:24:25 148888 ----a-w- C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-07-05 10:07:14 512000 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-07-05 10:07:42 110592 ----a-w- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2007-11-29 18:04:00 59168 ----a-w- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2007-03-09 05:49:42 66176 ----a-w- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-11-22 22:09:26 181536 ----a-w- C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19:44 536576 ----a-w- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-07-14 08:10:44 397456 ----a-w- F:\Programs\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2010-04-09 16:36:15 430080 ----a-w- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"ccSchedulerSVC"=2 (0x2)
"CAISafe"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"CAAMSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Programs\\InfoSelect\\is.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\\Programs\\Itunes\\iTunes.exe"=

R0 KmxAMRT;KmxAMRT;C:\WINDOWS\system32\drivers\KmxAMRT.sys [9/17/2010 11:21:00 AM 135248]
R0 KmxStart;KmxStart;C:\WINDOWS\system32\drivers\KmxStart.sys [5/3/2010 1:12:02 AM 108112]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [1/29/2011 10:07:48 AM 28552]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\drivers\ApsHM86.sys [10/16/2007 5:32:00 PM 19504]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\drivers\KmxAgent.sys [3/22/2010 12:58:42 PM 79864]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\drivers\KmxFile.sys [9/24/2010 10:16:18 AM 61008]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\drivers\KmxFw.sys [9/24/2010 10:16:18 AM 115792]
R1 SASDIFSV;SASDIFSV;F:\Programs\SuperAntiSpyware\sasdifsv.sys [2/17/2010 10:25:48 AM 12872]
R1 SASKUTIL;SASKUTIL;F:\Programs\SuperAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41:30 AM 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [1/25/2011 4:48:50 PM 18816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;F:\Programs\Avira\Avira\AntiVir Desktop\sched.exe [2/1/2011 8:42:02 PM 135336]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\drivers\KmxCF.sys [9/24/2010 10:16:18 AM 146000]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\drivers\KmxSbx.sys [9/24/2010 10:16:18 AM 61008]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 9:10:02 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11:32 PM 569344]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [8/4/2009 9:42:18 AM 887288]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [8/24/2010 11:07:34 AM 740160]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [9/17/2010 11:21:00 AM 301648]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 5:12:44 PM 102400]
R2 WinExtManager;WinSock Extention Manager;C:\WINDOWS\system32\mdmcls32.exe [10/22/2010 11:23:14 AM 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;C:\WINDOWS\system32\svcprs32.exe [10/22/2010 11:23:14 AM 1377008]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\drivers\KmxCfg.sys [6/9/2010 5:54:38 AM 244304]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\drivers\tvti2c.sys [5/22/2007 2:59:38 PM 30336]
R3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\drivers\VVRUSB.sys [6/23/2008 4:25:05 PM 38479]
S3 KmxAMVet;KmxAMVet;C:\WINDOWS\system32\drivers\KmxAMVet.sys [3/27/2009 2:27:04 PM 598656]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\7.tmp --> C:\WINDOWS\system32\7.tmp [?]
S4 CAAMSvc;CAAMSvc;F:\Programs\EZ Trust\CA Anti-Virus Plus\CAAMSvc.exe [10/30/2010 5:09:42 PM 206152]
S4 ccSchedulerSVC;CA Common Scheduler Service;F:\Programs\EZ Trust\ccschedulersvc.exe [10/22/2010 11:22:38 AM 206160]
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54:46 . 2007-02-12 22:54:46]

2008-05-05 C:\WINDOWS\Tasks\PMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-28 20:46:22 . 2007-12-06 16:22:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swimboat.com/
mStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8592
LSP: C:\WINDOWS\system32\winsflt.dll
LSP: C:\WINDOWS\system32\VetRedir.dll
FF - ProfilePath - C:\Documents and Settings\Cortez\Application Data\Mozilla\Firefox\Profiles\6ej23h4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - F:\Programs\FireFox\FireFox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - F:\Programs\FireFox\FireFox3\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
Notify-ACNotify - ACNotify.dll
SafeBoot-klmdb.sys
MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DiskeeperSystray - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
MSConfigStartUp-Dpitivebaxitivum - C:\WINDOWS\onvrat.dll
MSConfigStartUp-iYogi Support Dock - C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
MSConfigStartUp-PC Pitstop Optimize Scheduler - C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe
MSConfigStartUp-Xjipepozan - C:\WINDOWS\uvupipadaxu.dll
AddRemove-AVS DVD Authoring_is1 - F:\Programs\Super\AVSDVDAuthoring\unins000.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - F:\Programs\SuperAntiSpyware\Uninstall.exe

