Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being Redirected


  • This topic is locked This topic is locked
63 replies to this topic

#1 haggs

haggs

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 25 October 2011 - 10:48 AM

Found this forum searching for answers to the problem I'm having. Basically when I google anything and click on the link from the searches that were brought up the link starts to load and then gets re-directed to other sites....like www.get-answers-fast.com, or another website that starts with some sort of IP address like 69, or something else. The only way to stay on the link that I'm searching for is to hit enter right away before being re-directed.

I tried downloading superantispyware.com (the free one). I saved it to my desktop but every time I run a system scan it runs for like 5 seconds and then the whole software just quits.

Not sure what I need to do to fix this.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:59 AM

Posted 25 October 2011 - 11:18 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 25 October 2011 - 12:16 PM

I got to step 8 and started the gmer scan but the scan suddenly quit before completing.

Here is the copy of my dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Brian at 12:29:06 on 2011-10-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1292 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\4132789110:2309270025.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LG Electronics\LGE LTE Driver\vmsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Brian\Desktop\SASCORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.swagbucks.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\documents and settings\brian\desktop\SUPERAntiSpyware.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\brian\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{01A379B8-E707-4E8E-B3FC-C0ADC3C87E15} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\documents and settings\brian\desktop\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\brian\desktop\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brian\application data\mozilla\firefox\profiles\sayxtbis.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\documents and settings\brian\desktop\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\brian\desktop\SASKUTIL.SYS [2011-7-12 67664]
R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\lg electronics\lge lte driver\vmsvc.exe [2010-10-11 238008]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-25 64512]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\LGELTEBus.sys [2011-1-8 33408]
S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\LGELTEmdm.sys [2011-1-8 101888]
S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\LGELTEMux.sys [2011-1-8 38144]
S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\LGELTENdis.sys [2011-1-8 49408]
S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\LGELTEprt.sys [2011-1-8 102784]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2011-7-18 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2011-7-18 105984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
.
=============== Created Last 30 ================
.
2011-10-25 15:19:57 -------- d-----w- c:\documents and settings\brian\application data\SUPERAntiSpyware.com
2011-10-25 15:19:10 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-25 14:24:30 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-25 14:21:59 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-25 13:36:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-25 13:36:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-25 02:18:04 -------- d-----w- c:\program files\Lavasoft
2011-10-19 15:00:06 -------- d-sh--w- c:\documents and settings\brian\local settings\application data\765b55f6
.
==================== Find3M ====================
.
2011-10-25 13:38:32 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 12:30:25.23 ===============

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 29 October 2011 - 03:45 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Please download DummyCreator.zip]DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\WINDOWS\4132789110
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • DummyCreator log
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 01 November 2011 - 07:52 PM

There were two malwayre 'rootkit' found. Only one was able to 'cure' and the other I 'skipped'. Here is the log:

20:43:08.0203 5548 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
20:43:09.0031 5548 ============================================================
20:43:09.0031 5548 Current date / time: 2011/11/01 20:43:09.0031
20:43:09.0031 5548 SystemInfo:
20:43:09.0031 5548
20:43:09.0031 5548 OS Version: 5.1.2600 ServicePack: 3.0
20:43:09.0031 5548 Product type: Workstation
20:43:09.0031 5548 ComputerName: BHAGERMAN
20:43:09.0031 5548 UserName: Brian
20:43:09.0031 5548 Windows directory: C:\WINDOWS
20:43:09.0031 5548 System windows directory: C:\WINDOWS
20:43:09.0031 5548 Processor architecture: Intel x86
20:43:09.0031 5548 Number of processors: 2
20:43:09.0031 5548 Page size: 0x1000
20:43:09.0031 5548 Boot type: Normal boot
20:43:09.0031 5548 ============================================================
20:43:14.0703 5548 Initialize success
20:43:29.0375 4604 ============================================================
20:43:29.0375 4604 Scan started
20:43:29.0375 4604 Mode: Manual;
20:43:29.0375 4604 ============================================================
20:43:41.0156 4604 765b55f6 ( Rootkit.Win32.PMax.gen ) - infected
20:43:41.0156 4604 765b55f6 - detected Rootkit.Win32.PMax.gen (0)
20:43:41.0343 4604 Abiosdsk - ok
20:43:41.0437 4604 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:43:41.0437 4604 abp480n5 - ok
20:43:41.0453 4604 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
20:43:41.0453 4604 ac97intc - ok
20:43:41.0531 4604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:43:41.0531 4604 ACPI - ok
20:43:41.0546 4604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:43:41.0546 4604 ACPIEC - ok
20:43:41.0906 4604 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:43:41.0906 4604 ADIHdAudAddService - ok
20:43:41.0953 4604 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:43:41.0968 4604 adpu160m - ok
20:43:41.0984 4604 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
20:43:41.0984 4604 AEAudioService - ok
20:43:42.0031 4604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:43:42.0031 4604 aec - ok
20:43:42.0109 4604 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:43:42.0109 4604 AegisP - ok
20:43:42.0171 4604 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:43:42.0171 4604 AFD - ok
20:43:42.0218 4604 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
20:43:42.0234 4604 AFS2K - ok
20:43:42.0312 4604 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:43:42.0312 4604 agp440 - ok
20:43:42.0328 4604 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:43:42.0328 4604 agpCPQ - ok
20:43:42.0343 4604 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:43:42.0343 4604 Aha154x - ok
20:43:42.0421 4604 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:43:42.0421 4604 aic78u2 - ok
20:43:42.0437 4604 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:43:42.0437 4604 aic78xx - ok
20:43:42.0437 4604 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:43:42.0453 4604 AliIde - ok
20:43:42.0453 4604 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:43:42.0453 4604 alim1541 - ok
20:43:42.0468 4604 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:43:42.0468 4604 amdagp - ok
20:43:42.0484 4604 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:43:42.0484 4604 amsint - ok
20:43:42.0500 4604 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:43:42.0500 4604 asc - ok
20:43:42.0515 4604 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:43:42.0515 4604 asc3350p - ok
20:43:42.0515 4604 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:43:42.0531 4604 asc3550 - ok
20:43:42.0562 4604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:43:42.0578 4604 AsyncMac - ok
20:43:42.0640 4604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:43:42.0640 4604 atapi - ok
20:43:42.0765 4604 Atdisk - ok
20:43:42.0953 4604 ati2mtag (6fdb638e0921d99a48ec4ae52071173c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:43:42.0984 4604 ati2mtag - ok
20:43:43.0156 4604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:43:43.0156 4604 Atmarpc - ok
20:43:43.0203 4604 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
20:43:43.0203 4604 atmeltpm - ok
20:43:43.0234 4604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:43:43.0234 4604 audstub - ok
20:43:43.0250 4604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:43:43.0250 4604 Beep - ok
20:43:43.0343 4604 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:43:43.0343 4604 BTKRNL - ok
20:43:43.0453 4604 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
20:43:43.0453 4604 BTWUSB - ok
20:43:43.0468 4604 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:43:43.0468 4604 cbidf - ok
20:43:43.0468 4604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:43:43.0468 4604 cbidf2k - ok
20:43:43.0484 4604 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:43:43.0484 4604 cd20xrnt - ok
20:43:43.0515 4604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:43:43.0515 4604 Cdaudio - ok
20:43:43.0546 4604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:43:43.0546 4604 Cdfs - ok
20:43:43.0562 4604 Cdrom (1aa54c43ae9817c0a332a1d851c76f98) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:43:43.0562 4604 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 1aa54c43ae9817c0a332a1d851c76f98, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
