Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Malware - now can't install printer


  • This topic is locked This topic is locked
16 replies to this topic

#1 sullivbt

sullivbt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 03 August 2011 - 03:18 PM

My new Lenovo work laptop (Win 7 32-bit) got infected with some malware on Monday due to my (stupid) clicking on some dubious links. In any case, being in a hurry to get my box back up and running because I had a work assignment due, I went ahead and DL'd Malwarebytes and Combofix and ran both programs. Fortunately, the tools worked and cleaned my box of whatever infection it did have and, by Tuesday morning, I was back up and running again.

However, I just realized that my printer (a Xerox Workcentre) had somehow gotten uninstalled during the cleaning process and, not matter what I do, I cannot get it back. Every time I try to install it I get an error message, either about the printer driver not installing or the the "printer processor" not being found. I called our IT support contractor and they spent three hours remoted into my machine working on it, and were completely unable to find a solution. They finally gave up and said that "Windows printer services had gotten corrupted and I needed to reinstall the OS".

I'm hoping that someone here can help me resolve this issue. Attached below are my DDS and GMER logs. Any help that anybody can give me would be greatly (and financially) appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by bsullivan at 15:42:26 on 2011-08-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2996.885 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\bsullivan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\lenovo\simpletap\simpletap.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\bsullivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\bsullivan\Downloads\AMMYY_Admin.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [MmDesignPartner.exe] c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MusicManager] "c:\users\bsullivan\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OTFSDMS] c:\program files\addinforuncfat\UNCFATDMS.exe /p
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
TCP: DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{5A9DB073-3A69-4C7C-BA96-39C8CBD175FD} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{A7555D9D-1338-4DFA-9855-026E46330FA5} : DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\251646963737F6E6F57457563747 : DhcpNameServer = 83.97.120.225 83.97.124.225
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\349775966496 : DhcpNameServer = 10.10.90.26 10.10.90.25
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\75946494D2845434 : DhcpNameServer = 172.29.188.201 172.29.188.202
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D42425D2835683 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D434F57455543545 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bsullivan\appdata\roaming\mozilla\firefox\profiles\vlqmiquq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bsullivan\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-2-11 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-13 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-30 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl235af350;MpKsl235af350;c:\programdata\microsoft\microsoft antimalware\definition updates\{2dc7b363-69dd-4a5b-a073-6bf5f0d3c3b0}\MpKsl235af350.sys [2011-8-3 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2011-6-17 79136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-7-1 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-3-30 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-7-30 93032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 OTFSDMS;UNCFAT DMS;c:\program files\addinforuncfat\UNCFATDMS.exe [2008-6-19 129024]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-14 148840]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\qualcomm\qdlservice2k\QDLService2kLenovo.exe [2010-6-25 332536]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2011-6-17 83440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-3-30 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-3-30 64440]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-2-11 2533400]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-3-30 132608]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-15 45352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-30 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-3-30 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-2-11 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-30 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-21 7434240]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2010-6-25 374784]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2010-6-25 190592]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2011-1-4 37232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-2-11 292200]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-2-11 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-2-11 83304]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-30 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-30 1343400]
S3 WFXGRX;WFXGRX;c:\users\bsulli~1\appdata\local\temp\wfxgrx.exe --> c:\users\bsulli~1\appdata\local\temp\WFXGRX.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-5-21 45496]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-03 19:14:16 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-03 19:14:16 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-03 19:14:15 -------- d-----w- C:\prntdrvr
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\25\x5print.dll
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\24\x5print.dll
2011-08-03 14:26:22 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2dc7b363-69dd-4a5b-a073-6bf5f0d3c3b0}\MpKsl235af350.sys
2011-08-03 14:26:12 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2dc7b363-69dd-4a5b-a073-6bf5f0d3c3b0}\mpengine.dll
2011-08-02 22:58:53 -------- d-----w- c:\users\bsullivan\appdata\local\CUSTPDF Writer
2011-08-02 22:58:26 86016 ----a-w- c:\windows\system32\custmon32.dll
2011-08-02 22:58:23 -------- d-----w- c:\program files\SmartDraw 2007
2011-08-02 21:57:54 -------- d-----w- c:\windows\system32\appmgmt
2011-08-02 21:37:27 32768 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
2011-08-02 21:37:27 11264 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrprt_b.dll
2011-08-02 21:37:27 11264 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1_Xrprt_b.dll
2011-08-02 21:24:59 -------- d-----w- C:\Xerox
2011-08-02 20:47:43 -------- d-----w- c:\programdata\AMMYY
2011-08-02 20:39:36 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-08-02 20:38:34 103864 ------w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-08-02 18:46:35 6792528 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-02 18:46:31 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d82d135-bce9-4254-a7ca-54049c8bbf9b}\mpengine.dll
2011-08-02 18:17:27 -------- d-----w- C:\$RECYCLE.BIN
2011-08-02 18:15:37 -------- d-----w- c:\users\bsullivan\appdata\local\temp
2011-08-02 17:34:07 -------- d-----w- c:\program files\ESET
2011-08-01 23:05:12 -------- d-----w- c:\users\bsullivan\appdata\roaming\SUPERAntiSpyware.com
2011-08-01 23:05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 23:03:43 -------- d-----w- c:\users\bsullivan\appdata\roaming\Malwarebytes
2011-08-01 23:03:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 23:03:40 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 23:03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 23:03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 22:23:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 21:47:49 65536 --sha-r- c:\windows\system32\wiashexti.dll
2011-07-29 21:56:12 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-27 10:30:40 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-07-19 17:57:38 -------- d-----w- c:\users\bsullivan\appdata\local\Nero_AG
2011-07-19 17:56:52 -------- d-----w- c:\users\bsullivan\appdata\local\Nero
2011-07-19 15:14:09 -------- d-----w- c:\program files\Evernote
2011-07-18 19:10:50 -------- d-----w- c:\users\bsullivan\appdata\roaming\NeroDigital™
2011-07-18 18:46:43 -------- d-----w- c:\programdata\Nero
2011-07-18 18:45:55 -------- d-----w- c:\program files\Nero
2011-07-18 18:21:14 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-18 18:21:00 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-18 18:20:44 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-18 17:27:46 -------- d-----w- c:\users\bsullivan\appdata\roaming\Xilisoft Corporation
2011-07-18 17:27:22 -------- d-----w- c:\program files\Xilisoft
2011-07-18 17:26:31 53248 ----a-r- c:\users\bsullivan\appdata\roaming\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
2011-07-18 15:20:50 -------- d-----w- C:\Cache
2011-07-18 13:53:01 -------- d-----w- c:\users\bsullivan\appdata\roaming\4Media
2011-07-18 13:48:26 -------- d-----w- c:\users\bsullivan\appdata\local\Geckofx
2011-07-18 13:48:18 -------- d-----w- c:\program files\AviSynth 2.5
.
==================== Find3M ====================
.
2011-07-18 18:37:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 07:59:00 820584 ------w- c:\windows\system32\PWMCP32V.cpl
2011-05-10 07:59:00 517480 ------w- c:\windows\PWMBTHLV.EXE
2011-05-10 07:59:00 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-05-10 07:59:00 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-05-06 00:33:00 1344560 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-06 00:31:56 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-06 00:31:56 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-05-06 00:31:52 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-06 00:31:52 177448 ----a-w- c:\windows\system32\SynCOM.dll
.
============= FINISH: 15:48:01.49 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 10 August 2011 - 04:26 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 10 August 2011 - 08:49 AM

Elise;

Thanks for the response. As per your request, attached are the DDS logs. Re: the attach.txt file, I wasn't sure whether you wanted that file actually pasted into the body of the post or attached to the message, so I followed the guide instructions posted elsewhere on the site and attached it to the post. Please let me know what else you need from me. Thanks again for your help with this.