#12 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 16 February 2011 - 11:45 AM

Aloha Mole,

WOW... got the wireless to work, now i can get online with the affected puter.... Truely AMAZING that you and the BleepingPosse are able, and more over, willing to help thousands of digital minions survive the wreckless efforts of MaliciousCodeWriting RatBastards... i wanna be like you guys when i grow up!
If it's not clear, a very big THANK YOU for your help on this!!!


coupla observations;
checking the "Use Windows to configure my wireless network settings" in the advanced settings of the Wirless Network Connection, connects this box .... though it keeps getting unchecked on boot up, and that other connection software keeps trying to connect... starting to think the other connection software is part of the Lenovo CrapWare that came on this machine.

All the AV's were out of date... now i remember that whatever virus was/is on here, was blocking updates for CA, Avira, MalwareBytes, SuperAnitSpyware, BitDefender... now they're all up to date.

ran a scan with Avira last night... TR/Rootkit.Gen3 Trojan was found & quarantined... now remembering, earlier in Jan when i began using the AV's in addition to CA, that TR/Rootkit kept showing up, even after they were cleaned off... i'm wondering if there maybe something on this machine that is generating rootkits, since they keep showing up with AV scans.



here's the log from the Avira last night;

Avira AntiVir Personal
Report file date: Tuesday, February 15, 2011 18:38

Scanning for 2406648 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MOBILONE

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 02:36:37
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 02:36:53
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 02:36:53
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 02:36:54
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 02:36:54
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 02:36:54
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 02:36:54
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 02:36:55
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 02:36:55
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 02:36:55
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 02:36:56
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 02:36:56
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 02:36:58
VBASE014.VDF : 7.11.3.60 2048 Bytes 2/14/2011 02:36:58
VBASE015.VDF : 7.11.3.61 2048 Bytes 2/14/2011 02:36:58
VBASE016.VDF : 7.11.3.62 2048 Bytes 2/14/2011 02:36:59
VBASE017.VDF : 7.11.3.63 2048 Bytes 2/14/2011 02:36:59
VBASE018.VDF : 7.11.3.64 2048 Bytes 2/14/2011 02:36:59
VBASE019.VDF : 7.11.3.65 2048 Bytes 2/14/2011 02:37:00
VBASE020.VDF : 7.11.3.66 2048 Bytes 2/14/2011 02:37:00
VBASE021.VDF : 7.11.3.67 2048 Bytes 2/14/2011 02:37:00
VBASE022.VDF : 7.11.3.68 2048 Bytes 2/14/2011 02:37:01
VBASE023.VDF : 7.11.3.69 2048 Bytes 2/14/2011 02:37:01
VBASE024.VDF : 7.11.3.70 2048 Bytes 2/14/2011 02:37:02
VBASE025.VDF : 7.11.3.71 2048 Bytes 2/14/2011 02:37:02
VBASE026.VDF : 7.11.3.72 2048 Bytes 2/14/2011 02:37:02
VBASE027.VDF : 7.11.3.73 2048 Bytes 2/14/2011 02:37:03
VBASE028.VDF : 7.11.3.74 2048 Bytes 2/14/2011 02:37:03
VBASE029.VDF : 7.11.3.75 2048 Bytes 2/14/2011 02:37:04
VBASE030.VDF : 7.11.3.76 2048 Bytes 2/14/2011 02:37:04
VBASE031.VDF : 7.11.3.93 109056 Bytes 2/15/2011 02:37:07
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/16/2011 02:37:33
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/16/2011 02:37:30
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/16/2011 02:37:27
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 2/16/2011 02:37:27
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/16/2011 02:37:14
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/16/2011 02:37:13
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 2/16/2011 02:37:10
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: F:\Programs\Avira\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:, F:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PFS,