20:43:43.0562 4604 Cdrom ( Rootkit.Win32.ZAccess.e ) - infected
20:43:43.0562 4604 Cdrom - detected Rootkit.Win32.ZAccess.e (0)
20:43:43.0578 4604 Changer - ok
20:43:43.0593 4604 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:43:43.0593 4604 CmBatt - ok
20:43:43.0609 4604 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:43:43.0609 4604 CmdIde - ok
20:43:43.0609 4604 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:43:43.0609 4604 Compbatt - ok
20:43:43.0625 4604 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:43:43.0625 4604 Cpqarray - ok
20:43:43.0671 4604 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:43:43.0671 4604 dac2w2k - ok
20:43:43.0718 4604 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:43:43.0718 4604 dac960nt - ok
20:43:43.0750 4604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:43:43.0750 4604 Disk - ok
20:43:43.0796 4604 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:43:43.0796 4604 DLABOIOM - ok
20:43:43.0812 4604 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:43:43.0812 4604 DLACDBHM - ok
20:43:43.0828 4604 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
20:43:43.0828 4604 DLADResN - ok
20:43:43.0843 4604 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:43:43.0843 4604 DLAIFS_M - ok
20:43:43.0859 4604 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:43:43.0859 4604 DLAOPIOM - ok
20:43:43.0859 4604 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:43:43.0859 4604 DLAPoolM - ok
20:43:43.0875 4604 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
20:43:43.0875 4604 DLARTL_N - ok
20:43:43.0890 4604 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:43:43.0890 4604 DLAUDFAM - ok
20:43:43.0906 4604 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:43:43.0906 4604 DLAUDF_M - ok
20:43:43.0968 4604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:43:43.0984 4604 dmboot - ok
20:43:44.0093 4604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:43:44.0093 4604 dmio - ok
20:43:44.0125 4604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:43:44.0125 4604 dmload - ok
20:43:44.0187 4604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:43:44.0187 4604 DMusic - ok
20:43:44.0203 4604 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:43:44.0203 4604 dpti2o - ok
20:43:44.0218 4604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:43:44.0218 4604 drmkaud - ok
20:43:44.0234 4604 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:43:44.0234 4604 DRVMCDB - ok
20:43:44.0250 4604 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:43:44.0250 4604 DRVNDDM - ok
20:43:44.0265 4604 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:43:44.0265 4604 E100B - ok
20:43:44.0328 4604 e1express (b1e9161ba28d5b826e49a1d0ded7fcc4) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:43:44.0328 4604 e1express - ok
20:43:44.0406 4604 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
20:43:44.0406 4604 EGATHDRV - ok
20:43:44.0468 4604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:43:44.0484 4604 Fastfat - ok
20:43:44.0484 4604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:43:44.0484 4604 Fdc - ok
20:43:44.0515 4604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:43:44.0515 4604 Fips - ok
20:43:44.0531 4604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:43:44.0531 4604 Flpydisk - ok
20:43:44.0625 4604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:43:44.0625 4604 FltMgr - ok
20:43:44.0718 4604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:43:44.0718 4604 Fs_Rec - ok
20:43:44.0734 4604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:43:44.0734 4604 Ftdisk - ok
20:43:44.0765 4604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:43:44.0765 4604 Gpc - ok
20:43:44.0796 4604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:43:44.0796 4604 HDAudBus - ok
20:43:44.0875 4604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:43:44.0875 4604 HidUsb - ok
20:43:44.0906 4604 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:43:44.0906 4604 hpn - ok
20:43:44.0968 4604 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:43:44.0968 4604 HSFHWAZL - ok
20:43:45.0046 4604 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:43:45.0062 4604 HSF_DPV - ok
20:43:45.0125 4604 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
20:43:45.0125 4604 HSXHWAZL - ok
20:43:45.0234 4604 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:43:45.0234 4604 HTTP - ok
20:43:45.0312 4604 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:43:45.0312 4604 i2omgmt - ok
20:43:45.0328 4604 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:43:45.0328 4604 i2omp - ok
20:43:45.0390 4604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:43:45.0390 4604 i8042prt - ok
20:43:45.0453 4604 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:43:45.0468 4604 iaStor - ok
20:43:45.0546 4604 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:43:45.0546 4604 IBMPMDRV - ok
20:43:45.0578 4604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:43:45.0578 4604 Imapi - ok
20:43:45.0625 4604 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:43:45.0625 4604 ini910u - ok
20:43:45.0625 4604 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:43:45.0640 4604 IntelIde - ok