Brian

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by bsullivan at 8:53:37 on 2011-08-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2996.1203 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\xGOAKbgnd.exe
C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
C:\Program Files\WebEx\Productivity Tools\ptim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Users\bsullivan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\lenovo\simpletap\simpletap.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\bsullivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [MmDesignPartner.exe] c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MusicManager] "c:\users\bsullivan\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OTFSDMS] c:\program files\addinforuncfat\UNCFATDMS.exe /p
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [XeroxScanUtility] c:\program files\xerox\scan_utility\xrxzipui.exe 1
mRun: [XeroxEndeavorBackgroundTask] c:\windows\system32\xGOAKbgnd.exe 1
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
TCP: DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{5A9DB073-3A69-4C7C-BA96-39C8CBD175FD} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{A7555D9D-1338-4DFA-9855-026E46330FA5} : DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\251646963737F6E6F57457563747 : DhcpNameServer = 83.97.120.225 83.97.124.225
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\349775966496 : DhcpNameServer = 10.10.90.26 10.10.90.25
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\75946494D2845434 : DhcpNameServer = 172.29.188.201 172.29.188.202
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D42425D2835683 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D434F57455543545 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bsullivan\appdata\roaming\mozilla\firefox\profiles\vlqmiquq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bsullivan\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-2-11 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-13 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-30 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl93f1df00;MpKsl93f1df00;c:\programdata\microsoft\microsoft antimalware\definition updates\{0015a58d-cd94-466e-bdd1-dc67fbbdefd1}\MpKsl93f1df00.sys [2011-8-10 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2011-6-17 79136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-7-1 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-3-30 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-7-30 93032]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-1 366640]
R2 OTFSDMS;UNCFAT DMS;c:\program files\addinforuncfat\UNCFATDMS.exe [2008-6-19 129024]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-14 148840]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\qualcomm\qdlservice2k\QDLService2kLenovo.exe [2010-6-25 332536]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2011-6-17 83440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-3-30 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-3-30 64440]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-2-11 2533400]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-3-30 132608]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-15 45352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-30 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-3-30 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-2-11 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-30 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-1 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-21 7434240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2010-6-25 374784]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2010-6-25 190592]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2011-1-4 37232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-2-11 292200]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-2-11 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-2-11 83304]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-30 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-30 1343400]
S3 WFXGRX;WFXGRX;c:\users\bsulli~1\appdata\local\temp\wfxgrx.exe --> c:\users\bsulli~1\appdata\local\temp\WFXGRX.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-5-21 45496]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-10 12:40:04 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0015a58d-cd94-466e-bdd1-dc67fbbdefd1}\MpKsl93f1df00.sys
2011-08-10 12:39:51 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0015a58d-cd94-466e-bdd1-dc67fbbdefd1}\mpengine.dll
2011-08-03 19:14:16 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-03 19:14:16 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-03 19:14:15 -------- d-----w- C:\prntdrvr
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\25\x5print.dll
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\24\x5print.dll
2011-08-02 22:58:53 -------- d-----w- c:\users\bsullivan\appdata\local\CUSTPDF Writer
2011-08-02 22:58:26 86016 ----a-w- c:\windows\system32\custmon32.dll
2011-08-02 22:58:23 -------- d-----w- c:\program files\SmartDraw 2007
2011-08-02 21:57:54 -------- d-----w- c:\windows\system32\appmgmt
2011-08-02 21:37:27 32768 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
2011-08-02 21:37:27 11264 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrprt_b.dll
2011-08-02 21:24:59 -------- d-----w- C:\Xerox
2011-08-02 20:47:43 -------- d-----w- c:\programdata\AMMYY
2011-08-02 20:39:36 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-08-02 20:38:34 103864 ------w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-08-02 18:46:35 6792528 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-02 18:46:31 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d82d135-bce9-4254-a7ca-54049c8bbf9b}\mpengine.dll
2011-08-02 18:17:27 -------- d-----w- C:\$RECYCLE.BIN
2011-08-02 18:15:37 -------- d-----w- c:\users\bsullivan\appdata\local\temp
2011-08-02 17:34:07 -------- d-----w- c:\program files\ESET
2011-08-01 23:05:12 -------- d-----w- c:\users\bsullivan\appdata\roaming\SUPERAntiSpyware.com
2011-08-01 23:05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 23:03:43 -------- d-----w- c:\users\bsullivan\appdata\roaming\Malwarebytes
2011-08-01 23:03:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 23:03:40 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 23:03:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 23:03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 22:23:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 21:47:49 65536 --sha-r- c:\windows\system32\wiashexti.dll
2011-07-29 21:56:12 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-27 10:30:40 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-07-19 17:57:38 -------- d-----w- c:\users\bsullivan\appdata\local\Nero_AG
2011-07-19 17:56:52 -------- d-----w- c:\users\bsullivan\appdata\local\Nero
2011-07-19 15:14:09 -------- d-----w- c:\program files\Evernote
2011-07-18 19:10:50 -------- d-----w- c:\users\bsullivan\appdata\roaming\NeroDigital™
2011-07-18 18:46:43 -------- d-----w- c:\programdata\Nero
2011-07-18 18:45:55 -------- d-----w- c:\program files\Nero
2011-07-18 18:21:14 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-18 18:21:00 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-18 18:20:44 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-18 17:27:46 -------- d-----w- c:\users\bsullivan\appdata\roaming\Xilisoft Corporation
2011-07-18 17:27:22 -------- d-----w- c:\program files\Xilisoft
2011-07-18 17:26:31 53248 ----a-r- c:\users\bsullivan\appdata\roaming\microsoft\installer\{12baa98c-f8dd-4bc9-bbe6-1c8463114197}\ARPPRODUCTICON.exe
2011-07-18 15:20:50 -------- d-----w- C:\Cache
2011-07-18 13:53:01 -------- d-----w- c:\users\bsullivan\appdata\roaming\4Media
2011-07-18 13:48:26 -------- d-----w- c:\users\bsullivan\appdata\local\Geckofx
2011-07-18 13:48:18 -------- d-----w- c:\program files\AviSynth 2.5
.
==================== Find3M ====================
.
2011-07-18 18:37:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.02.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82E55000]<< >>UNKNOWN [0x8B7B3000]<< >>UNKNOWN [0x8B7A2000]<< >>UNKNOWN [0x8B0B5000]<< >>UNKNOWN [0x82E1E000]<< >>UNKNOWN [0x8B21F000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82E8C52F] -> \Device\Harddisk0\DR0[0x879FD808]
\Driver\Disk[0x879FC860] -> IRP_MJ_CREATE -> 0x8B7B739F
3 [0x8B7B759E] -> ntkrnlpa!IofCallDriver[0x82E8C52F] -> [0x8627C8B0]
\Driver\ACPI[0x854E4F38] -> IRP_MJ_CREATE -> 0x8B0BE4CC
5 [0x8B0BE3D4] -> ntkrnlpa!IofCallDriver[0x82E8C52F] -> \Device\Ide\IAAStorageDevice-1[0x86254028]
\Driver\iaStor[0x862711C0] -> IRP_MJ_CREATE -> 0x8B24209C
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
copy of MBR has been found in sector 8 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:54:18.41 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 10 August 2011 - 08:58 AM

You mentioned you ran also combofix. Can you please post me the log you'll find at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 10 August 2011 - 09:47 AM

Elise;

Attached is the combofix text file from last week. I haven't run combofix since then. Thanks.