Start of the scan: Tuesday, February 15, 2011 18:38

Starting search for hidden objects.
c:\program files\lenovo\rescue and recovery\adm\netwk.exe
c:\program files\lenovo\rescue and recovery\adm\netwk.exe
[NOTE] The process is not visible.
f:\programs\avira\avira\antivir desktop\update.exe
f:\programs\avira\avira\antivir desktop\update.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'CCUpdate.exe' - '110' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '68' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'msiexec.exe' - '28' Module(s) have been scanned
Scan process 'casc.exe' - '142' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'wuauclt.exe' - '33' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '79' Module(s) have been scanned
Scan process 'scheduler_proxy.exe' - '29' Module(s) have been scanned
Scan process 'ccEvtMgr.exe' - '101' Module(s) have been scanned
Scan process 'Explorer.EXE' - '122' Module(s) have been scanned
Scan process 'SvcGuiHlpr.exe' - '59' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'AcSvc.exe' - '121' Module(s) have been scanned
Scan process 'svcprs32.exe' - '43' Module(s) have been scanned
Scan process 'mdmcls32.exe' - '46' Module(s) have been scanned
Scan process 'logmon.exe' - '14' Module(s) have been scanned
Scan process 'WDBtnMgrSvc.exe' - '26' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '5' Module(s) have been scanned
Scan process 'IUService.exe' - '5' Module(s) have been scanned
Scan process 'tvtsched.exe' - '42' Module(s) have been scanned
Scan process 'rrservice.exe' - '49' Module(s) have been scanned
Scan process 'rrpservice.exe' - '24' Module(s) have been scanned
Scan process 'tvttcsd.exe' - '28' Module(s) have been scanned
Scan process 'TPHDEXLG.exe' - '14' Module(s) have been scanned
Scan process 'tvt_reg_monitor_svc.exe' - '20' Module(s) have been scanned
Scan process 'suservice.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '22' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
Scan process 'sqlservr.exe' - '53' Module(s) have been scanned
Scan process 'McciCMService.exe' - '25' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'EvtEng.exe' - '70' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '41' Module(s) have been scanned
Scan process 'AcPrfMgrSvc.exe' - '49' Module(s) have been scanned
Scan process 'IPSSVC.EXE' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Scan process 'UmxAgent.exe' - '49' Module(s) have been scanned
Scan process 'UmxPol.exe' - '27' Module(s) have been scanned
Scan process 'UmxFwHlp.exe' - '61' Module(s) have been scanned
Scan process 'UmxCfg.exe' - '42' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '67' Module(s) have been scanned
Scan process 'btwdins.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '186' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '10' Module(s) have been scanned
Scan process 'avshadow.exe' - '24' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '87' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1850' files ).


Starting the file scan:

Begin scan in 'C:\' <WinXP>
C:\WINDOWS\system32\drivers\ANC.sys
[DETECTION] Is the TR/Rootkit.Gen3 Trojan
Begin scan in 'E:\' <WorkShop>
Begin scan in 'F:\' <DownLoads&Programs>
Begin scan in 'G:\' <Documents>

Beginning disinfection:
C:\WINDOWS\system32\drivers\ANC.sys
[DETECTION] Is the TR/Rootkit.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fc2e2d6.qua'.


End of the scan: Tuesday, February 15, 2011 19:35
Used time: 56:16 Minute(s)

The scan has been done completely.

14695 Scanned directories
375390 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
375389 Files not concerned
9027 Archives were scanned
0 Warnings
1 Notes
451926 Objects were scanned with rootkit scan
2 Hidden objects were found

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 AM

Posted 16 February 2011 - 07:41 PM

Thank you for the thank you :)

This is the problem with some heuristic scanners. They produce what we call false positives. It has flagged anc.sys as a trojan but anc.sys is legitimate, see here

Combofix on the other hand has found the real stuff, including the At.job files which are dropped by a rootkit called TDSS.

Please run it again to remove the hack that's placed on the DNS

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:8592


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Now run MBAM for me

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#14 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 16 February 2011 - 10:36 PM

boy howdy... things seem to be running fine on this computer now.

