Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZW infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 Gile54

Gile54

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 04 February 2012 - 05:02 PM

Hi!

I ran RootkitBuster, and found some issues, all having to do with ZW.
Please help. Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by User at 20:14:28 on 2012-02-04
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1014.205 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
svchost.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.net.hr/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66010
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=66010
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=66010
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TP4EX] tp4ex.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG9.0] "c:\program files\common files\microsoft shared\ime\imjp9\imjprmzb.exe" /RmZombie
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynupd~1.lnk - c:\program files\dyndns updater\DynTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device...
IE: Slanje na &Bluetooth uređaj... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Slanje na Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 213.191.128.8 213.191.128.9
TCP: Interfaces\{A89BEF28-FEB9-46FC-AAA4-2D03AE079ECC} : DhcpNameServer = 213.191.128.8 213.191.128.9
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\i2phq3yp.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - hxxp://www.net.hr/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i2phq3yp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i2phq3yp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i2phq3yp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\i2phq3yp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-1-24 24304]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-24 13680]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-2-3 32768]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\abbyy finereader 9.0\NetworkLicenseServer.exe [2007-9-24 566560]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-1-24 132456]
R2 Dyn Updater;Dyn Updater;c:\program files\dyndns updater\DynUpSvc.exe [2011-11-15 95608]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-8-9 974944]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-1-24 53248]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-2-3 482992]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-24 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-1-24 64440]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2010-9-11 1118208]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-1-24 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2005-7-13 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-27 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-1-24 45496]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-27 133104]
S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2008-5-12 31128]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-7-23 24576]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-8-28 223128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-02-04 17:45:59 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-04 17:45:56 -------- d-----w- c:\program files\Trend Micro
2012-02-03 17:16:52 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-03 17:16:52 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-03 17:16:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-03 17:16:49 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-03 17:16:48 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-02-03 17:16:17 -------- d-----w- c:\program files\Trojan Remover
2012-02-03 17:16:17 -------- d-----w- c:\documents and settings\user\application data\Simply Super Software
2012-02-03 17:16:17 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-02-03 16:43:26 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-03 13:54:28 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-03 13:54:27 -------- d-----w- c:\documents and settings\user\application data\Spyware Terminator
2012-02-03 13:54:26 -------- d-----w- c:\documents and settings\all users\application data\Spyware Terminator
2012-02-03 13:48:20 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2012-02-03 13:48:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-03 13:48:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 13:48:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 13:23:19 -------- d-----w- c:\program files\Spyware Terminator
2012-02-01 12:09:25 -------- d-----w- C:\UserScripts
2012-01-29 20:11:42 -------- d-----w- c:\program files\MKVToolNix
2012-01-19 18:42:33 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-19 18:42:33 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-01-19 16:58:31 713728 ----a-r- c:\windows\system32\hposwia_d02d.dll
2012-01-19 16:58:31 589824 ----a-r- c:\windows\system32\hpost_d02d.dll
2012-01-19 16:58:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-01-19 16:58:31 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2012-01-19 16:51:22 -------- d-----w- c:\program files\common files\HP
2012-01-18 01:41:58 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-18 01:41:58 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-18 01:41:58 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-18 01:41:58 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-18 00:44:20 -------- d-----w- c:\program files\Screenshot Utility
2012-01-14 15:31:36 -------- d-----w- c:\program files\StartSearch plugin
2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-01-08 21:43:19 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-01-08 20:06:41 -------- d-----w- c:\program files\SpeedFan
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 21:19:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:14:58,29 ===============
Attached File  attach.txt   25.21KB   1 downloads

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 04 February 2012 - 06:54 PM

Hi,

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 February 2012 - 07:01 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 04:36:38
-----------------------------
04:36:38.375 OS Version: Windows 5.1.2600 Service Pack 3
04:36:38.375 Number of processors: 2 586 0xF06
04:36:38.375 ComputerName: LAPTOP UserName: User
04:37:17.515 Initialize success
04:48:16.921 AVAST engine defs: 12020401
04:50:27.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
04:50:27.250 Disk 0 Vendor: TOSHIBA_MK1034GSX AH201E Size: 95396MB BusType: 3
04:50:27.265 Disk 0 MBR read successfully
04:50:27.265 Disk 0 MBR scan
04:50:28.125 Disk 0 unknown MBR code
04:50:28.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
04:50:29.421 Disk 0 scanning sectors +195365520
04:50:29.750 Disk 0 scanning C:\WINDOWS\system32\drivers
04:51:32.578 Service scanning
04:51:34.406 Modules scanning
04:51:53.359 Disk 0 trace - called modules:
04:51:53.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
04:51:53.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f40ab8]
04:51:53.437 3 CLASSPNP.SYS[f75bcfd7] -> nt!IofCallDriver -> \Device\0000009d[0x86f272f0]
04:51:53.437 5 ACPI.sys[f7353620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc7030]
04:51:58.500 AVAST engine scan C:\WINDOWS
04:52:13.937 AVAST engine scan C:\WINDOWS\system32
04:57:52.484 AVAST engine scan C:\WINDOWS\system32\drivers
04:58:30.296 AVAST engine scan C:\Documents and Settings\User
05:15:41.125 AVAST engine scan C:\Documents and Settings\All Users
05:23:36.484 Scan finished successfully
12:44:22.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
12:44:22.109 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Attached File  MBR.zip   487bytes   0 downloads