ComboFix 11-08-02.02 - bsullivan 08/02/2011 14:09:15.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2996.1408 [GMT -4:00]
Running from: c:\users\bsullivan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\sas.exe
c:\programdata\AMMYY\settings.bin
c:\programdata\PCDr\5849\AddOnDownloaded\08503421-0e5d-44bc-9797-89954abcf6ff.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d464647d-d93f-443f-8bf7-1e6ba619ac1b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd8a6c4b-79e3-4200-98d7-b7e5061342d1.dll
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
c:\windows\system32\Thumbs.db
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 18:15 . 2011-08-02 18:17 -------- d-----w- c:\users\bsullivan\AppData\Local\temp
2011-08-02 17:34 . 2011-08-02 17:34 -------- d-----w- c:\program files\ESET
2011-08-01 23:05 . 2011-08-01 23:05 -------- d-----w- c:\users\bsullivan\AppData\Roaming\SUPERAntiSpyware.com
2011-08-01 23:05 . 2011-08-01 23:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 23:03 . 2011-08-01 23:03 -------- d-----w- c:\users\bsullivan\AppData\Roaming\Malwarebytes
2011-08-01 23:03 . 2011-08-01 23:03 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 23:03 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 23:03 . 2011-08-01 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-01 23:03 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-01 22:23 . 2011-08-01 22:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 21:47 . 2011-08-01 21:47 65536 --sha-r- c:\windows\system32\wiashexti.dll
2011-08-01 13:02 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{84A2661E-C106-4FC7-9B4C-72203CDD2597}\mpengine.dll
2011-07-29 21:56 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-27 10:30 . 2011-07-27 10:30 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-07-19 17:56 . 2011-08-01 21:48 -------- d-----w- c:\users\bsullivan\AppData\Local\Nero
2011-07-19 15:14 . 2011-07-19 15:14 -------- d-----w- c:\program files\Evernote
2011-07-18 19:04 . 2011-07-18 19:04 -------- d-----w- c:\users\bsullivan\AppData\Roaming\Nero
2011-07-18 18:46 . 2011-07-18 18:51 -------- d-----w- c:\programdata\Nero
2011-07-18 18:46 . 2011-08-01 20:47 -------- d-----w- c:\program files\Common Files\Nero
2011-07-18 18:45 . 2011-08-01 20:40 -------- d-----w- c:\program files\Nero
2011-07-18 18:21 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-07-18 18:21 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-07-18 18:20 . 2008-10-15 10:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-18 17:27 . 2011-07-18 17:27 -------- d-----w- c:\users\bsullivan\AppData\Roaming\Xilisoft Corporation
2011-07-18 17:27 . 2011-07-18 17:27 -------- d-----w- c:\program files\Xilisoft
2011-07-18 17:26 . 2011-07-18 17:26 53248 ----a-r- c:\users\bsullivan\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-18 15:20 . 2011-07-18 15:20 -------- d-----w- C:\Cache
2011-07-18 13:53 . 2011-07-18 13:53 -------- d-----w- c:\users\bsullivan\AppData\Roaming\4Media
2011-07-18 13:48 . 2011-07-18 13:48 -------- d-----w- c:\users\bsullivan\AppData\Local\Geckofx
2011-07-18 13:48 . 2011-07-18 19:15 -------- d-----w- c:\program files\AviSynth 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 18:37 . 2011-05-18 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-13 03:39 . 2011-04-01 14:57 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 10:44 . 2011-06-29 08:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-10 07:59 . 2011-02-11 04:35 517480 ------w- c:\windows\PWMBTHLV.EXE
2011-05-10 07:59 . 2011-02-11 04:35 820584 ------w- c:\windows\system32\PWMCP32V.cpl
2011-05-10 07:59 . 2011-02-11 04:35 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-05-10 07:59 . 2011-02-11 04:35 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-05-06 00:33 . 2011-06-17 16:23 1344560 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-05-06 00:31 . 2011-06-17 16:23 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-05-06 00:31 . 2011-06-17 16:23 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-05-06 00:31 . 2011-06-17 16:23 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-05-06 00:31 . 2011-03-31 01:45 177448 ----a-w- c:\windows\system32\SynCOM.dll
2011-06-22 16:15 . 2011-03-31 01:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MmDesignPartner.exe"="c:\program files\Mindjet\MindManager 8\MmDesignPartner.exe" [2009-12-07 12640]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-06-02 405816]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MusicManager"="c:\users\bsullivan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-06 2262312]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-10-28 468328]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-05-10 1258856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-12-07 38240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-23 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-23 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-23 178200]
"OTFSDMS"="c:\program files\AddinForUNCFAT\UNCFATDMS.exe" [2008-06-19 129024]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]
.
c:\users\bsullivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-2-11 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 23:46 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0e35efe3;MpKsl0e35efe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA0D091B-9DA2-4EA4-B19B-C3233FF6D050}\MpKsl0e35efe3.sys [x]
R1 MpKsl2cfe8f4b;MpKsl2cfe8f4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{427FA3B0-C659-4DB1-BCD7-B590B6EDE90F}\MpKsl2cfe8f4b.sys [x]
R1 MpKsl30b65c22;MpKsl30b65c22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19C72BE4-83E7-4CB3-8693-3A2B19625ECA}\MpKsl30b65c22.sys [x]
R1 MpKsl45f349cf;MpKsl45f349cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{668353B6-3E70-4E9A-B9B5-A2B7A627FEB3}\MpKsl45f349cf.sys [x]
R1 MpKsl48e347b9;MpKsl48e347b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10ADEDD3-F2C9-4E94-9F2A-EA458C8DF908}\MpKsl48e347b9.sys [x]
R1 MpKsl646c7551;MpKsl646c7551;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E29A14D-E1B9-4481-90CB-9D76726A022C}\MpKsl646c7551.sys [x]
R1 MpKsl74187c5c;MpKsl74187c5c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{602F124A-4BE7-4A95-94AF-B8675089690A}\MpKsl74187c5c.sys [x]
R1 MpKsl7f6e83fb;MpKsl7f6e83fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11D759BD-5CC7-4475-952A-B964EDA22425}\MpKsl7f6e83fb.sys [x]
R1 MpKsl82fefd9c;MpKsl82fefd9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3D98548-DC49-4879-B442-F7F3242919C6}\MpKsl82fefd9c.sys [x]
R1 MpKsl869db75d;MpKsl869db75d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B53BE79D-B99D-450A-B0A3-A2071B72D633}\MpKsl869db75d.sys [x]
R1 MpKsla94fec0d;MpKsla94fec0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BE03EE-B536-48C0-A8BA-256F2AF49B8A}\MpKsla94fec0d.sys [x]
R1 MpKslca1e96ef;MpKslca1e96ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D9D9217-76CD-4089-B5F0-DD8D64FDACF9}\MpKslca1e96ef.sys [x]
R1 MpKslf4377bdf;MpKslf4377bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1071B8B-5619-4D61-AB65-59B281C470F7}\MpKslf4377bdf.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\BSULLI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\BSULLI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-02-11 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-30 1343400]
R3 WFXGRX;WFXGRX;c:\users\BSULLI~1\AppData\Local\Temp\WFXGRX.exe [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 OTFSDMS;UNCFAT DMS;c:\program files\AddinForUNCFAT\UNCFATDMS.exe [2008-06-19 129024]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2010-06-25 332536]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-01-13 132608]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-15 45352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-30 29472]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [2010-06-25 5248]
S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [2010-06-25 374784]
S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [2010-06-25 190592]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2011-01-04 37232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046199981-3511545163-2109793127-1638Core.job
- c:\users\bsullivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 21:35]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046199981-3511545163-2109793127-1638UA.job
- c:\users\bsullivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 21:35]
.
2011-07-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2011-08-02 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-04-19 13:53]
.
2011-08-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{5A9DB073-3A69-4C7C-BA96-39C8CBD175FD}: NameServer = 209.183.33.23 209.183.35.23
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\users\bsullivan\AppData\Roaming\Mozilla\Firefox\Profiles\vlqmiquq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3708)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\lenovo\simpletap\simpletap.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
.
**************************************************************************
.
Completion time: 2011-08-02 14:20:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 18:20
.
Pre-Run: 200,445,116,416 bytes free
Post-Run: 200,500,936,704 bytes free
.
- - End Of File - - 86B8E6B29CABFAFDB52BAE43DDB733A7

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 10 August 2011 - 10:07 AM

Lets first double check for rootkits here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 10 August 2011 - 11:09 AM

As requested - here is the TDSS file. Thanks.