ComboFix was even able to download and install the Windows Recovery Console


was wondering... would any of these virus/rootkit/malware things end up on my external drive i keep at the house? i've not done any of these scans there... mainly using it to transfer & store music/photos/video files.


ComboFix log;

ComboFix 11-02-16.01 - Cortez 02/16/2011 17:06:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1006.415 [GMT -8:00]
Running from: c:\documents and settings\Cortez\Desktop\ComFix.exe
Command switches used :: c:\documents and settings\Cortez\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: CA Anti-Virus Plus *Disabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Disabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome.manifest
c:\documents and settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome\content\_cfg.js
c:\documents and settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\chrome\content\overlay.xul
c:\documents and settings\Cortez\Local Settings\Application Data\{09104EA0-EA35-40C5-9CC6-0241F8AA9CCD}\install.rdf
c:\program files\wd\WD Anywhere Backup\BackupPlanMigrationTool.exe
c:\program files\wd\WD Anywhere Backup\config\Applications.xml
c:\program files\wd\WD Anywhere Backup\config\BackMeUp.xml
c:\program files\wd\WD Anywhere Backup\config\blacklist.txt
c:\program files\wd\WD Anywhere Backup\config\BMUConfigWizard.xml
c:\program files\wd\WD Anywhere Backup\config\Branding.xml
c:\program files\wd\WD Anywhere Backup\config\DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\ErrorDescriptions.xml
c:\program files\wd\WD Anywhere Backup\config\images\1Off.png
c:\program files\wd\WD Anywhere Backup\config\images\1On.png
c:\program files\wd\WD Anywhere Backup\config\images\2Off.png
c:\program files\wd\WD Anywhere Backup\config\images\2On.png
c:\program files\wd\WD Anywhere Backup\config\images\3Off.png
c:\program files\wd\WD Anywhere Backup\config\images\3On.png
c:\program files\wd\WD Anywhere Backup\config\images\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup16.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup32.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackup48.png
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\AutoBackupSysTrayIcons.png
c:\program files\wd\WD Anywhere Backup\config\images\ButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\images\BuyNow.png
c:\program files\wd\WD Anywhere Backup\config\images\CopyApps.png
c:\program files\wd\WD Anywhere Backup\config\images\FileTransfer.gif
c:\program files\wd\WD Anywhere Backup\config\images\harddisk.png
c:\program files\wd\WD Anywhere Backup\config\images\harddisk_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod.png
c:\program files\wd\WD Anywhere Backup\config\images\iPod_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\LeftPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\images\MioNet.png
c:\program files\wd\WD Anywhere Backup\config\images\network.png
c:\program files\wd\WD Anywhere Backup\config\images\network_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\images\PoweredByMemeoSmall.png
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.bmp
c:\program files\wd\WD Anywhere Backup\config\images\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\images\ProviderHardDisk.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProvideriPod.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderNetwork.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderRemovable.ico
c:\program files\wd\WD Anywhere Backup\config\images\ProviderSwapDrive.ico
c:\program files\wd\WD Anywhere Backup\config\images\removable.png
c:\program files\wd\WD Anywhere Backup\config\images\removable_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore16.png
c:\program files\wd\WD Anywhere Backup\config\images\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\images\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\images\RestoreApp.ico
c:\program files\wd\WD Anywhere Backup\config\images\SelectedProviderHighlight.jpg
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive.png
c:\program files\wd\WD Anywhere Backup\config\images\swapdrive_gray.png
c:\program files\wd\WD Anywhere Backup\config\images\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\Locale.xml
c:\program files\wd\WD Anywhere Backup\config\OCRBranding.xml
c:\program files\wd\WD Anywhere Backup\config\OCRImages\AppLogo.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\ButtonImage.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\PoweredByMemeo.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\ProtectYourDigitalLife.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\Restore32.ico
c:\program files\wd\WD Anywhere Backup\config\OCRImages\Restore48.png