20:43:45.0656 4604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:43:45.0656 4604 intelppm - ok
20:43:45.0671 4604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:43:45.0671 4604 Ip6Fw - ok
20:43:45.0703 4604 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:43:45.0703 4604 IpFilterDriver - ok
20:43:45.0765 4604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:43:45.0765 4604 IpInIp - ok
20:43:45.0796 4604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:43:45.0812 4604 IpNat - ok
20:43:45.0828 4604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:43:45.0828 4604 IPSec - ok
20:43:45.0843 4604 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:43:45.0843 4604 irda - ok
20:43:45.0875 4604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:43:45.0875 4604 IRENUM - ok
20:43:45.0890 4604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:43:45.0890 4604 isapnp - ok
20:43:45.0906 4604 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
20:43:45.0906 4604 Iviaspi - ok
20:43:45.0953 4604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:43:45.0953 4604 Kbdclass - ok
20:43:46.0000 4604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:43:46.0000 4604 kbdhid - ok
20:43:46.0031 4604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:43:46.0046 4604 kmixer - ok
20:43:46.0093 4604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:43:46.0093 4604 KSecDD - ok
20:43:46.0218 4604 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:43:46.0218 4604 Lavasoft Kernexplorer - ok
20:43:46.0343 4604 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:43:46.0343 4604 Lbd - ok
20:43:46.0390 4604 lbrtfdc - ok
20:43:46.0421 4604 LGELTEBus (f95a4b64d95764485bb26f96f67bd57c) C:\WINDOWS\system32\DRIVERS\LGELTEBus.sys
20:43:46.0421 4604 LGELTEBus - ok
20:43:46.0437 4604 LGELTEmdm (93eabd9d1bb563497ebd5b7cdc2cd7b2) C:\WINDOWS\system32\DRIVERS\LGELTEmdm.sys
20:43:46.0437 4604 LGELTEmdm - ok
20:43:46.0453 4604 LGELTEMux (801a0828f2c64d6f3520800e1d21366a) C:\WINDOWS\system32\DRIVERS\LGELTEMux.sys
20:43:46.0453 4604 LGELTEMux - ok
20:43:46.0468 4604 LGELTENdis (e80e56bf9b534ac7cd4432b2ee0f0aea) C:\WINDOWS\system32\DRIVERS\LGELTENdis.sys
20:43:46.0468 4604 LGELTENdis - ok
20:43:46.0484 4604 LGELTEprt (8849536f03bf80954c7669a44c653554) C:\WINDOWS\system32\DRIVERS\LGELTEprt.sys
20:43:46.0500 4604 LGELTEprt - ok
20:43:46.0546 4604 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:43:46.0546 4604 mdmxsdk - ok
20:43:46.0593 4604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:43:46.0593 4604 mnmdd - ok
20:43:46.0625 4604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:43:46.0625 4604 Modem - ok
20:43:46.0687 4604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:43:46.0687 4604 Mouclass - ok
20:43:46.0734 4604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:43:46.0734 4604 mouhid - ok
20:43:46.0765 4604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:43:46.0765 4604 MountMgr - ok
20:43:46.0765 4604 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:43:46.0781 4604 mraid35x - ok
20:43:46.0781 4604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:43:46.0796 4604 MRxDAV - ok
20:43:46.0843 4604 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:43:46.0859 4604 MRxSmb - ok
20:43:46.0921 4604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:43:46.0921 4604 Msfs - ok
20:43:46.0968 4604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:43:46.0968 4604 MSKSSRV - ok
20:43:46.0984 4604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:43:46.0984 4604 MSPCLOCK - ok
20:43:47.0000 4604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:43:47.0000 4604 MSPQM - ok
20:43:47.0046 4604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:43:47.0046 4604 mssmbios - ok
20:43:47.0078 4604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:43:47.0078 4604 Mup - ok
20:43:47.0109 4604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:43:47.0125 4604 NDIS - ok
20:43:47.0156 4604 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:43:47.0156 4604 NdisTapi - ok
20:43:47.0218 4604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:43:47.0218 4604 Ndisuio - ok
20:43:47.0234 4604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:43:47.0234 4604 NdisWan - ok
20:43:47.0265 4604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:43:47.0265 4604 NDProxy - ok
20:43:47.0281 4604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:43:47.0281 4604 NetBIOS - ok
20:43:47.0328 4604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:43:47.0328 4604 NetBT - ok
20:43:47.0453 4604 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:43:47.0500 4604 NETw3x32 - ok
20:43:47.0843 4604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:43:47.0843 4604 Npfs - ok
20:43:47.0859 4604 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:43:47.0859 4604 NSCIRDA - ok
20:43:47.0906 4604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:43:47.0921 4604 Ntfs - ok
20:43:47.0984 4604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:43:47.0984 4604 Null - ok
20:43:48.0109 4604 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:43:48.0156 4604 nv - ok
20:43:48.0281 4604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:43:48.0281 4604 NwlnkFlt - ok
20:43:48.0296 4604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:43:48.0296 4604 NwlnkFwd - ok