2011/08/10 12:07:24.0032 7732 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 12:07:24.0579 7732 ================================================================================
2011/08/10 12:07:24.0579 7732 SystemInfo:
2011/08/10 12:07:24.0579 7732
2011/08/10 12:07:24.0579 7732 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/10 12:07:24.0579 7732 Product type: Workstation
2011/08/10 12:07:24.0579 7732 ComputerName: STAFFORD-PC16
2011/08/10 12:07:24.0580 7732 UserName: bsullivan
2011/08/10 12:07:24.0580 7732 Windows directory: C:\Windows
2011/08/10 12:07:24.0580 7732 System windows directory: C:\Windows
2011/08/10 12:07:24.0580 7732 Processor architecture: Intel x86
2011/08/10 12:07:24.0580 7732 Number of processors: 4
2011/08/10 12:07:24.0580 7732 Page size: 0x1000
2011/08/10 12:07:24.0580 7732 Boot type: Normal boot
2011/08/10 12:07:24.0580 7732 ================================================================================
2011/08/10 12:07:25.0261 7732 Initialize success
2011/08/10 12:07:37.0416 5824 ================================================================================
2011/08/10 12:07:37.0416 5824 Scan started
2011/08/10 12:07:37.0416 5824 Mode: Manual;
2011/08/10 12:07:37.0416 5824 ================================================================================
2011/08/10 12:07:37.0629 5824 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/10 12:07:37.0684 5824 5U877 (a6ff6799b541bacb73c69269f4bf326d) C:\Windows\system32\DRIVERS\5U877.sys
2011/08/10 12:07:37.0722 5824 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/10 12:07:37.0752 5824 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/10 12:07:37.0814 5824 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/10 12:07:37.0843 5824 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/10 12:07:37.0872 5824 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/10 12:07:37.0941 5824 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/10 12:07:37.0977 5824 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/10 12:07:38.0019 5824 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/10 12:07:38.0068 5824 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/10 12:07:38.0102 5824 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/10 12:07:38.0126 5824 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/10 12:07:38.0167 5824 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/10 12:07:38.0191 5824 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/10 12:07:38.0240 5824 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/10 12:07:38.0290 5824 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/10 12:07:38.0317 5824 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/10 12:07:38.0362 5824 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/10 12:07:38.0417 5824 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/10 12:07:38.0439 5824 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/10 12:07:38.0500 5824 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/10 12:07:38.0544 5824 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/10 12:07:38.0597 5824 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/10 12:07:38.0672 5824 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/10 12:07:38.0706 5824 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/10 12:07:38.0747 5824 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/10 12:07:38.0779 5824 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/10 12:07:38.0800 5824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/10 12:07:38.0828 5824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/10 12:07:38.0860 5824 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/10 12:07:38.0883 5824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/10 12:07:38.0899 5824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/10 12:07:38.0924 5824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/10 12:07:38.0973 5824 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/08/10 12:07:38.0992 5824 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/10 12:07:39.0015 5824 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/10 12:07:39.0046 5824 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
2011/08/10 12:07:39.0090 5824 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/10 12:07:39.0164 5824 btusbflt (dd5361cf05025bd61a5d0115ecc2566f) C:\Windows\system32\drivers\btusbflt.sys
2011/08/10 12:07:39.0198 5824 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
2011/08/10 12:07:39.0233 5824 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\drivers\btwavdt.sys
2011/08/10 12:07:39.0273 5824 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/08/10 12:07:39.0294 5824 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/10 12:07:39.0450 5824 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/10 12:07:39.0485 5824 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/10 12:07:39.0527 5824 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/10 12:07:39.0562 5824 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/10 12:07:39.0601 5824 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/10 12:07:39.0626 5824 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/10 12:07:39.0655 5824 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/10 12:07:39.0699 5824 CnxtHdAudService (2fe437862d0caa879b3c01ef353edda7) C:\Windows\system32\drivers\CHDRT32.sys
2011/08/10 12:07:39.0734 5824 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/10 12:07:39.0756 5824 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/10 12:07:39.0789 5824 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/10 12:07:39.0851 5824 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/08/10 12:07:39.0904 5824 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/10 12:07:39.0930 5824 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/10 12:07:39.0960 5824 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/10 12:07:40.0012 5824 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
2011/08/10 12:07:40.0041 5824 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/10 12:07:40.0078 5824 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/10 12:07:40.0120 5824 e1kexpress (b0587c35e8c72a6fdf1782972efea03b) C:\Windows\system32\DRIVERS\e1k6232.sys
2011/08/10 12:07:40.0192 5824 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/10 12:07:40.0284 5824 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/10 12:07:40.0320 5824 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/10 12:07:40.0402 5824 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/10 12:07:40.0433 5824 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/10 12:07:40.0466 5824 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/10 12:07:40.0497 5824 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/10 12:07:40.0512 5824 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/10 12:07:40.0545 5824 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/10 12:07:40.0563 5824 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/10 12:07:40.0599 5824 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/10 12:07:40.0622 5824 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/10 12:07:40.0665 5824 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/10 12:07:40.0694 5824 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/10 12:07:40.0740 5824 HBtnKey (f837f24dcca39dcd2d03fa9f00586c6c) C:\Windows\system32\DRIVERS\tkbtnpn.sys
2011/08/10 12:07:40.0767 5824 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/10 12:07:40.0826 5824 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/10 12:07:40.0866 5824 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/10 12:07:40.0907 5824 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
2011/08/10 12:07:40.0928 5824 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/10 12:07:40.0954 5824 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/10 12:07:40.0978 5824 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/10 12:07:41.0014 5824 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/10 12:07:41.0053 5824 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/10 12:07:41.0111 5824 HSF_DPV (caaa4433360fd337cf68a1b0719f9cc1) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/10 12:07:41.0147 5824 HSXHWAZL (cb049fa2ce718f7468be50f3d7192370) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/10 12:07:41.0197 5824 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/10 12:07:41.0237 5824 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/10 12:07:41.0265 5824 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/10 12:07:41.0306 5824 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/10 12:07:41.0352 5824 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/10 12:07:41.0396 5824 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/08/10 12:07:41.0596 5824 igfx (1f8104684b7b9b7d4467a1b903a30e99) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/10 12:07:41.0819 5824 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/10 12:07:41.0881 5824 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/10 12:07:41.0927 5824 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/08/10 12:07:41.0962 5824 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/10 12:07:41.0993 5824 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/10 12:07:42.0020 5824 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/10 12:07:42.0054 5824 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/10 12:07:42.0081 5824 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/10 12:07:42.0109 5824 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/10 12:07:42.0136 5824 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/10 12:07:42.0166 5824 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/10 12:07:42.0200 5824 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/10 12:07:42.0220 5824 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/10 12:07:42.0260 5824 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/10 12:07:42.0284 5824 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/10 12:07:42.0351 5824 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
2011/08/10 12:07:42.0396 5824 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/10 12:07:42.0463 5824 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/10 12:07:42.0490 5824 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/10 12:07:42.0513 5824 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/10 12:07:42.0538 5824 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/10 12:07:42.0559 5824 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/10 12:07:42.0617 5824 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/10 12:07:42.0668 5824 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/10 12:07:42.0688 5824 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/10 12:07:42.0711 5824 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/10 12:07:42.0743 5824 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/10 12:07:42.0792 5824 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/10 12:07:42.0838 5824 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/10 12:07:42.0872 5824 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/10 12:07:42.0905 5824 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/10 12:07:42.0969 5824 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/10 12:07:43.0002 5824 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/10 12:07:43.0333 5824 MpKsl93f1df00 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0015A58D-CD94-466E-BDD1-DC67FBBDEFD1}\MpKsl93f1df00.sys
2011/08/10 12:07:43.0447 5824 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/10 12:07:43.0487 5824 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/10 12:07:43.0522 5824 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/10 12:07:43.0575 5824 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/10 12:07:43.0597 5824 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/10 12:07:43.0624 5824 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/10 12:07:43.0653 5824 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/10 12:07:43.0693 5824 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/10 12:07:43.0730 5824 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/10 12:07:43.0750 5824 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/10 12:07:43.0771 5824 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/10 12:07:43.0801 5824 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/10 12:07:43.0851 5824 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/10 12:07:43.0876 5824 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/10 12:07:43.0901 5824 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/10 12:07:43.0929 5824 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/10 12:07:43.0949 5824 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/10 12:07:43.0973 5824 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/10 12:07:43.0999 5824 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/10 12:07:44.0041 5824 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/10 12:07:44.0092 5824 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/10 12:07:44.0134 5824 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/10 12:07:44.0165 5824 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/10 12:07:44.0221 5824 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/10 12:07:44.0253 5824 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/10 12:07:44.0273 5824 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/10 12:07:44.0292 5824 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/10 12:07:44.0330 5824 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/10 12:07:44.0494 5824 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/08/10 12:07:44.0730 5824 NETwNs32 (814596469bbe40ef99ccfd582a375b83) C:\Windows\system32\DRIVERS\NETwNs32.sys