c:\program files\wd\WD Anywhere Backup\config\OCRImages\TopPanelBackground.png
c:\program files\wd\WD Anywhere Backup\config\rssuserprefs.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.iPod.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\Tanagra.ShutterFly.DefaultRules.xml
c:\program files\wd\WD Anywhere Backup\config\UserFileTypeOptions.xml
c:\program files\wd\WD Anywhere Backup\ConfigManager.xml
c:\program files\wd\WD Anywhere Backup\DevComponents.DotNetBar.dll
c:\program files\wd\WD Anywhere Backup\docs\MemeoAutoBackupUserGuide.htm
c:\program files\wd\WD Anywhere Backup\dsofile.dll
c:\program files\wd\WD Anywhere Backup\eWebClient.dll
c:\program files\wd\WD Anywhere Backup\ICSharpCode.SharpZipLib.dll
c:\program files\wd\WD Anywhere Backup\ID3.dll
c:\program files\wd\WD Anywhere Backup\InstUtil.dll
c:\program files\wd\WD Anywhere Backup\Interop.DSOFile.dll
c:\program files\wd\WD Anywhere Backup\Interop.eWebControl.dll
c:\program files\wd\WD Anywhere Backup\Interop.IWshRuntimeLibrary.dll
c:\program files\wd\WD Anywhere Backup\Interop.Microsoft.Office.Core.dll
c:\program files\wd\WD Anywhere Backup\Interop.Outlook.dll
c:\program files\wd\WD Anywhere Backup\Interop.ProfMan.dll
c:\program files\wd\WD Anywhere Backup\Interop.Redemption.dll
c:\program files\wd\WD Anywhere Backup\license.txt
c:\program files\wd\WD Anywhere Backup\MBSstarter.exe
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.Vista.dll
c:\program files\wd\WD Anywhere Backup\Memeo.Shadow.XP.dll
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackgroundService.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe
c:\program files\wd\WD Anywhere Backup\MemeoBackup.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe
c:\program files\wd\WD Anywhere Backup\MemeoLauncher2.exe.config
c:\program files\wd\WD Anywhere Backup\MemeoOneClickRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRemoteCore.dll
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe
c:\program files\wd\WD Anywhere Backup\MemeoRestore.exe.config
c:\program files\wd\WD Anywhere Backup\Microsoft.Samples.MediaCatalog.dll
c:\program files\wd\WD Anywhere Backup\Microsoft.Web.Services.dll
c:\program files\wd\WD Anywhere Backup\Microsoft.Windows.Forms.Navigation.dll
c:\program files\wd\WD Anywhere Backup\MSVCR71D.dll
c:\program files\wd\WD Anywhere Backup\NamedPipes.dll
c:\program files\wd\WD Anywhere Backup\OCR.exe
c:\program files\wd\WD Anywhere Backup\OCR.exe.config
c:\program files\wd\WD Anywhere Backup\ProfMan.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FileCopyBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.FTPBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.HardDiskBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.iPodBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.RemovableStorageBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.ShutterflyBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\en-US\Tanagra.BMU.Providers.SwapDriveBackupProvider.resources.dll
c:\program files\wd\WD Anywhere Backup\providers\RegisteredProviders.xml
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FileCopyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.FTPBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.HardDiskBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.iPodBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.RemovableStorageBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.ShutterflyBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\providers\Tanagra.BMU.Providers.SwapDriveBackupProvider.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.Ftp.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.ProxySocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Net.SecureSocket.dll
c:\program files\wd\WD Anywhere Backup\Rebex.Security.dll
c:\program files\wd\WD Anywhere Backup\Redemption.dll
c:\program files\wd\WD Anywhere Backup\SQLite.NET.dll
c:\program files\wd\WD Anywhere Backup\sqlite3.dll
c:\program files\wd\WD Anywhere Backup\stdole.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.BMU.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.DataAccess.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.DataClad.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Interop.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Third-party.Security.dll
c:\program files\wd\WD Anywhere Backup\Tanagra.Utility.dll
c:\program files\wd\WD Anywhere Backup\WDDriveInfo.exe
c:\program files\wd\WD Anywhere Backup\XMLSettings.dll
c:\windows\system32\Thumbs.db
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MemeoBackgroundService
-------\Legacy_MemeoBackgroundService
-------\Service_MemeoBackgroundService
-------\Service_MemeoBackgroundService