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 05 February 2012 - 09:16 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2012 - 06:15 AM

Attached File  ComboFix.txt   22.86KB   2 downloads

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 06 February 2012 - 11:12 AM

Hi

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2012 - 02:51 PM

Hi,

here's the TDSS Killer log:

17:29:15.0122 6140 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
17:29:16.0888 6140 ============================================================
17:29:16.0888 6140 Current date / time: 2012/02/06 17:29:16.0888
17:29:16.0888 6140 SystemInfo:
17:29:16.0888 6140
17:29:16.0888 6140 OS Version: 5.1.2600 ServicePack: 3.0
17:29:16.0888 6140 Product type: Workstation
17:29:16.0888 6140 ComputerName: LAPTOP
17:29:16.0888 6140 UserName: User
17:29:16.0888 6140 Windows directory: C:\WINDOWS
17:29:16.0888 6140 System windows directory: C:\WINDOWS
17:29:16.0888 6140 Processor architecture: Intel x86
17:29:16.0888 6140 Number of processors: 2
17:29:16.0888 6140 Page size: 0x1000
17:29:16.0888 6140 Boot type: Normal boot
17:29:16.0888 6140 ============================================================
17:29:24.0575 6140 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:29:24.0591 6140 \Device\Harddisk0\DR0:
17:29:24.0591 6140 MBR used
17:29:24.0591 6140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50A51
17:29:24.0591 6140 Initialize success
17:29:24.0591 6140 ============================================================
17:29:49.0669 2096 ============================================================
17:29:49.0669 2096 Scan started
17:29:49.0669 2096 Mode: Manual; TDLFS;
17:29:49.0669 2096 ============================================================
17:29:49.0841 2096 Abiosdsk - ok
17:29:49.0856 2096 abp480n5 - ok
17:29:49.0919 2096 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:49.0919 2096 ACPI - ok
17:29:49.0950 2096 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:29:49.0950 2096 ACPIEC - ok
17:29:50.0013 2096 ADIHdAudAddService (ec0c9249eb089b7c46c16c9fae7df789) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:29:50.0028 2096 ADIHdAudAddService - ok
17:29:50.0044 2096 adpu160m - ok
17:29:50.0106 2096 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
17:29:50.0106 2096 AEAudio - ok
17:29:50.0153 2096 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:50.0169 2096 aec - ok
17:29:50.0294 2096 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:50.0294 2096 AFD - ok
17:29:50.0309 2096 Aha154x - ok
17:29:50.0325 2096 aic78u2 - ok
17:29:50.0341 2096 aic78xx - ok
17:29:50.0356 2096 AliIde - ok
17:29:50.0372 2096 amsint - ok
17:29:50.0419 2096 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
17:29:50.0419 2096 ANC - ok
17:29:50.0466 2096 AnyDVD (d9632df732eae381abbd7581b6c8dc00) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:29:50.0466 2096 AnyDVD - ok
17:29:50.0481 2096 asc - ok
17:29:50.0497 2096 asc3350p - ok
17:29:50.0513 2096 asc3550 - ok
17:29:50.0591 2096 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:50.0591 2096 AsyncMac - ok
17:29:50.0622 2096 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:50.0622 2096 atapi - ok
17:29:50.0638 2096 Atdisk - ok
17:29:50.0669 2096 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:50.0669 2096 Atmarpc - ok
17:29:50.0716 2096 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:50.0716 2096 audstub - ok
17:29:50.0841 2096 b57w2k (bf9c01a3040d75bfb95beffa216173df) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:29:50.0841 2096 b57w2k - ok
17:29:50.0872 2096 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:50.0872 2096 Beep - ok
17:29:50.0934 2096 btaudio (9e8cf88d340e32fcb3c53955b2df388f) C:\WINDOWS\system32\drivers\btaudio.sys
17:29:50.0950 2096 btaudio - ok
17:29:50.0997 2096 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
17:29:50.0997 2096 BTDriver - ok
17:29:51.0044 2096 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17:29:51.0059 2096 BthEnum - ok
17:29:51.0106 2096 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
17:29:51.0122 2096 BthPan - ok
17:29:51.0247 2096 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
17:29:51.0294 2096 BTHPORT - ok
17:29:51.0388 2096 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
17:29:51.0419 2096 BTHUSB - ok
17:29:51.0481 2096 BTKRNL (d26b5b9a40a2b2191b35c76d5cbf5d2a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:29:51.0528 2096 BTKRNL - ok
17:29:51.0575 2096 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
17:29:51.0575 2096 BTWDNDIS - ok
17:29:51.0653 2096 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
17:29:51.0653 2096 btwmodem - ok
17:29:51.0684 2096 BTWUSB (7696f6f2e63086eeedb76b71bb7bb455) C:\WINDOWS\system32\Drivers\btwusb.sys
17:29:51.0684 2096 BTWUSB - ok
17:29:51.0747 2096 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
17:29:51.0747 2096 CA561 - ok
17:29:51.0872 2096 catchme - ok
17:29:51.0919 2096 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:51.0919 2096 cbidf2k - ok
17:29:51.0950 2096 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:29:51.0950 2096 CCDECODE - ok
17:29:52.0013 2096 cd20xrnt - ok
17:29:52.0059 2096 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:52.0075 2096 Cdaudio - ok
17:29:52.0263 2096 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:52.0263 2096 Cdfs - ok
17:29:52.0419 2096 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:52.0419 2096 Cdrom - ok
17:29:52.0497 2096 Changer - ok
17:29:52.0544 2096 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:29:52.0544 2096 CmBatt - ok
17:29:52.0622 2096 CmdIde - ok
17:29:52.0684 2096 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:52.0684 2096 Compbatt - ok
17:29:52.0747 2096 Cpqarray - ok
17:29:52.0825 2096 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
17:29:52.0825 2096 cpudrv - ok
17:29:52.0888 2096 dac2w2k - ok
17:29:52.0903 2096 dac960nt - ok
17:29:52.0950 2096 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:52.0950 2096 Disk - ok