2011/08/10 12:07:44.0872 5824 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/10 12:07:44.0915 5824 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/10 12:07:44.0957 5824 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/10 12:07:44.0980 5824 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/10 12:07:45.0028 5824 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/10 12:07:45.0077 5824 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/10 12:07:45.0139 5824 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/10 12:07:45.0168 5824 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/10 12:07:45.0206 5824 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/10 12:07:45.0246 5824 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/10 12:07:45.0314 5824 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/10 12:07:45.0347 5824 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/10 12:07:45.0377 5824 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/10 12:07:45.0472 5824 PCDSRVC{3037D694-FD904ACA-06020200}_0 (2dd9d5a9150c7015ac7f215efa59e44f) c:\program files\pc-doctor\pcdsrvc.pkms
2011/08/10 12:07:45.0504 5824 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/10 12:07:45.0531 5824 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/10 12:07:45.0553 5824 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/10 12:07:45.0580 5824 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/10 12:07:45.0610 5824 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/10 12:07:45.0712 5824 pmxdrv (b4079d61b5c6b4919bde17c38202e236) C:\Windows\system32\drivers\pmxdrv.sys
2011/08/10 12:07:45.0796 5824 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/10 12:07:45.0829 5824 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/10 12:07:45.0886 5824 psadd (c0446279cf577eff7ef2a6e0714da503) C:\Windows\system32\DRIVERS\psadd.sys
2011/08/10 12:07:45.0904 5824 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/10 12:07:45.0972 5824 qcfilterlno2k (34a8537519c22ae23e0d2041b47b577d) C:\Windows\system32\DRIVERS\qcfilterlno2k.sys
2011/08/10 12:07:46.0004 5824 qcusbnetlno2k (1ccdd1d92e6857257fcf4bef3a2251a0) C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys
2011/08/10 12:07:46.0031 5824 qcusbserlno2k (6e7c572e60553046a42c2377deeff6a9) C:\Windows\system32\DRIVERS\qcusbserlno2k.sys
2011/08/10 12:07:46.0083 5824 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/10 12:07:46.0133 5824 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/10 12:07:46.0164 5824 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/10 12:07:46.0190 5824 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/10 12:07:46.0222 5824 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/10 12:07:46.0249 5824 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/10 12:07:46.0289 5824 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/10 12:07:46.0329 5824 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/10 12:07:46.0370 5824 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/10 12:07:46.0393 5824 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/10 12:07:46.0433 5824 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/10 12:07:46.0461 5824 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/08/10 12:07:46.0486 5824 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/10 12:07:46.0514 5824 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/10 12:07:46.0543 5824 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/10 12:07:46.0583 5824 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/10 12:07:46.0637 5824 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/08/10 12:07:46.0690 5824 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/10 12:07:46.0724 5824 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
2011/08/10 12:07:46.0778 5824 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/08/10 12:07:46.0797 5824 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/10 12:07:46.0830 5824 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/10 12:07:46.0863 5824 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/08/10 12:07:47.0044 5824 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/10 12:07:47.0078 5824 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/10 12:07:47.0127 5824 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/08/10 12:07:47.0172 5824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/10 12:07:47.0231 5824 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/10 12:07:47.0259 5824 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/10 12:07:47.0282 5824 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/10 12:07:47.0324 5824 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/10 12:07:47.0350 5824 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/10 12:07:47.0374 5824 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/10 12:07:47.0400 5824 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/10 12:07:47.0443 5824 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\Windows\system32\DRIVERS\Apsx86.sys
2011/08/10 12:07:47.0468 5824 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/10 12:07:47.0506 5824 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/10 12:07:47.0530 5824 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/10 12:07:47.0570 5824 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/10 12:07:47.0627 5824 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/08/10 12:07:47.0672 5824 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/10 12:07:47.0735 5824 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/10 12:07:47.0771 5824 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/10 12:07:47.0820 5824 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/10 12:07:47.0861 5824 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/08/10 12:07:47.0894 5824 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/08/10 12:07:47.0926 5824 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/10 12:07:48.0000 5824 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/10 12:07:48.0041 5824 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/10 12:07:48.0082 5824 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/10 12:07:48.0124 5824 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/08/10 12:07:48.0162 5824 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/10 12:07:48.0224 5824 SynTP (4db524dcd5cece0349d9f8c3738da0b2) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/10 12:07:48.0319 5824 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/08/10 12:07:48.0372 5824 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/10 12:07:48.0415 5824 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/10 12:07:48.0455 5824 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/10 12:07:48.0481 5824 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/10 12:07:48.0521 5824 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/10 12:07:48.0546 5824 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/10 12:07:48.0607 5824 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\Windows\system32\DRIVERS\ApsHM86.sys
2011/08/10 12:07:48.0660 5824 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/08/10 12:07:48.0709 5824 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
2011/08/10 12:07:48.0737 5824 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/10 12:07:48.0793 5824 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/10 12:07:48.0821 5824 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/10 12:07:48.0866 5824 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\Windows\system32\DRIVERS\TurboB.sys
2011/08/10 12:07:48.0903 5824 TVTI2C (3078906e991f29305e8066911153717e) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/08/10 12:07:48.0933 5824 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/10 12:07:48.0971 5824 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/10 12:07:49.0024 5824 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/10 12:07:49.0073 5824 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/10 12:07:49.0098 5824 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/10 12:07:49.0135 5824 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/10 12:07:49.0159 5824 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/10 12:07:49.0194 5824 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
2011/08/10 12:07:49.0213 5824 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/10 12:07:49.0245 5824 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/08/10 12:07:49.0275 5824 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/10 12:07:49.0318 5824 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/10 12:07:49.0339 5824 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/08/10 12:07:49.0384 5824 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/10 12:07:49.0415 5824 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/10 12:07:49.0446 5824 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/10 12:07:49.0469 5824 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/10 12:07:49.0501 5824 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/10 12:07:49.0551 5824 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/10 12:07:49.0571 5824 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/10 12:07:49.0594 5824 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/10 12:07:49.0621 5824 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/08/10 12:07:49.0650 5824 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/10 12:07:49.0680 5824 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/10 12:07:49.0704 5824 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/10 12:07:49.0733 5824 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/10 12:07:49.0760 5824 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/10 12:07:49.0791 5824 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/10 12:07:49.0818 5824 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/10 12:07:49.0850 5824 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/10 12:07:49.0919 5824 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/10 12:07:49.0959 5824 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:07:49.0969 5824 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:07:50.0020 5824 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/10 12:07:50.0053 5824 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/10 12:07:50.0123 5824 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/10 12:07:50.0173 5824 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/10 12:07:50.0225 5824 winachsf (bc43a66ed6898f405a4acf6179a5f9b1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/10 12:07:50.0303 5824 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/08/10 12:07:50.0339 5824 wisdpen (ff17b6a01a9feb2a8d322bf369d36c96) C:\Windows\system32\DRIVERS\wisdpen.sys
2011/08/10 12:07:50.0379 5824 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/10 12:07:50.0426 5824 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/10 12:07:50.0483 5824 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/10 12:07:50.0527 5824 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/10 12:07:50.0556 5824 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/10 12:07:50.0600 5824 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/08/10 12:07:50.0661 5824 MBR (0x1B8) (bf56d034e902266187e09a4651511ae5) \Device\Harddisk0\DR0
2011/08/10 12:07:50.0675 5824 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/08/10 12:07:50.0718 5824 Boot (0x1200) (8032d666765405935ac296b2f039a9cb) \Device\Harddisk0\DR0\Partition0
2011/08/10 12:07:50.0735 5824 Boot (0x1200) (074e6889b8ed46070919eb59de3343e6) \Device\Harddisk0\DR0\Partition1
2011/08/10 12:07:50.0773 5824 Boot (0x1200) (38b3568acdc5111d71c0036958030821) \Device\Harddisk0\DR0\Partition2
2011/08/10 12:07:50.0781 5824 Boot (0x1200) (674c490606c34f50e2d4ee07dbfe4fa6) \Device\Harddisk1\DR1\Partition0
2011/08/10 12:07:50.0787 5824 ================================================================================
2011/08/10 12:07:50.0787 5824 Scan finished
2011/08/10 12:07:50.0787 5824 ================================================================================
2011/08/10 12:07:50.0797 2212 Detected object count: 0
2011/08/10 12:07:50.0797 2212 Actual detected object count: 0