20:43:48.0312 4604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:43:48.0312 4604 Parport - ok
20:43:48.0328 4604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:43:48.0328 4604 PartMgr - ok
20:43:48.0359 4604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:43:48.0359 4604 ParVdm - ok
20:43:48.0453 4604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:43:48.0453 4604 PCI - ok
20:43:48.0468 4604 PCIDump - ok
20:43:48.0500 4604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:43:48.0500 4604 PCIIde - ok
20:43:48.0515 4604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:43:48.0515 4604 Pcmcia - ok
20:43:48.0531 4604 PDCOMP - ok
20:43:48.0546 4604 PDFRAME - ok
20:43:48.0546 4604 PDRELI - ok
20:43:48.0562 4604 PDRFRAME - ok
20:43:48.0578 4604 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:43:48.0578 4604 perc2 - ok
20:43:48.0593 4604 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:43:48.0593 4604 perc2hib - ok
20:43:48.0640 4604 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
20:43:48.0640 4604 pmem - ok
20:43:48.0703 4604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:43:48.0703 4604 PptpMiniport - ok
20:43:48.0828 4604 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
20:43:48.0843 4604 PrivateDisk - ok
20:43:48.0875 4604 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
20:43:48.0875 4604 PROCDD - ok
20:43:48.0906 4604 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:43:48.0906 4604 Processor - ok
20:43:48.0953 4604 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
20:43:48.0953 4604 psadd - ok
20:43:49.0109 4604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:43:49.0109 4604 PSched - ok
20:43:49.0125 4604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:43:49.0140 4604 Ptilink - ok
20:43:49.0187 4604 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:43:49.0187 4604 PxHelp20 - ok
20:43:49.0218 4604 qcserxp (1cba8870f17897e58df295012979c139) C:\WINDOWS\system32\DRIVERS\qcserxp.sys
20:43:49.0234 4604 qcserxp - ok
20:43:49.0296 4604 qcusbser (6dfe5154fcbbd8aab262afe5675a5929) C:\WINDOWS\system32\DRIVERS\qcmdmxp.sys
20:43:49.0296 4604 qcusbser - ok
20:43:49.0343 4604 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:43:49.0343 4604 ql1080 - ok
20:43:49.0359 4604 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:43:49.0359 4604 Ql10wnt - ok
20:43:49.0375 4604 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:43:49.0375 4604 ql12160 - ok
20:43:49.0375 4604 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:43:49.0390 4604 ql1240 - ok
20:43:49.0390 4604 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:43:49.0406 4604 ql1280 - ok
20:43:49.0421 4604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:43:49.0421 4604 RasAcd - ok
20:43:49.0468 4604 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:43:49.0468 4604 Rasirda - ok
20:43:49.0500 4604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:43:49.0500 4604 Rasl2tp - ok
20:43:49.0515 4604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:43:49.0515 4604 RasPppoe - ok
20:43:49.0546 4604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:43:49.0546 4604 Raspti - ok
20:43:49.0609 4604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:43:49.0609 4604 Rdbss - ok
20:43:49.0625 4604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:43:49.0625 4604 RDPCDD - ok
20:43:49.0640 4604 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:43:49.0640 4604 rdpdr - ok
20:43:49.0703 4604 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:43:49.0703 4604 RDPWD - ok
20:43:49.0843 4604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:43:49.0859 4604 redbook - ok
20:43:49.0921 4604 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:43:49.0921 4604 s24trans - ok
20:43:50.0078 4604 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\Brian\Desktop\SASDIFSV.SYS
20:43:50.0078 4604 SASDIFSV - ok
20:43:50.0093 4604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Documents and Settings\Brian\Desktop\SASKUTIL.SYS
20:43:50.0093 4604 SASKUTIL - ok
20:43:50.0125 4604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:43:50.0125 4604 Secdrv - ok
20:43:50.0140 4604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:43:50.0140 4604 serenum - ok
20:43:50.0171 4604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:43:50.0171 4604 Serial - ok
20:43:50.0218 4604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:43:50.0218 4604 Sfloppy - ok
20:43:50.0296 4604 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
20:43:50.0296 4604 ShockMgr - ok
20:43:50.0328 4604 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
20:43:50.0328 4604 Shockprf - ok
20:43:50.0343 4604 Simbad - ok
20:43:50.0375 4604 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:43:50.0375 4604 sisagp - ok
20:43:50.0390 4604 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
20:43:50.0390 4604 Smapint - ok
20:43:50.0468 4604 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
20:43:50.0468 4604 smi2 - ok
20:43:50.0531 4604 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
20:43:50.0531 4604 smihlp - ok
20:43:50.0562 4604 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
20:43:50.0578 4604 SMSIVZAM5 - ok
20:43:50.0750 4604 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:43:50.0750 4604 Sparrow - ok