((((((((((((((((((((((((( Files Created from 2011-01-17 to 2011-02-17 )))))))))))))))))))))))))))))))
.

2011-02-15 22:33 . 2011-02-15 22:33 -------- d-----w- c:\documents and settings\Cortez\Application Data\Intel
2011-02-15 22:30 . 2011-02-15 22:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2011-02-15 21:54 . 2011-02-15 21:54 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2011-02-15 21:54 . 2011-02-15 21:54 11520 ----a-w- c:\windows\system32\drivers\tsk15.tmp
2011-02-03 17:43 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-03 17:43 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-02-02 04:53 . 2011-02-02 04:53 -------- d-----w- c:\documents and settings\Cortez\Application Data\Avira
2011-02-02 04:41 . 2010-12-13 16:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-02 04:41 . 2010-12-13 16:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 04:41 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-02-02 04:41 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-02-02 04:41 . 2011-02-02 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-02-01 16:38 . 2011-02-01 17:24 -------- d-----w- c:\windows\LMI56.tmp
2011-01-31 14:09 . 2011-01-31 14:09 -------- d-----w- c:\documents and settings\Cortez\Application Data\SUPERAntiSpyware.com
2011-01-31 02:10 . 2011-02-01 02:07 161 ------w- c:\documents and settings\Cortez\Application Data\del.bat
2011-01-29 18:07 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-01-29 13:05 . 2011-01-29 13:05 -------- d-----w- c:\program files\Panda Security
2011-01-26 17:07 . 2011-02-01 20:07 177 ------w- c:\documents and settings\NetworkService\Application Data\del.bat
2011-01-26 00:48 . 2010-05-26 18:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-01-26 00:15 . 2011-01-26 00:15 -------- d-----w- c:\program files\Sophos
2011-01-24 14:52 . 2011-01-24 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-24 14:43 . 2011-01-30 00:20 -------- d-----w- c:\documents and settings\Cortez\Application Data\QuickScan
2011-01-24 04:52 . 2011-01-24 04:52 -------- d-----w- c:\documents and settings\Cortez\Application Data\Malwarebytes
2011-01-24 04:51 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-24 04:51 . 2011-01-24 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-24 04:51 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-23 19:05 . 2011-01-23 19:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-20 12:34 . 2011-01-23 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\kIeIo06510

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_00.58.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-16 22:04 . 2011-02-16 22:04 16384 c:\windows\Temp\Perflib_Perfdata_838.dat
+ 2006-04-30 06:55 . 2011-02-16 22:08 551626 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2011-02-16 00:18 551626 c:\windows\system32\perfh009.dat
+ 2006-04-30 06:55 . 2011-02-16 22:08 115392 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2011-02-16 00:18 115392 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}]
2010-11-20 02:41 406864 ----a-w- f:\programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}"= "f:\programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll" [2010-11-20 406864]

[HKEY_CLASSES_ROOT\clsid\{0123b506-0ad9-43aa-b0cf-916c122ad4c5}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2267C5C-9C05-4C07-9E32-6AA35D350233}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}"= "f:\programs\EZ Trust\CA Anti-Phishing\Toolbar\caIEToolbar.dll" [2010-11-20 406864]

[HKEY_CLASSES_ROOT\clsid\{0123b506-0ad9-43aa-b0cf-916c122ad4c5}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2267C5C-9C05-4C07-9E32-6AA35D350233}]
[HKEY_CLASSES_ROOT\CAIEToolBar.ISSBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-03 8495104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "f:\programs\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\programs\SuperAntiSpyware\SASSEH.DLL" [2011-02-16 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-02-16 03:41 548352 ----a-w- f:\programs\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 22:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qilqudps