#8 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 19 August 2011 - 10:58 AM

Elise;

Is there a next step or are we done?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 19 August 2011 - 11:48 AM

My apologies, I must have overlooked your reply. Can you please rerun DDS and post me the new log. Also, how are things running now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 August 2011 - 07:45 AM

Elise;

As requested, new DDS results below:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by bsullivan at 8:40:27 on 2011-08-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2996.981 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Windows\System32\xGOAKbgnd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
C:\Program Files\WebEx\Productivity Tools\ptim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Users\bsullivan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\taskeng.exe
C:\Program Files\lenovo\simpletap\simpletap.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\bsullivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\spool\DRIVERS\W32X86\3\x2jobtDI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [MmDesignPartner.exe] c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe
uRun: [PTIM.exe] c:\program files\webex\productivity tools\PTIM.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MusicManager] "c:\users\bsullivan\appdata\local\programs\google\musicmanager\MusicManager.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [OTFSDMS] c:\program files\addinforuncfat\UNCFATDMS.exe /p
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [XeroxScanUtility] c:\program files\xerox\scan_utility\xrxzipui.exe 1
mRun: [XeroxEndeavorBackgroundTask] c:\windows\system32\xGOAKbgnd.exe 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\bsulli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{A7555D9D-1338-4DFA-9855-026E46330FA5} : DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\251646963737F6E6F57457563747 : DhcpNameServer = 83.97.120.225 83.97.124.225
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\349775966496 : DhcpNameServer = 10.10.90.26 10.10.90.25
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\75946494D2845434 : DhcpNameServer = 172.29.188.201 172.29.188.202
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D42425D2835683 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EE0DC76F-55D5-4E89-AED1-8C85D42A9099}\D434F57455543545 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bsullivan\appdata\roaming\mozilla\firefox\profiles\vlqmiquq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bsullivan\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bsullivan\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-2-11 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-13 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-30 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl5624958a;MpKsl5624958a;c:\programdata\microsoft\microsoft antimalware\definition updates\{539caff6-1df0-4171-b896-20aeb1b07487}\MpKsl5624958a.sys [2011-8-24 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2011-6-17 79136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-7-1 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-3-30 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-7-30 93032]
R2 OTFSDMS;UNCFAT DMS;c:\program files\addinforuncfat\UNCFATDMS.exe [2008-6-19 129024]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-5-14 148840]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\qualcomm\qdlservice2k\QDLService2kLenovo.exe [2011-5-23 1688384]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2011-6-17 83440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-11 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-11 64952]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-2-11 2533400]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-8-11 132864]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-30 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-3-30 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-2-11 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-30 269824]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-21 7434240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2011-5-23 375296]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2011-5-23 190848]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2011-1-4 37232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-8-16 45736]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-2-11 292200]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-2-11 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-2-11 83304]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-30 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-30 1343400]
S3 WFXGRX;WFXGRX;c:\users\bsulli~1\appdata\local\temp\wfxgrx.exe --> c:\users\bsulli~1\appdata\local\temp\WFXGRX.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-11 45496]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-24 12:36:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{539caff6-1df0-4171-b896-20aeb1b07487}\MpKsl5624958a.sys
2011-08-24 12:36:05 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{539caff6-1df0-4171-b896-20aeb1b07487}\mpengine.dll
2011-08-23 20:00:30 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-23 20:00:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-20 16:24:58 40960 ----a-r- c:\users\bsullivan\appdata\roaming\microsoft\installer\{0ab76f69-e761-4cfa-b9b0-a1906b4e9e4b}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-08-20 16:24:58 -------- d-----w- c:\program files\Western Digital Technologies
2011-08-19 18:54:48 -------- d-----w- c:\users\bsullivan\appdata\local\{70843FD5-93F8-4F83-BF6B-0BAE567DB890}
2011-08-19 13:45:58 -------- d-----w- c:\users\bsullivan\appdata\local\{7B44E5F6-C52F-4BE7-9775-E5D31500B7EA}
2011-08-19 13:45:31 -------- d-----w- c:\users\bsullivan\appdata\local\{E96AC3D7-0805-4C32-9796-546F3E241EE5}
2011-08-19 13:44:24 -------- d-----w- c:\users\bsullivan\appdata\local\{DDF9B1FB-11B7-4076-A928-AEF888244631}
2011-08-19 13:44:13 -------- d-----w- c:\users\bsullivan\appdata\local\{0A49AA52-548B-437D-A4BB-83571B3818DE}
2011-08-19 13:02:13 -------- d-----w- c:\users\bsullivan\appdata\local\{2491A8F0-7F4D-4B13-88F2-0081C2692B6B}
2011-08-16 15:40:48 45736 ----a-w- c:\windows\system32\drivers\btusbflt.sys
2011-08-16 15:18:16 712576 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-15 19:35:31 -------- d-----w- c:\programdata\Emicsoft Studio
2011-08-11 12:59:39 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-08-11 12:59:39 1346608 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-08-11 12:59:39 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-08-11 12:59:38 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-08-11 12:58:38 132864 ----a-w- c:\windows\system32\drivers\5U877.sys
2011-08-11 12:58:38 126976 ----a-w- c:\windows\system32\5U877.ax
2011-08-11 12:58:38 106496 ----a-w- c:\windows\system32\5U877.dll
2011-08-11 12:57:52 -------- d-----w- c:\program files\QUALCOMM
2011-08-11 12:34:12 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{09145c47-e83a-4a2f-993b-66af4cbb6078}\gapaengine.dll
2011-08-11 12:31:58 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-03 19:14:16 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-03 19:14:16 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-03 19:14:15 -------- d-----w- C:\prntdrvr
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\25\x5print.dll
2011-08-03 18:16:19 10240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\24\x5print.dll
2011-08-02 22:58:53 -------- d-----w- c:\users\bsullivan\appdata\local\CUSTPDF Writer
2011-08-02 22:58:26 86016 ----a-w- c:\windows\system32\custmon32.dll
2011-08-02 22:58:23 -------- d-----w- c:\program files\SmartDraw 2007
2011-08-02 21:57:54 -------- d-----w- c:\windows\system32\appmgmt
2011-08-02 21:37:27 32768 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
2011-08-02 21:37:27 11264 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\Xrprt_b.dll
2011-08-02 21:24:59 -------- d-----w- C:\Xerox
2011-08-02 20:47:43 -------- d-----w- c:\programdata\AMMYY
2011-08-02 20:39:36 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-08-02 20:38:34 103864 ------w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-08-02 18:46:35 6792528 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-02 18:46:31 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8d82d135-bce9-4254-a7ca-54049c8bbf9b}\mpengine.dll
2011-08-02 18:17:27 -------- d-----w- C:\$RECYCLE.BIN
2011-08-02 18:15:37 -------- d-----w- c:\users\bsullivan\appdata\local\temp
2011-08-02 17:34:07 -------- d-----w- c:\program files\ESET
2011-08-01 23:05:12 -------- d-----w- c:\users\bsullivan\appdata\roaming\SUPERAntiSpyware.com
2011-08-01 23:05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 23:03:43 -------- d-----w- c:\users\bsullivan\appdata\roaming\Malwarebytes
2011-08-01 23:03:40 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 22:23:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 21:47:49 65536 --sha-r- c:\windows\system32\wiashexti.dll
2011-07-29 21:56:12 6881616 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-27 10:30:40 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
.
==================== Find3M ====================
.
2011-08-16 15:40:44 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-08-16 15:40:44 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-08-16 15:40:44 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-18 18:37:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 07:01:00 820584 ------w- c:\windows\system32\PWMCP32V.cpl
2011-06-02 07:01:00 517480 ------w- c:\windows\PWMBTHLV.EXE
2011-06-02 07:01:00 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-06-02 07:01:00 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-06-01 19:43:06 8198936 ----a-w- c:\windows\system32\TVWSetup.exe
2011-06-01 19:43:06 4699416 ----a-w- c:\windows\system32\GfxUI.exe
2011-06-01 19:43:06 267544 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-06-01 19:43:06 187672 ----a-w- c:\windows\system32\igfxext.exe
2011-06-01 19:43:06 177432 ----a-w- c:\windows\system32\hkcmd.exe
2011-06-01 19:43:06 176408 ----a-w- c:\windows\system32\igfxpers.exe
2011-06-01 19:43:06 143640 ----a-w- c:\windows\system32\igfxtray.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD32 rev.02.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8301D000]<< >>UNKNOWN [0x8B9C3000]<< >>UNKNOWN [0x8B9B2000]<< >>UNKNOWN [0x8B223000]<< >>UNKNOWN [0x8342F000]<< >>UNKNOWN [0x8B432000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8305452A] -> \Device\Harddisk0\DR0[0x87E01648]
\Driver\Disk[0x87DFCBF0] -> IRP_MJ_CREATE -> 0x8B9C739F
3 [0x8B9C759E] -> ntkrnlpa!IofCallDriver[0x8305452A] -> [0x86686958]
\Driver\ACPI[0x858E0D08] -> IRP_MJ_CREATE -> 0x8B22C4CC
5 [0x8B22C3D4] -> ntkrnlpa!IofCallDriver[0x8305452A] -> \Device\Ide\IAAStorageDevice-1[0x86671028]
\Driver\iaStor[0x8666D658] -> IRP_MJ_CREATE -> 0x8B45509C
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
copy of MBR has been found in sector 8 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:41:01.85 ===============