17:29:53.0044 2096 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:53.0059 2096 dmboot - ok
17:29:53.0138 2096 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:29:53.0138 2096 dmio - ok
17:29:53.0184 2096 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:53.0184 2096 dmload - ok
17:29:53.0231 2096 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:53.0231 2096 DMusic - ok
17:29:53.0341 2096 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
17:29:53.0341 2096 DozeHDD - ok
17:29:53.0356 2096 dpti2o - ok
17:29:53.0419 2096 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:53.0419 2096 drmkaud - ok
17:29:53.0513 2096 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
17:29:53.0513 2096 eamon - ok
17:29:53.0575 2096 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
17:29:53.0575 2096 ehdrv - ok
17:29:53.0622 2096 ElbyCDIO (28cb0b64134ad62c2acf77db8501a619) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:29:53.0622 2096 ElbyCDIO - ok
17:29:53.0653 2096 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
17:29:53.0669 2096 epfwtdir - ok
17:29:53.0763 2096 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:53.0763 2096 Fastfat - ok
17:29:53.0825 2096 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:29:53.0825 2096 Fdc - ok
17:29:53.0856 2096 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:29:53.0856 2096 Fips - ok
17:29:53.0888 2096 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:29:53.0888 2096 Flpydisk - ok
17:29:53.0966 2096 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:53.0966 2096 FltMgr - ok
17:29:53.0997 2096 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:53.0997 2096 Fs_Rec - ok
17:29:54.0028 2096 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:54.0028 2096 Ftdisk - ok
17:29:54.0122 2096 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
17:29:54.0153 2096 giveio - ok
17:29:54.0247 2096 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:54.0247 2096 Gpc - ok
17:29:54.0325 2096 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
17:29:54.0341 2096 Hardlock - ok
17:29:54.0434 2096 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:29:54.0434 2096 HDAudBus - ok
17:29:54.0497 2096 hid8103 (4fdacaaccf32af26f1254f53bcfe17e7) C:\WINDOWS\system32\drivers\hid8103.sys
17:29:54.0497 2096 hid8103 - ok
17:29:54.0513 2096 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:54.0528 2096 HidUsb - ok
17:29:54.0606 2096 hpn - ok
17:29:54.0653 2096 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:29:54.0653 2096 HPZid412 - ok
17:29:54.0716 2096 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:29:54.0716 2096 HPZipr12 - ok
17:29:54.0747 2096 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:29:54.0747 2096 HPZius12 - ok
17:29:54.0841 2096 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:29:54.0856 2096 HSFHWAZL - ok
17:29:54.0934 2096 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:29:54.0950 2096 HSF_DPV - ok
17:29:55.0028 2096 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
17:29:55.0028 2096 HTCAND32 - ok
17:29:55.0138 2096 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:55.0138 2096 HTTP - ok
17:29:55.0200 2096 i2omgmt - ok
17:29:55.0216 2096 i2omp - ok
17:29:55.0278 2096 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:55.0278 2096 i8042prt - ok
17:29:55.0341 2096 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:29:55.0341 2096 i81x - ok
17:29:55.0622 2096 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:29:55.0856 2096 ialm - ok
17:29:56.0059 2096 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
17:29:56.0059 2096 IBMPMDRV - ok
17:29:56.0169 2096 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
17:29:56.0169 2096 IBMTPCHK - ok
17:29:56.0231 2096 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:56.0231 2096 Imapi - ok
17:29:56.0247 2096 ini910u - ok
17:29:56.0309 2096 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:29:56.0309 2096 IntelIde - ok
17:29:56.0341 2096 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:56.0341 2096 intelppm - ok
17:29:56.0372 2096 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:56.0372 2096 Ip6Fw - ok
17:29:56.0434 2096 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:56.0434 2096 IpFilterDriver - ok
17:29:56.0466 2096 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:56.0466 2096 IpInIp - ok
17:29:56.0544 2096 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:56.0559 2096 IpNat - ok
17:29:56.0575 2096 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:56.0575 2096 IPSec - ok
17:29:56.0622 2096 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:56.0638 2096 IRENUM - ok
17:29:56.0700 2096 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:56.0700 2096 isapnp - ok
17:29:56.0747 2096 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:56.0747 2096 Kbdclass - ok
17:29:56.0763 2096 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:56.0778 2096 kbdhid - ok
17:29:56.0825 2096 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:56.0825 2096 kmixer - ok
17:29:56.0950 2096 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:56.0950 2096 KSecDD - ok
17:29:56.0966 2096 lbrtfdc - ok
17:29:57.0013 2096 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
17:29:57.0013 2096 lenovo.smi - ok
17:29:57.0091 2096 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
17:29:57.0091 2096 mcdbus - ok
17:29:57.0153 2096 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:29:57.0169 2096 mdmxsdk - ok
17:29:57.0450 2096 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:57.0450 2096 mnmdd - ok
17:29:57.0513 2096 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:29:57.0528 2096 Modem - ok
17:29:57.0559 2096 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:57.0559 2096 Mouclass - ok
17:29:57.0606 2096 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:57.0606 2096 mouhid - ok
17:29:57.0684 2096 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:57.0684 2096 MountMgr - ok
17:29:57.0700 2096 mraid35x - ok
17:29:57.0763 2096 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:57.0763 2096 MRxDAV - ok