20:43:50.0765 4604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:43:50.0765 4604 splitter - ok
20:43:50.0781 4604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:43:50.0781 4604 sr - ok
20:43:50.0843 4604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:43:50.0859 4604 Srv - ok
20:43:50.0906 4604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:43:50.0906 4604 swenum - ok
20:43:50.0921 4604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:43:50.0921 4604 swmidi - ok
20:43:50.0937 4604 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:43:50.0937 4604 symc810 - ok
20:43:50.0953 4604 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:43:50.0953 4604 symc8xx - ok
20:43:50.0968 4604 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:43:50.0968 4604 sym_hi - ok
20:43:50.0984 4604 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:43:50.0984 4604 sym_u3 - ok
20:43:51.0046 4604 SynTP (820d28f30ac01ce86860a35dcc7bfaab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:43:51.0046 4604 SynTP - ok
20:43:51.0062 4604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:43:51.0062 4604 sysaudio - ok
20:43:51.0140 4604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:43:51.0140 4604 Tcpip - ok
20:43:51.0343 4604 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
20:43:51.0343 4604 TcUsb - ok
20:43:51.0421 4604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:43:51.0421 4604 TDPIPE - ok
20:43:51.0453 4604 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
20:43:51.0453 4604 TDSMAPI - ok
20:43:51.0468 4604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:43:51.0468 4604 TDTCP - ok
20:43:51.0500 4604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:43:51.0500 4604 TermDD - ok
20:43:51.0531 4604 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:43:51.0531 4604 TosIde - ok
20:43:51.0546 4604 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
20:43:51.0546 4604 TPHKDRV - ok
20:43:51.0562 4604 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
20:43:51.0562 4604 TPPWRIF - ok
20:43:51.0578 4604 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:43:51.0578 4604 TSMAPIP - ok
20:43:51.0640 4604 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
20:43:51.0640 4604 tvtfilter - ok
20:43:51.0968 4604 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
20:43:51.0968 4604 TVTPktFilter - ok
20:43:52.0031 4604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:43:52.0031 4604 Udfs - ok
20:43:52.0046 4604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:43:52.0046 4604 ultra - ok
20:43:52.0125 4604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:43:52.0125 4604 Update - ok
20:43:52.0218 4604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:43:52.0234 4604 usbccgp - ok
20:43:52.0296 4604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:43:52.0296 4604 usbehci - ok
20:43:52.0359 4604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:43:52.0359 4604 usbhub - ok
20:43:52.0421 4604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:43:52.0421 4604 usbprint - ok
20:43:52.0437 4604 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:43:52.0437 4604 USBSTOR - ok
20:43:52.0453 4604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:43:52.0453 4604 usbuhci - ok
20:43:52.0468 4604 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:43:52.0468 4604 usb_rndisx - ok
20:43:52.0515 4604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:43:52.0515 4604 VgaSave - ok
20:43:52.0531 4604 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:43:52.0531 4604 viaagp - ok
20:43:52.0546 4604 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:43:52.0546 4604 ViaIde - ok
20:43:52.0593 4604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:43:52.0593 4604 VolSnap - ok
20:43:52.0687 4604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:43:52.0687 4604 Wanarp - ok
20:43:52.0703 4604 WDICA - ok
20:43:52.0750 4604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:43:52.0750 4604 wdmaud - ok
20:43:52.0875 4604 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:43:52.0890 4604 winachsf - ok
20:43:53.0140 4604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:43:53.0140 4604 WudfPf - ok
20:43:53.0156 4604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:43:53.0171 4604 WudfRd - ok
20:43:53.0218 4604 MBR (0x1B8) (ff5b47af323918dcd9153de1bf391a5e) \Device\Harddisk0\DR0
20:43:53.0250 4604 \Device\Harddisk0\DR0 - ok
20:43:53.0265 4604 Boot (0x1200) (bf6e7d8990d308072d5665983b6a1330) \Device\Harddisk0\DR0\Partition0
20:43:53.0265 4604 \Device\Harddisk0\DR0\Partition0 - ok
20:43:53.0265 4604 ============================================================
20:43:53.0265 4604 Scan finished
20:43:53.0265 4604 ============================================================
20:43:53.0281 4580 Detected object count: 2
20:43:53.0281 4580 Actual detected object count: 2
20:44:44.0046 4580 765b55f6 ( Rootkit.Win32.PMax.gen ) - skipped by user
20:44:44.0046 4580 765b55f6 ( Rootkit.Win32.PMax.gen ) - User select action: Skip
20:44:44.0750 4580 Backup copy found, using it..
20:44:44.0750 4580 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
20:44:44.0750 4580 Cdrom ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
20:44:59.0843 5296 Deinitialize success