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 24 August 2011 - 08:00 AM

That still seems to detect a rootkit. Please delete any old copy of combofix you may still have on your computer.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 25 August 2011 - 08:59 AM

Latest Combofix results:

ComboFix 11-08-24.06 - bsullivan 08/25/2011 8:50.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2996.1571 [GMT -4:00]
Running from: c:\users\bsullivan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\settings.bin
c:\programdata\PCDr\5849\AddOnDownloaded\08503421-0e5d-44bc-9797-89954abcf6ff.dll
c:\programdata\PCDr\5849\AddOnDownloaded\44f70218-ad19-47a4-ac5e-007d247abe0f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\4ab76655-9a01-4a2f-b4dc-226350587a29.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\a6dab7e8-9159-49a5-9681-40f16e907a98.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd8a6c4b-79e3-4200-98d7-b7e5061342d1.dll
c:\programdata\Roaming
c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-25 12:57 . 2011-08-25 12:57 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A480CD-7979-4037-BE0E-731835DE09B3}\MpKslded28ee9.sys
2011-08-25 12:56 . 2011-08-25 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-25 12:56 . 2011-08-25 12:56 -------- d-----w- c:\users\Brian\AppData\Local\temp
2011-08-25 12:48 . 2011-08-25 12:48 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A480CD-7979-4037-BE0E-731835DE09B3}\MpKsl3d30fba6.sys
2011-08-25 12:48 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A480CD-7979-4037-BE0E-731835DE09B3}\mpengine.dll
2011-08-24 12:31 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:00 . 2011-08-23 20:00 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 20:00 . 2011-08-23 20:00 476904 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-08-23 20:00 . 2011-08-23 20:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-23 20:00 . 2011-08-23 20:00 -------- d-----w- c:\program files\Java
2011-08-20 16:24 . 2011-08-20 16:24 40960 ----a-r- c:\users\bsullivan\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2011-08-20 16:24 . 2011-08-20 16:24 -------- d-----w- c:\program files\Western Digital Technologies
2011-08-16 15:40 . 2011-08-16 15:40 45736 ----a-w- c:\windows\system32\drivers\btusbflt.sys
2011-08-16 15:18 . 2010-12-29 10:26 712576 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-15 19:35 . 2011-08-15 19:35 -------- d-----w- c:\programdata\Emicsoft Studio
2011-08-11 12:59 . 2011-05-20 01:06 1346608 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-08-11 12:59 . 2011-05-20 01:05 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-08-11 12:59 . 2011-05-20 01:05 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-08-11 12:59 . 2011-05-20 01:05 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-08-11 12:58 . 2011-05-23 19:44 106496 ----a-w- c:\windows\system32\5U877.dll
2011-08-11 12:58 . 2011-05-23 19:33 126976 ----a-w- c:\windows\system32\5U877.ax
2011-08-11 12:58 . 2011-05-23 19:31 132864 ----a-w- c:\windows\system32\drivers\5U877.sys
2011-08-11 12:57 . 2011-08-11 12:57 -------- d-----w- c:\program files\QUALCOMM
2011-08-11 12:34 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09145C47-E83A-4A2F-993B-66AF4CBB6078}\gapaengine.dll
2011-08-11 12:31 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-08 18:22 . 2011-08-08 18:22 -------- d-----w- c:\users\bsullivan\AppData\Roaming\Leadertech
2011-08-03 19:14 . 2005-09-23 03:05 626688 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-03 19:14 . 2005-09-23 03:05 548864 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-03 19:14 . 2011-08-03 19:14 -------- d-----w- C:\prntdrvr
2011-08-03 18:16 . 2011-06-10 16:10 10240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\25\x5print.dll
2011-08-03 18:16 . 2011-06-10 16:10 10240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\24\x5print.dll
2011-08-02 22:58 . 2011-08-10 20:57 -------- d-----w- c:\users\bsullivan\AppData\Local\CUSTPDF Writer
2011-08-02 22:58 . 2007-03-27 13:47 86016 ----a-w- c:\windows\system32\custmon32.dll
2011-08-02 22:58 . 2011-08-02 22:58 -------- d-----w- c:\program files\SmartDraw 2007
2011-08-02 21:37 . 2009-07-17 14:07 11264 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\Xrprt_b.dll
2011-08-02 21:24 . 2011-08-03 19:23 -------- d-----w- C:\Xerox
2011-08-02 20:39 . 2009-08-20 03:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-08-02 20:38 . 2011-06-07 16:35 103864 ------w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
2011-08-02 18:46 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D82D135-BCE9-4254-A7CA-54049C8BBF9B}\mpengine.dll
2011-08-02 18:15 . 2011-08-25 12:58 -------- d-----w- c:\users\bsullivan\AppData\Local\temp
2011-08-02 17:34 . 2011-08-02 17:34 -------- d-----w- c:\program files\ESET
2011-08-01 23:05 . 2011-08-01 23:05 -------- d-----w- c:\users\bsullivan\AppData\Roaming\SUPERAntiSpyware.com
2011-08-01 23:05 . 2011-08-01 23:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-01 23:03 . 2011-08-01 23:03 -------- d-----w- c:\users\bsullivan\AppData\Roaming\Malwarebytes
2011-08-01 23:03 . 2011-08-01 23:03 -------- d-----w- c:\programdata\Malwarebytes
2011-08-01 22:23 . 2011-08-02 22:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-01 21:47 . 2011-08-01 21:47 65536 --sha-r- c:\windows\system32\wiashexti.dll
2011-07-29 21:56 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-27 10:30 . 2011-07-27 10:30 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 15:40 . 2011-03-30 22:34 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-08-16 15:40 . 2011-03-30 22:34 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-08-16 15:40 . 2011-03-30 22:34 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-08-12 02:44 . 2011-04-01 14:57 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-18 18:37 . 2011-05-18 12:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 17:26 . 2011-07-18 17:26 53248 ----a-r- c:\users\bsullivan\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-06-11 02:29 . 2011-07-13 04:48 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 07:01 . 2011-02-11 04:35 517480 ------w- c:\windows\PWMBTHLV.EXE
2011-06-02 07:01 . 2011-02-11 04:35 820584 ------w- c:\windows\system32\PWMCP32V.cpl
2011-06-02 07:01 . 2011-02-11 04:35 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2011-06-02 07:01 . 2011-02-11 04:35 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2011-06-01 19:42 . 2011-02-11 04:33 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-06-01 19:42 . 2010-11-29 08:39 9030656 ----a-w- c:\windows\system32\igfxress.dll
2011-06-01 19:42 . 2011-02-11 04:33 6294016 ----a-w- c:\windows\system32\igdumd32.dll
2011-06-01 19:42 . 2011-02-11 04:33 577024 ----a-w- c:\windows\system32\igdumdx32.dll
2011-06-01 19:42 . 2011-02-11 04:33 12310016 ----a-w- c:\windows\system32\igd10umd32.dll