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-09 02:39 2356088 ------w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ----a-w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 16:39 281768 ----a-w- f:\programs\Avira\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-12-06 16:22 208896 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade]
2010-10-31 01:07 337232 ----a-w- f:\programs\EZ Trust\CA Personal Firewall\capfupgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
2011-02-16 02:45 1766736 ----a-w- f:\programs\EZ Trust\casc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2007-08-03 23:35 2630968 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dpitivebaxitivum]
c:\windows\onvrat.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2003-07-25 18:15 536576 ----a-w- f:\programs\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2007-03-28 17:32 243248 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ------w- c:\program files\Common Files\Installshield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 ----a-w- f:\programs\Itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iYogi Support Dock]
c:\program files\iYogi Support Dock\iYogiSupportDock.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-01-05 01:20 37403080 ----a-w- c:\windows\system32\MRT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-10 04:03 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-10 04:03 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
c:\program files\PCPitstop\Optimize\PCPOptimize.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2007-12-06 16:22 200704 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 02:55 839680 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-04-09 07:23 1015808 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-12 23:24 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-07-05 10:07 512000 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-07-05 10:07 110592 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2007-11-29 18:04 59168 ----a-w- c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2007-03-09 05:49 66176 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-11-22 22:09 181536 ----a-w- c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-02-08 20:19 536576 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-07-14 08:10 397456 ----a-w- f:\programs\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2010-04-09 16:36 430080 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xjipepozan]
c:\windows\uvupipadaxu.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Diskeeper"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"SUService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programs\\InfoSelect\\is.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Programs\\Itunes\\iTunes.exe"=

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [9/17/2010 11:21 AM 135248]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [5/3/2010 1:12 AM 108112]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/29/2011 10:07 AM 28552]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 5:32 PM 19504]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [3/22/2010 12:58 PM 79864]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [9/24/2010 10:16 AM 61008]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [9/24/2010 10:16 AM 115792]
R1 SASDIFSV;SASDIFSV;f:\programs\SuperAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;f:\programs\SuperAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [1/25/2011 4:48 PM 18816]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programs\Avira\Avira\AntiVir Desktop\sched.exe [2/1/2011 8:42 PM 135336]
R2 CAAMSvc;CAAMSvc;f:\programs\EZ Trust\CA Anti-Virus Plus\CAAMSvc.exe [10/30/2010 5:09 PM 206152]
R2 ccSchedulerSVC;CA Common Scheduler Service;f:\programs\EZ Trust\ccschedulersvc.exe [10/22/2010 11:22 AM 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [9/24/2010 10:16 AM 146000]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [9/24/2010 10:16 AM 61008]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 9:10 PM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11 PM 569344]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [8/4/2009 9:42 AM 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [8/24/2010 11:07 AM 740160]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [9/17/2010 11:21 AM 301648]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [5/16/2008 5:12 PM 102400]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [10/22/2010 11:23 AM 2347760]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [10/22/2010 11:23 AM 1377008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/9/2010 5:54 AM 244304]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 2:59 PM 30336]
R3 VVRUSB;VVRUSB Device;c:\windows\system32\drivers\VVRUSB.sys [6/23/2008 4:25 PM 38479]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [3/27/2009 2:27 PM 598656]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2008-05-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-03-28 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.swimboat.com/
mStart Page = hxxp://lenovo.live.com
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Cortez\Application Data\Mozilla\Firefox\Profiles\6ej23h4x.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programs\FireFox\FireFox3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - f:\programs\FireFox\FireFox3\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 17:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ANC]
"ImagePath"="system32\drivers\tsk15.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\vrlogon.dll
f:\programs\SuperAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\UmxWnp.Dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\winsflt.dll

- - - - - - - > 'explorer.exe'(5824)
c:\windows\system32\WININET.dll
f:\programs\EZ Trust\CA Anti-Spam\QSP-9.0.0.69\QOEHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\winsflt.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\isafeif.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-16 17:14:36
ComboFix-quarantined-files.txt 2011-02-17 01:14

Pre-Run: 4,776,206,336 bytes free
Post-Run: 4,877,000,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2855030F4E3D13570F25651A1A93F3C8




Malwarebytes' Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5778

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

2/16/2011 6:28:09 PM
mbam-log-2011-02-16 (18-28-09).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 273336
Time elapsed: 1 hour(s), 7 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 AltElvis

AltElvis
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere
  • Local time:03:59 AM

Posted 17 February 2011 - 04:36 PM

ok, some added observations since posting ComboFix & MBAM logs;

BootUp seems to execute quicker, not to mention ShutDown used to be forever... now it's bout 55sec.

StartUp sound still stutters on BootUp... would that be caused by the viruses?

still getting some kinda wireless connection software popping up after boot up(i suspect it's part of the Lenovo CrapWare)... if there's some way to just let Windows do the wireless connect, would appreciate knowing where to find that info.


Thanx for any info you can.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users