17:29:57.0872 2096 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:57.0888 2096 MRxSmb - ok
17:29:57.0997 2096 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:57.0997 2096 Msfs - ok
17:29:58.0028 2096 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:58.0044 2096 MSKSSRV - ok
17:29:58.0091 2096 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:58.0091 2096 MSPCLOCK - ok
17:29:58.0372 2096 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:58.0388 2096 MSPQM - ok
17:29:58.0544 2096 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:58.0544 2096 mssmbios - ok
17:29:58.0591 2096 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:29:58.0606 2096 MSTEE - ok
17:29:58.0638 2096 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:58.0638 2096 Mup - ok
17:29:58.0700 2096 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:29:58.0700 2096 NABTSFEC - ok
17:29:58.0778 2096 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:58.0778 2096 NDIS - ok
17:29:58.0872 2096 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:29:58.0872 2096 NdisIP - ok
17:29:59.0013 2096 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:59.0013 2096 NdisTapi - ok
17:29:59.0106 2096 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:59.0122 2096 Ndisuio - ok
17:29:59.0138 2096 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:59.0138 2096 NdisWan - ok
17:29:59.0231 2096 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:59.0231 2096 NDProxy - ok
17:29:59.0278 2096 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:59.0278 2096 NetBIOS - ok
17:29:59.0309 2096 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:59.0309 2096 NetBT - ok
17:29:59.0356 2096 NETw3x32 - ok
17:29:59.0653 2096 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
17:29:59.0919 2096 NETwLx32 - ok
17:30:00.0059 2096 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:30:00.0059 2096 Npfs - ok
17:30:00.0106 2096 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
17:30:00.0309 2096 NSNDIS5 - ok
17:30:00.0434 2096 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:30:00.0450 2096 Ntfs - ok
17:30:00.0513 2096 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:30:00.0513 2096 Null - ok
17:30:00.0575 2096 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
17:30:00.0575 2096 nvport - ok
17:30:00.0622 2096 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:30:00.0638 2096 NwlnkFlt - ok
17:30:00.0653 2096 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:30:00.0653 2096 NwlnkFwd - ok
17:30:00.0684 2096 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:30:00.0684 2096 NwlnkIpx - ok
17:30:00.0778 2096 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:30:00.0778 2096 NwlnkNb - ok
17:30:00.0825 2096 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:30:00.0841 2096 NwlnkSpx - ok
17:30:00.0950 2096 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:30:00.0950 2096 Parport - ok
17:30:00.0997 2096 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:30:00.0997 2096 PartMgr - ok
17:30:01.0028 2096 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:30:01.0044 2096 ParVdm - ok
17:30:01.0091 2096 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:30:01.0091 2096 pccsmcfd - ok
17:30:01.0106 2096 PcdrNdisuio - ok
17:30:01.0153 2096 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:30:01.0153 2096 PCI - ok
17:30:01.0231 2096 PCIDump - ok
17:30:01.0278 2096 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:30:01.0278 2096 PCIIde - ok
17:30:01.0325 2096 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:30:01.0341 2096 Pcmcia - ok
17:30:01.0450 2096 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
17:30:01.0466 2096 Pcouffin - ok
17:30:01.0481 2096 PDCOMP - ok
17:30:01.0497 2096 PDFRAME - ok
17:30:01.0513 2096 PDRELI - ok
17:30:01.0528 2096 PDRFRAME - ok
17:30:01.0528 2096 perc2 - ok
17:30:01.0544 2096 perc2hib - ok
17:30:01.0606 2096 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
17:30:01.0606 2096 pfc - ok
17:30:01.0700 2096 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
17:30:01.0700 2096 pmem - ok
17:30:01.0809 2096 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:30:01.0809 2096 PptpMiniport - ok
17:30:01.0856 2096 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
17:30:01.0856 2096 PROCDD - ok
17:30:01.0888 2096 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
17:30:01.0888 2096 psadd - ok
17:30:01.0934 2096 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:30:01.0950 2096 PSched - ok
17:30:01.0997 2096 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:30:01.0997 2096 Ptilink - ok
17:30:02.0059 2096 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:30:02.0059 2096 PxHelp20 - ok
17:30:02.0075 2096 ql1080 - ok
17:30:02.0091 2096 Ql10wnt - ok
17:30:02.0106 2096 ql12160 - ok
17:30:02.0122 2096 ql1240 - ok
17:30:02.0138 2096 ql1280 - ok
17:30:02.0153 2096 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:30:02.0153 2096 RasAcd - ok
17:30:02.0169 2096 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:30:02.0169 2096 Rasl2tp - ok
17:30:02.0216 2096 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:30:02.0216 2096 RasPppoe - ok
17:30:02.0263 2096 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:30:02.0263 2096 Raspti - ok
17:30:02.0341 2096 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:30:02.0356 2096 Rdbss - ok
17:30:02.0356 2096 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:30:02.0356 2096 RDPCDD - ok
17:30:02.0403 2096 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:30:02.0403 2096 rdpdr - ok
17:30:02.0466 2096 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:30:02.0466 2096 RDPWD - ok
17:30:02.0513 2096 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:30:02.0513 2096 redbook - ok
17:30:02.0591 2096 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
17:30:02.0591 2096 RFCOMM - ok
17:30:02.0606 2096 rkhdrv40 - ok
17:30:02.0684 2096 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:30:02.0684 2096 s24trans - ok