2011-06-01 19:42 . 2011-02-11 04:33 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-08-17 17:28 . 2011-03-31 01:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MmDesignPartner.exe"="c:\program files\Mindjet\MindManager 8\MmDesignPartner.exe" [2009-12-07 12640]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2011-06-02 405816]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"MusicManager"="c:\users\bsullivan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-05-20 2270504]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-10-28 468328]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-06-02 1258856]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-12-07 38240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"OTFSDMS"="c:\program files\AddinForUNCFAT\UNCFATDMS.exe" [2008-06-19 129024]
"XeroxScanUtility"="c:\program files\Xerox\Scan_Utility\xrxzipui.exe" [2009-06-10 2310144]
"XeroxEndeavorBackgroundTask"="c:\windows\system32\xGOAKbgnd.exe" [2009-06-03 95744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 176408]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]
.
c:\users\bsullivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-20 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 804128]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-2-11 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 23:46 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl0e35efe3;MpKsl0e35efe3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA0D091B-9DA2-4EA4-B19B-C3233FF6D050}\MpKsl0e35efe3.sys [x]
R1 MpKsl2cfe8f4b;MpKsl2cfe8f4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{427FA3B0-C659-4DB1-BCD7-B590B6EDE90F}\MpKsl2cfe8f4b.sys [x]
R1 MpKsl30b65c22;MpKsl30b65c22;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19C72BE4-83E7-4CB3-8693-3A2B19625ECA}\MpKsl30b65c22.sys [x]
R1 MpKsl314d385c;MpKsl314d385c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{656CE06F-384B-4DDC-A5EE-45FF1D46A6A7}\MpKsl314d385c.sys [x]
R1 MpKsl34dd1ea7;MpKsl34dd1ea7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DDCCE5F-6670-4BDE-8B94-FB1A3B0F2EC2}\MpKsl34dd1ea7.sys [x]
R1 MpKsl45f349cf;MpKsl45f349cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{668353B6-3E70-4E9A-B9B5-A2B7A627FEB3}\MpKsl45f349cf.sys [x]
R1 MpKsl48e347b9;MpKsl48e347b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10ADEDD3-F2C9-4E94-9F2A-EA458C8DF908}\MpKsl48e347b9.sys [x]
R1 MpKsl5624958a;MpKsl5624958a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{539CAFF6-1DF0-4171-B896-20AEB1B07487}\MpKsl5624958a.sys [x]
R1 MpKsl646c7551;MpKsl646c7551;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E29A14D-E1B9-4481-90CB-9D76726A022C}\MpKsl646c7551.sys [x]
R1 MpKsl65d6ce0f;MpKsl65d6ce0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26EAF921-6429-40FE-BF42-499E7AC86DB8}\MpKsl65d6ce0f.sys [x]
R1 MpKsl74187c5c;MpKsl74187c5c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{602F124A-4BE7-4A95-94AF-B8675089690A}\MpKsl74187c5c.sys [x]
R1 MpKsl7f6e83fb;MpKsl7f6e83fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11D759BD-5CC7-4475-952A-B964EDA22425}\MpKsl7f6e83fb.sys [x]
R1 MpKsl82fefd9c;MpKsl82fefd9c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3D98548-DC49-4879-B442-F7F3242919C6}\MpKsl82fefd9c.sys [x]
R1 MpKsl869db75d;MpKsl869db75d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B53BE79D-B99D-450A-B0A3-A2071B72D633}\MpKsl869db75d.sys [x]
R1 MpKsl93f1df00;MpKsl93f1df00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0015A58D-CD94-466E-BDD1-DC67FBBDEFD1}\MpKsl93f1df00.sys [x]
R1 MpKsl9c58d34a;MpKsl9c58d34a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FB607E3-F8DF-4EAC-AC9E-BBFDA3EB8B1B}\MpKsl9c58d34a.sys [x]
R1 MpKsla94fec0d;MpKsla94fec0d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BE03EE-B536-48C0-A8BA-256F2AF49B8A}\MpKsla94fec0d.sys [x]
R1 MpKslca1e96ef;MpKslca1e96ef;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D9D9217-76CD-4089-B5F0-DD8D64FDACF9}\MpKslca1e96ef.sys [x]
R1 MpKslf4377bdf;MpKslf4377bdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1071B8B-5619-4D61-AB65-59B281C470F7}\MpKslf4377bdf.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\BSULLI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\BSULLI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-08-16 45736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-06-02 292200]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-02-11 816792]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-30 1343400]
R3 WFXGRX;WFXGRX;c:\users\BSULLI~1\AppData\Local\Temp\WFXGRX.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-06-02 25968]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 MpKsl3d30fba6;MpKsl3d30fba6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A480CD-7979-4037-BE0E-731835DE09B3}\MpKsl3d30fba6.sys [2011-08-25 28752]
S1 MpKslded28ee9;MpKslded28ee9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A480CD-7979-4037-BE0E-731835DE09B3}\MpKslded28ee9.sys [2011-08-25 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 OTFSDMS;UNCFAT DMS;c:\program files\AddinForUNCFAT\UNCFATDMS.exe [2008-06-19 129024]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2011-05-23 1688384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-30 29472]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [2010-06-25 5248]
S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [2011-05-23 375296]
S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [2011-05-23 190848]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2011-01-04 37232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDED28EE9
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046199981-3511545163-2109793127-1638Core.job
- c:\users\bsullivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 21:35]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4046199981-3511545163-2109793127-1638UA.job
- c:\users\bsullivan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 21:35]
.
2011-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2011-08-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2011-08-25 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-04-19 13:53]
.
2011-08-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.75.10 192.168.75.12 10.22.170.12
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\users\bsullivan\AppData\Roaming\Mozilla\Firefox\Profiles\vlqmiquq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(688)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(2852)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\lenovo\simpletap\simpletap.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\windows\system32\taskhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-08-25 09:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 13:02
ComboFix2.txt 2011-08-02 18:20
.
Pre-Run: 185,388,158,976 bytes free
Post-Run: 185,193,250,816 bytes free
.
- - End Of File - - EEF466688B06E1650953B8D19E9520A4

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 25 August 2011 - 09:07 AM

Hi, that looks better. How are things running now, what problems do you still have left?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,977 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 28 August 2011 - 04:18 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 sullivbt

sullivbt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 28 August 2011 - 09:06 AM

The computer seems to be running fine, I just still have that printer install issue. Do you think that is fixable?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users