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 01 November 2011 - 09:16 PM

Were you able follow the rest of my instructions? If so, I need to see the other logs and if not, I need to know what happened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 03 November 2011 - 07:40 AM

I got all the way through the combofix and it wanted to reboot my computer but my computer is still sitting there waiting to be rebooted. It asked me not to reboot it myself so I didn't, but to let the software do it. That was like a day and a half ago. Should I reboot it myself? It had to do a microsoft download for backup software or something so I did but the backup failed.

I would post the combofix but I would have to find it - are the combofix and dummycreator logs saved somewhere where I can copy and past them?

PS thanks for the help

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 03 November 2011 - 06:55 PM

If you haven't already, reboot the computer then do this to open the ComboFix log:

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Post the log for me when you have it.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 04 November 2011 - 10:31 PM

For whatever reason now, I cannot access the internet from that computer. I'm using my desktop to post here. But here is the log:

ComboFix 11-11-01.04 - Brian 11/04/2011 10:13:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1626 [GMT -4:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brian\Desktop\
c:\documents and settings\Brian\Local Settings\Application Data\765b55f6
c:\documents and settings\Brian\Local Settings\Application Data\765b55f6\@
c:\documents and settings\Brian\Local Settings\Application Data\765b55f6\U\80000000.@
c:\documents and settings\Brian\Local Settings\Application Data\765b55f6\U\800000cb.@
c:\documents and settings\Brian\Local Settings\Application Data\765b55f6\X
c:\windows\$NtUninstallKB56402$\1985697270\@
c:\windows\$NtUninstallKB56402$\1985697270\L\hvmonmrs
c:\windows\$NtUninstallKB56402$\1985697270\loader.tlb
c:\windows\$NtUninstallKB56402$\1985697270\U\@00000001
c:\windows\$NtUninstallKB56402$\1985697270\U\@000000c0
c:\windows\$NtUninstallKB56402$\1985697270\U\@000000cb
c:\windows\$NtUninstallKB56402$\1985697270\U\@000000cf
c:\windows\$NtUninstallKB56402$\1985697270\U\@80000000
c:\windows\$NtUninstallKB56402$\1985697270\U\@800000c0
c:\windows\$NtUninstallKB56402$\1985697270\U\@800000cb
c:\windows\$NtUninstallKB56402$\1985697270\U\@800000cf
c:\windows\$NtUninstallKB56402$\2887052120
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\4132789110
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\jestertb.dll
c:\windows\system32\
c:\windows\system32\c_67546.nls
c:\windows\system32\d3d9caps.dat
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
Infected copy of c:\windows\system32\drivers\Fips.sys was found and disinfected
Restored copy from - The cat found it :)
c:\documents and settings\Brian\Desktop\SASCORE.EXE . . . is infected!!
c:\documents and settings\Brian\Desktop\SASCORE.EXE . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054231.exe
.
Infected copy of c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054205.exe
.
Infected copy of c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP169\A0056387.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054201.exe
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP167\A0055383.exe
.
Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP167\A0055386.exe
.
Infected copy of c:\windows\system32\ibmpmsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054199.exe
.
Infected copy of c:\windows\system32\IPSSVC.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0054565.EXE
.
Infected copy of c:\program files\Lavasoft\Ad-Aware\AAWService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP164\A0054336.exe
.
Infected copy of c:\program files\LG Electronics\LGE LTE Driver\vmsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054207.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0055237.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054232.exe
.
Infected copy of c:\program files\lenovo\system update\suservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054209.exe
.
Infected copy of c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054210.exe
.
Infected copy of c:\windows\system32\TPHDEXLG.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0055238.exe
.
Infected copy of c:\windows\system32\TpKmpSVC.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP167\A0055384.exe
.
Infected copy of c:\program files\Lenovo\Rescue and Recovery\rrservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054213.exe
.
Infected copy of c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054214.exe
.
Infected copy of c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054215.exe
.
Infected copy of c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054205.exe
Infected copy of c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP169\A0056387.exe
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054201.exe
Infected copy of c:\windows\system32\IPSSVC.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0054565.EXE
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0055237.exe
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054232.exe
Infected copy of c:\program files\lenovo\system update\suservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054209.exe
Infected copy of c:\windows\system32\TPHDEXLG.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP166\A0055238.exe
Infected copy of c:\windows\system32\TpKmpSVC.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP167\A0055384.exe
Infected copy of c:\program files\Lenovo\Rescue and Recovery\rrservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054213.exe
Infected copy of c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054214.exe
Infected copy of c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP159\A0054215.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_765b55f6
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-10-31 01:06 . 2011-11-04 14:09 45968 --sha-w- c:\windows\system32\c_67546.nl_
2011-10-25 15:19 . 2011-10-25 15:19 -------- d-----w- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com
2011-10-25 15:19 . 2011-10-25 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-25 14:24 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-25 14:21 . 2011-10-26 22:28 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-25 13:36 . 2011-10-25 13:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-25 02:18 . 2011-10-25 02:18 -------- d-----w- c:\program files\Lavasoft
2011-10-25 02:18 . 2011-10-25 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-10-22 16:56 . 2011-10-22 16:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-10-19 15:07 . 2011-10-19 15:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-02 00:46 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-30 19:45 . 2010-05-03 20:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-09-26 15:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-04-30 06:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2009-12-28 2137600]
"SUPERAntiSpyware"="c:\documents and settings\Brian\Desktop\SUPERAntiSpyware.exe" [2011-10-17 4615552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\Brian\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-6-28 3121760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-3 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\Brian\Desktop\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ------w- c:\documents and settings\Brian\Desktop\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\Documents and Settings\\Brian\\Desktop\\SUPERAntiSpyware.exe"=
"c:\\Documents and Settings\\Brian\\Desktop\\SSUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\CLVIEW.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/25/2011 10:24 AM 64512]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Brian\Desktop\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Brian\Desktop\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\LG Electronics\LGE LTE Driver\vmsvc.exe [10/11/2010 8:56 PM 238008]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 10:00 PM 3456]
S2 !SASCORE;SAS Core Service;"c:\documents and settings\Brian\Desktop\SASCORE.EXE" --> c:\documents and settings\Brian\Desktop\SASCORE.EXE [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 3:25 PM 15232]
S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\LGELTEBus.sys [1/8/2011 4:49 PM 33408]
S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\LGELTEmdm.sys [1/8/2011 4:49 PM 101888]
S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\LGELTEMux.sys [1/8/2011 4:49 PM 38144]
S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\LGELTENdis.sys [1/8/2011 4:49 PM 49408]
S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\LGELTEprt.sys [1/8/2011 4:49 PM 102784]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [7/18/2011 9:34 AM 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [7/18/2011 9:34 AM 105984]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 9:29 PM 32408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 19:25]
.
2011-11-04 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-05-03 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.swagbucks.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\sayxtbis.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-03396479.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 13:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB56402$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\documents and settings\Brian\Desktop\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
.
**************************************************************************
.
Completion time: 2011-11-04 13:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 17:30
.
Pre-Run: 56,622,731,264 bytes free
Post-Run: 61,080,539,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B3AFD2981654BD6C6E32EF970B0DF0AA

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 04 November 2011 - 11:04 PM

haggs:

Posted Image Go to Start > Run and copy/paste the contents of the codebox below into the Run box and click OK:

NETSH WINSOCK RESET CATALOG

Reboot

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
c:\windows\system32\c_67546.nl_
Rootkit::
c:\windows\$NtUninstallKB56402$

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log
  • Let me know if your connectivity is restored

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 07 November 2011 - 10:27 AM

Thanks for the input. I did what you asked above and combofix is running now. Combofix had expired so it is restarting its scan. I'll post when its done. Thanks.