17:30:02.0809 2096 SCDEmu (4eacdfca5503c1050eb3f5251b9f5274) C:\WINDOWS\system32\drivers\SCDEmu.sys
17:30:02.0809 2096 SCDEmu - ok
17:30:02.0919 2096 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:30:02.0919 2096 Secdrv - ok
17:30:02.0966 2096 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:30:02.0981 2096 Serial - ok
17:30:03.0075 2096 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:30:03.0075 2096 Sfloppy - ok
17:30:03.0106 2096 Simbad - ok
17:30:03.0138 2096 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:30:03.0153 2096 SLIP - ok
17:30:03.0263 2096 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
17:30:03.0263 2096 Smapint - ok
17:30:03.0278 2096 Sparrow - ok
17:30:03.0341 2096 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
17:30:03.0341 2096 speedfan - ok
17:30:03.0372 2096 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:30:03.0388 2096 splitter - ok
17:30:03.0450 2096 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
17:30:03.0466 2096 sptd - ok
17:30:03.0622 2096 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
17:30:03.0622 2096 sp_rsdrv2 - ok
17:30:03.0653 2096 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:30:03.0653 2096 sr - ok
17:30:03.0716 2096 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:30:03.0731 2096 Srv - ok
17:30:03.0778 2096 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:30:03.0778 2096 StillCam - ok
17:30:03.0825 2096 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:30:03.0825 2096 streamip - ok
17:30:03.0856 2096 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:30:03.0856 2096 swenum - ok
17:30:03.0903 2096 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:30:03.0903 2096 swmidi - ok
17:30:03.0981 2096 symc810 - ok
17:30:03.0997 2096 symc8xx - ok
17:30:04.0028 2096 sym_hi - ok
17:30:04.0044 2096 sym_u3 - ok
17:30:04.0075 2096 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:30:04.0075 2096 sysaudio - ok
17:30:04.0138 2096 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:30:04.0153 2096 Tcpip - ok
17:30:04.0169 2096 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:30:04.0169 2096 TDPIPE - ok
17:30:04.0231 2096 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
17:30:04.0231 2096 TDSMAPI - ok
17:30:04.0263 2096 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:30:04.0263 2096 TDTCP - ok
17:30:04.0309 2096 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:30:04.0309 2096 TermDD - ok
17:30:04.0341 2096 TosIde - ok
17:30:04.0388 2096 Tp4Track (e466b34b7862ccabbb3777563481e059) C:\WINDOWS\system32\DRIVERS\tp4track.sys
17:30:04.0403 2096 Tp4Track - ok
17:30:04.0513 2096 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
17:30:04.0513 2096 TPHKDRV - ok
17:30:04.0591 2096 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
17:30:04.0591 2096 TPPWRIF - ok
17:30:04.0606 2096 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
17:30:04.0606 2096 TSMAPIP - ok
17:30:04.0669 2096 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
17:30:04.0669 2096 tvtfilter - ok
17:30:04.0700 2096 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
17:30:04.0700 2096 TVTI2C - ok
17:30:04.0856 2096 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
17:30:04.0856 2096 TwoTrack - ok
17:30:04.0888 2096 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:30:04.0888 2096 Udfs - ok
17:30:04.0934 2096 UIUSys - ok
17:30:04.0950 2096 ultra - ok
17:30:05.0013 2096 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:30:05.0013 2096 Update - ok
17:30:05.0122 2096 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:30:05.0122 2096 usbccgp - ok
17:30:05.0169 2096 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:30:05.0184 2096 usbehci - ok
17:30:05.0247 2096 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:30:05.0263 2096 usbhub - ok
17:30:05.0325 2096 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:30:05.0325 2096 usbprint - ok
17:30:05.0356 2096 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:30:05.0372 2096 usbscan - ok
17:30:05.0450 2096 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:30:05.0450 2096 USBSTOR - ok
17:30:05.0497 2096 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:30:05.0513 2096 usbuhci - ok
17:30:05.0591 2096 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
17:30:05.0591 2096 vaxscsi - ok
17:30:05.0638 2096 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:30:05.0638 2096 VgaSave - ok
17:30:05.0653 2096 ViaIde - ok
17:30:05.0684 2096 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:05.0684 2096 VolSnap - ok
17:30:05.0763 2096 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:05.0763 2096 Wanarp - ok
17:30:05.0856 2096 Wdf01000 (8b35229d2761bc8ed526cb69e4f6685e) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:30:05.0872 2096 Wdf01000 - ok
17:30:05.0919 2096 WDICA - ok
17:30:05.0966 2096 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:05.0966 2096 wdmaud - ok
17:30:06.0106 2096 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:30:06.0122 2096 winachsf - ok
17:30:06.0263 2096 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:06.0263 2096 WS2IFSL - ok
17:30:06.0325 2096 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:30:06.0325 2096 WSTCODEC - ok
17:30:06.0419 2096 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:06.0434 2096 WudfPf - ok
17:30:06.0466 2096 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:06.0466 2096 WudfRd - ok
17:30:06.0513 2096 MBR (0x1B8) (29094a4324d63bb8baae769d26bf3181) \Device\Harddisk0\DR0
17:30:06.0638 2096 \Device\Harddisk0\DR0 - ok
17:30:06.0653 2096 Boot (0x1200) (c48fdd4d8a1abe39c941e64fc135c0db) \Device\Harddisk0\DR0\Partition0
17:30:06.0653 2096 \Device\Harddisk0\DR0\Partition0 - ok
17:30:06.0653 2096 ============================================================
17:30:06.0653 2096 Scan finished
17:30:06.0653 2096 ============================================================
17:30:06.0669 4680 Detected object count: 0
17:30:06.0669 4680 Actual detected object count: 0
17:30:54.0794 5300 Deinitialize success





...and the MBAM log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: LAPTOP [administrator]

6.2.2012 17:34:42
mbam-log-2012-02-06 (17-34-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 184330
Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





and finally the ESET scan log

C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe a variant of Win32/HackTool.Patcher.A application
C:\Utils\ipscan.exe Win32/NetTool.Portscan.C application
C:\Utils\PlayFLV.exe Win32/TrojanDownloader.Adload.NIQ trojan
C:\Utils\Uniblue RegistryBooster 2011 v.6.0.7.2 + Serial.rar Win32/RegistryBooster application
C:\Utils\Alcohol120%v1.9.5.b3823\Alcohol.120.v1.9.5.Build.3823.-.RETAIL_CRK-FFF\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe a variant of Win32/HackTool.Patcher.A application
C:\Utils\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack\ESET.PureFix.V2b.exe Win32/RiskWare.HackAV.HP application
C:\Utils\Google Earth Pro 6 Incl GPS Support and Serial\GoogleEarthWin.exe multiple threats
C:\Utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.exe Win32/Toolbar.AskSBar application
C:\Utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.rar Win32/Toolbar.AskSBar application
C:\Utils\PowerISO\keygen.exe a variant of Win32/Keygen.CP application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 06 February 2012 - 03:03 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe 
C:\Utils\PlayFLV.exe 
C:\Utils\Uniblue RegistryBooster 2011 v.6.0.7.2 + Serial.rar 
C:\Utils\Alcohol120%v1.9.5.b3823\Alcohol.120.v1.9.5.Build.3823.-.RETAIL_CRK-FFF\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe 
C:\Utils\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack\ESET.PureFix.V2b.exe 
C:\Utils\Google Earth Pro 6 Incl GPS Support and Serial\GoogleEarthWin.exe 
C:\Utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.exe
C:\Utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.rar 
C:\Utils\PowerISO\keygen.exe 


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 30
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u30-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2012 - 04:02 PM