#12 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 07 November 2011 - 10:55 AM

The combofix ran but I'm still having trouble getting onto the internet. I rebooted again but it didn't matter, I still can't access the internet so I'm using my desktop again.
Here is the log I ran this morning:

ComboFix 11-11-01.04 - Brian 11/07/2011 10:25:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1590 [GMT -5:00]
Running from: c:\documents and settings\Brian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brian\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\windows\system32\c_67546.nl_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\c_67546.nl_
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-10-25 15:19 . 2011-10-25 15:19 -------- d-----w- c:\documents and settings\Brian\Application Data\SUPERAntiSpyware.com
2011-10-25 15:19 . 2011-10-25 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-25 14:24 . 2011-08-18 19:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-25 14:21 . 2011-10-26 22:28 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-25 13:36 . 2011-10-25 13:36 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-25 02:18 . 2011-10-25 02:18 -------- d-----w- c:\program files\Lavasoft
2011-10-25 02:18 . 2011-10-25 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-10-22 16:56 . 2011-10-22 16:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-10-19 15:07 . 2011-10-19 15:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 04:00 . 2010-05-03 20:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-11-02 00:46 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-26 15:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-04-30 06:55 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-04-30 06:55 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2009-12-28 2137600]
"SUPERAntiSpyware"="c:\documents and settings\Brian\Desktop\SUPERAntiSpyware.exe" [2011-10-17 4615552]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\documents and settings\Brian\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-6-28 3121760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-3 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\Brian\Desktop\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ------w- c:\documents and settings\Brian\Desktop\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\Documents and Settings\\Brian\\Desktop\\SUPERAntiSpyware.exe"=
"c:\\Documents and Settings\\Brian\\Desktop\\SSUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\CLVIEW.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 !SASCORE;SAS Core Service;c:\documents and settings\Brian\Desktop\SASCORE.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\LG Electronics\LGE LTE Driver\vmsvc.exe [2010-10-12 238008]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-08-18 2151640]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
R3 LGELTEBus;LGE Composite Device;c:\windows\system32\DRIVERS\LGELTEBus.sys [2010-10-27 33408]
R3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\DRIVERS\LGELTEmdm.sys [2010-10-27 101888]
R3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\DRIVERS\LGELTEMux.sys [2010-10-27 38144]
R3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\DRIVERS\LGELTENdis.sys [2010-10-27 49408]
R3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\DRIVERS\LGELTEprt.sys [2010-10-27 102784]
R3 qcserxp;HTC Diagnostic Port;c:\windows\system32\DRIVERS\qcserxp.sys [2009-01-24 103424]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcmdmxp.sys [2009-10-27 105984]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2010-04-15 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S1 SASDIFSV;SASDIFSV;c:\documents and settings\Brian\Desktop\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\documents and settings\Brian\Desktop\SASKUTIL.SYS [2011-07-12 67664]
S2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 3456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 19:25]
.
2011-11-07 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-05-03 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.swagbucks.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\sayxtbis.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 10:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB56402$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\documents and settings\Brian\Desktop\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\PROCHLP.DLL
c:\docume~1\Brian\LOCALS~1\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2011-11-07 10:32:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 15:32
ComboFix2.txt 2011-11-04 17:30
.
Pre-Run: 61,095,489,536 bytes free
Post-Run: 61,078,212,608 bytes free
.
- - End Of File - - E012861C09E8D15E3A47159D249E58BC

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 07 November 2011 - 06:44 PM

haggs:

Please try this:

Posted Image If your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

Posted Image

If you have no task bar icon do this:
  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

Posted Image

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

If that doesn't work - try the following:
  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.
In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes
In FireFox
  • Click on Advanced -> Network -> Setttings…
  • the No Proxy option should be selected
If you still don't have a connection, do this:

Posted Image Follow these steps to use the reset command to reset TCP/IP manually:
  • To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
    netsh int ip reset c:\resetlog.txt
  • Reboot the computer.
If you still don't have a connection, do this:

Posted Image Follow these steps to reset Winsock:
  • To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
    netsh winsock reset
  • Reboot the computer.
Please include the following in your next post:
  • Let me know if you are able to restore your connectivity

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 haggs

haggs
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:59 AM

Posted 08 November 2011 - 09:27 AM

I still can't log onto the internet. I tried all the options listed. I couldn't locate the IP item you mentioned below. I use a verizon wireless internet connection, through.
I reset the IP and winsock manually. The winsock stated that it was reset successfully and had to reboot when I ran the command, but after I ran the command for the IP, nothing came up. I don't know if that worked or not.

If that doesn't work - try the following:
Go to Start > Control Panel, and choose Network Connections.
Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
Click the Networking tab
Double-click on the Internet Protocol (TCP/IP) item.
Write down the settings in case you should need to change them back.
Select the radio button that says "Obtain DNS servers automatically".
Click OK twice to get out of the properties screen and restart your computer.
If not prompted to reboot go ahead and reboot manually.

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 08 November 2011 - 09:26 PM

haggs:

Please do this:

Posted Image Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start > Run or press the Windows key + r Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
Please include the following in your next post:
  • junction log

Edited by RPMcMurphy, 08 November 2011 - 09:37 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users