ComboFix 12-02-05.02 - User 06.02.2012 21:17:15.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1014.316 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\Alcohol Soft\Alcohol 120\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe"
"c:\utils\Alcohol120%v1.9.5.b3823\Alcohol.120.v1.9.5.Build.3823.-.RETAIL_CRK-FFF\alcohol.120.v1.9.5.(build.3823).RETAIL-patch.exe"
"c:\utils\ESET.Smart.Security.5.&.ESET.NOD32.AntiVirus.5.Incl.Crack(32.and.64.Bit)\Crack\ESET.PureFix.V2b.exe"
"c:\utils\Google Earth Pro 6 Incl GPS Support and Serial\GoogleEarthWin.exe"
"c:\utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.exe"
"c:\utils\NERO 8.3.6.0+KEYGEN\Nero-8.3.6.0_eng_update.rar"
"c:\utils\PlayFLV.exe"
"c:\utils\PowerISO\keygen.exe"
"c:\utils\Uniblue RegistryBooster 2011 v.6.0.7.2 + Serial.rar"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 13:40 . 2012-02-06 15:24 -------- d-----w- c:\documents and settings\User\Application Data\KeePass
2012-02-06 13:37 . 2012-02-06 13:37 -------- d-----w- c:\program files\KeePass Password Safe 2
2012-02-04 19:17 . 2012-02-04 19:17 -------- d-----w- C:\RkUnhooker
2012-02-04 17:45 . 2012-02-04 17:45 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-04 17:45 . 2012-02-04 17:45 -------- d-----w- c:\program files\Trend Micro
2012-02-03 17:16 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-02-03 17:16 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-02-03 17:16 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-02-03 17:16 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-02-03 17:16 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-02-03 17:16 . 2012-02-03 17:17 -------- d-----w- c:\program files\Trojan Remover
2012-02-03 17:16 . 2012-02-03 17:16 -------- d-----w- c:\documents and settings\User\Application Data\Simply Super Software
2012-02-03 17:16 . 2012-02-03 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2012-02-03 16:43 . 2012-02-04 21:31 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-03 13:54 . 2011-06-21 10:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-03 13:54 . 2012-02-03 13:54 -------- d-----w- c:\documents and settings\User\Application Data\Spyware Terminator
2012-02-03 13:54 . 2012-02-06 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2012-02-03 13:48 . 2012-02-03 13:48 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-02-03 13:48 . 2012-02-03 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-03 13:48 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 13:48 . 2012-02-03 13:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 13:23 . 2012-02-03 13:54 -------- d-----w- c:\program files\Spyware Terminator
2012-02-02 17:44 . 2012-02-02 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-01 12:09 . 2012-02-01 12:32 -------- d-----w- C:\UserScripts
2012-01-29 20:11 . 2012-01-29 20:12 -------- d-----w- c:\program files\MKVToolNix
2012-01-19 18:42 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-19 18:42 . 2001-08-17 12:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-01-19 17:08 . 2012-02-04 18:48 -------- d-----w- c:\documents and settings\User\Application Data\HPAppData
2012-01-19 16:58 . 2009-03-31 16:21 713728 ----a-r- c:\windows\system32\hposwia_d02d.dll
2012-01-19 16:58 . 2009-03-31 16:21 589824 ----a-r- c:\windows\system32\hpost_d02d.dll
2012-01-19 16:58 . 2009-03-31 16:21 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2012-01-19 16:58 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-01-19 16:53 . 2012-01-19 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-01-19 16:51 . 2012-01-19 16:51 -------- d-----w- c:\program files\Common Files\HP
2012-01-18 01:41 . 2012-01-18 01:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-18 01:41 . 2012-01-18 01:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-18 01:41 . 2012-01-18 01:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-18 01:41 . 2012-01-18 01:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-18 00:44 . 2012-01-18 00:44 -------- d-----w- c:\program files\Screenshot Utility
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-01-08 21:43 . 2012-01-08 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2012-01-08 20:06 . 2012-02-01 23:29 -------- d-----w- c:\program files\SpeedFan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 21:19 . 2011-05-24 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 01:42 . 2011-05-05 21:28 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-06_03.40.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-06 13:38 . 2012-02-06 13:38 4925952 c:\windows\assembly\NativeImages_v4.0.30319_32\KeePass\ee52b94b425df9740607183277792d68\KeePass.ni.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"uTorrent"="c:\documents and settings\User\Desktop\utorrent.exe" [2011-10-22 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2011-10-01 92960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2010-09-11 1093632]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-10-19 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-10-19 1206544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"IMJPMIG9.0"="c:\program files\Common Files\Microsoft Shared\IME\IMJP9\imjprmzb.exe" [2007-04-19 40288]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-10-01 1044480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-09 3076144]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-01-10 2779824]
"SpywareTerminatorUpdater"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-01-10 3621040]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2011-05-18 1233856]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-9-8 575488]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-1-24 50688]
Dyn Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2011-11-15 78192]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-10-19 01:08 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
IME File REG_SZ IMSC40A.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMEKR70.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\ACMainGUI.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Torenkey\\Torenkey.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7F08A772-2816-4F46-84F1-49578502AD28}\\setup\\hpznui01.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\User\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Vip\\Vip Communicator\\Vip Communicator.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [24.1.2011 3:38 24304]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2007 22:27 682232]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [24.1.2011 3:36 13680]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [3.2.2012 14:54 32768]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [24.9.2007 18:11 566560]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [24.1.2011 3:38 132456]
R2 Dyn Updater;Dyn Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [15.11.2011 18:20 95608]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.8.2011 21:39 974944]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [24.1.2011 3:38 53248]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\Spyware Terminator\st_rsser.exe [3.2.2012 14:54 482992]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [24.1.2011 3:36 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [24.1.2011 3:36 64440]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11.9.2010 13:56 1118208]
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [24.1.2011 15:06 6609920]
R3 Pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5.1.2010 14:00 47360]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [13.7.2005 3:55 23080]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.2.2008 15:54 37312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.9.2009 15:58 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [24.1.2011 3:36 45496]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.9.2009 15:58 133104]
S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [12.5.2008 20:08 31128]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23.7.2010 12:36 24576]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [28.8.2007 20:59 223128]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 59312827
*NewlyCreated* - ASWMBR
*Deregistered* - 59312827
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 02:15]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 14:58]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 14:58]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-515967899-682003330-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-06 13:29]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-515967899-682003330-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-06 13:29]
.
2012-01-17 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29]
.
2012-02-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-01-24 00:29]
.
2012-02-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-515967899-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-02-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-515967899-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-02-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-515967899-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-02-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-515967899-682003330-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
2012-02-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29]
.
2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{C46E964B-AC89-46F0-A6ED-4D6096AF934C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.net.hr/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device...
IE: Slanje na &Bluetooth uređaj... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Slanje na Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.191.128.8 213.191.128.9
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\i2phq3yp.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - hxxp://www.net.hr/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(5048)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-06 21:37:17
ComboFix-quarantined-files.txt 2012-02-06 20:37
ComboFix2.txt 2012-02-06 03:44
.
Pre-Run: 17.900.388.352 bytes free
Post-Run: 17.867.116.544 bytes free
.
- - End Of File - - 4E632587D9F08DC31DE1114F1F816C83





Everything seems to be running just fine. Thanks a lot for your help!

P.S. Should I uninstall ComboFix?



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 06 February 2012 - 04:09 PM

Hi

Just some housekeeping to do now,

Please do the following:


You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2012 - 08:41 PM

Hi again!

Seems my joy was a bit premature...
Since the last reboot I've experienced similar symptoms as before your initial intervention, including but not limited to very slow web site opening (in IE, Firefox, Opera and Chrome), total incapacity to access google webmail and so on.
I have then tried to boot into safe mode, but during the boot sequence (still in dos) the mashine got stuck while loading the giveio.sys from the system32 folder, and eventually rebooted. Once again I tried to access safe mode, this time successfully (kind of...) but when the log on screen appeared along my profile (and I do have administrator privileges), the default Administrator profile also appeared. However I could not access it, as it was password protected. I have never modified that default profile, and afaik, there should be no password.
If you think you could take a look into this issue, I would be very grateful.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 06 February 2012 - 08:59 PM

Hi,

this may not be malware related, but let's take a deeper look

please run the following:

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2012 - 10:08 PM

ListParts by Farbar
Ran by User on 07-02-2012 at 04:05:16
Windows XP (X86)
Running From: C:\Documents and Settings\User\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 80%
Total physical RAM: 1014.42 MB
Available physical RAM: 198.94 MB
Total Pagefile: 2441.35 MB
Available Pagefile: 1693.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.16 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:93.16 GB) (Free:16.44 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 93 GB 32 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 93 GB Healthy System (partition with boot components)


****** End Of Log ******

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:08 PM

Posted 06 February 2012 - 10:30 PM

That looks fine

please run the following:

  • Click Start > Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following: chkdsk c: /r and hit the Enter/Return key.
    Note: chkdsk c: /r presumes that the disk upon which you wish to run Error Checking is your C: Drive (most often)
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.


NEXT



Run System File Checker

To use System File Checker, follow these steps:

  • Click Start, click Run, type cmd.exe, and then click OK.
  • At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  • At the command prompt, type exit, and then press ENTER to close the command prompt.


let me know in as much detail as possible any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Gile54

Gile54
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 07 February 2012 - 12:24 PM

Hi,

I did some research and found out the giveio.sys was installed by an application called SpeedFan. The hanging in boot seems to occur regulary with this driver installed. I then proceeded to uninstall SpeedFan via Revo uninstaller, which also removed the giveio.sys...
Afterwards, I ran chkdsk, as described, and system file checker (btw, the only available windows installation source was an xp sp2 cd, while I have the sp3 installed on the comp...hope that's not a problem).
Still cannot access the default Admin account in safe mode logon screen.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users