Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Chrome & Firefox, Trojan


  • This topic is locked This topic is locked
30 replies to this topic

#1 chromecarz00

chromecarz00

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 24 February 2012 - 02:25 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_18
Run by § at 13:19:47 on 2012-02-23
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.806 [GMT -8:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe
C:\Windows\system32\WebUpdateSvc4.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files\Unified Remote\RemoteServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\§\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57515
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - Windows Live Toolbar Helper
BHO: 1 (0x1) - No File
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\prxtbTVer.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BackgroundSwitcher] "c:\program files\johnsadventures.com\john's background switcher\BackgroundSwitcher.exe"
uRun: [Unified Remote v2] c:\program files\unified remote\RemoteServer.exe
uRun: [Google Update] "c:\users\§\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [{BF12B03B-501B-42A1-67E8-0C7654F7679B}] c:\users\§\appdata\roaming\skype\chromecarz00\chatsync\b4\SearchIndexer.exe
uRun: [{00000000-0000-0000-0000-000000000000}] c:\users\§\appdata\roaming\skype\chromecarz00\chatsync\b4\SearchIndexer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe
mRun: [GzSnd] %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Rainmeter.lnk.disabled
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\§\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: SmarThru4 Capture Selection
IE: SmarThru4 Save as HTML
IE: SmarThru4 Save Selected Text
IE: SmarThru4 Web Capture
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: mswsock.dll
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{198347B0-BF60-42BA-B821-6200A1CF245B} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{8C7D5F45-6D58-4062-96E7-32BFB96D23BE} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\§\appdata\roaming\mozilla\firefox\profiles\7ru8xynk.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.woot.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\millisecond software\inquisit 2.0 mozilla plugin\npInquisit_20610047.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\users\â§\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\â§\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-7 64160]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-18 13680]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-25 21504]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-8-1 93032]
R2 Remote Solver for Flow Simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\solidworks corp\solidworks flow simulation\bincfw\StandAloneSlv.exe [2010-4-19 71432]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-10-16 1153368]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R3 BTWAMPFL;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-8-5 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-8-5 33832]
R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-2-28 22656]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2007-3-14 24576]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-4-3 23152]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2009-8-6 36392]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-1-18 48192]
S2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2011-8-4 79136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c987bf9050d690;Google Update Service (gupdate1c987bf9050d690);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-4 45496]
S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2008-9-25 21504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-5-18 45736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2010-6-15 87336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2008-8-4 33808]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-15 29192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 PCD5SRVC{DF187064-5DA14001-05040000};PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pcdr5\PCD5SRVC.pkms [2008-9-25 20640]
S3 rt70x86;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\drivers\netr70.sys [2010-4-27 306016]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2012-02-16 10:56:39 -------- d-----w- c:\program files\ESET
2012-02-15 11:16:05 98992 ----a-w- c:\windows\system32\drivers\61219224.sys
2012-02-15 11:15:16 -------- dcs---w- C:\123
2012-02-15 11:15:06 -------- d-----w- c:\users\§\appdata\roaming\FixTDSS
2012-02-15 11:15:05 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-14 08:48:34 -------- d-----w- c:\users\§\appdata\roaming\EbkReader
2012-02-14 05:25:15 -------- d-----w- c:\program files\SplitMediaLabs
2012-02-14 05:19:04 -------- d-----w- c:\program files\Xiph.Org
2012-02-14 05:18:57 -------- d-----w- c:\program files\TVersity Codec Pack
2012-02-14 05:18:44 -------- d-----w- c:\program files\Conduit
2012-02-14 05:18:37 -------- d-----w- c:\users\§\appdata\local\Conduit
2012-02-14 05:18:36 -------- d-----w- c:\program files\TVersitybar
2012-02-13 05:06:24 -------- d--h--w- c:\windows\system32\Settings
2012-02-13 03:42:28 98816 ----a-w- c:\windows\sed.exe
2012-02-13 03:42:28 518144 ----a-w- c:\windows\SWREG.exe
2012-02-13 03:42:28 256000 ----a-w- c:\windows\PEV.exe
2012-02-13 03:42:28 208896 ----a-w- c:\windows\MBR.exe
2012-02-13 03:08:03 -------- d-----w- c:\users\§\appdata\local\DDMSettings
2012-02-10 06:52:37 -------- d-----w- c:\users\§\appdata\local\Facebook
2012-02-08 10:02:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 11:52:31 -------- d-----w- c:\users\§\appdata\roaming\825CE
2012-02-07 11:51:54 -------- d-----w- c:\users\§\appdata\roaming\FC782
2012-02-07 09:22:13 -------- d-----w- c:\users\§\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-02-06 06:26:47 -------- d-----w- c:\programdata\TVersity
2012-02-06 06:16:48 -------- d-----w- c:\users\§\appdata\local\-XL-_Development
2012-02-06 06:08:51 -------- d-----w- c:\users\§\appdata\local\PackageAware
2012-02-01 11:35:28 -------- d-----w- c:\users\§\appdata\roaming\Media Finder
2012-02-01 11:10:24 1554944 ----a-w- c:\windows\system32\vorbis.acm
2012-02-01 11:10:15 -------- d-----w- c:\program files\Outsim
.
==================== Find3M ====================
.
2012-02-17 11:46:33 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-15 18:34:49 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-14 02:16:59 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 19:14:18 72192 ------w- c:\windows\system32\drivers\tdx.sys
2012-02-13 18:57:48 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-07 12:01:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 02:28:28 133616 ------w- c:\windows\system32\pxafs.dll
2011-11-29 02:28:28 126448 ------w- c:\windows\system32\pxinsi64.exe
.
============= FINISH: 13:22:31.95 ===============



I also have a GMER log to post if necessary. Here is the topic which this all spawned from;
http://www.bleepingcomputer.com/forums/topic34773.html

I have a redirect virus that appears as a Trojan on most spyware programs. Won't remove from Spybot, Malawarebytes, or any other programs! Please help!

Apologies the thread is actually http://www.bleepingcomputer.com/forums/topic442719.html/page__st__15__p__2609112#entry2609112

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 25 February 2012 - 02:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 27 February 2012 - 11:51 AM

So I left combofix overnight (didn't touch the window) and it's still at the "scan times typically take 10 minutes)...

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 27 February 2012 - 12:48 PM

Greetings

Stop it and then I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 27 February 2012 - 01:13 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 03:29:00
-----------------------------
03:29:00.405 OS Version: Windows 6.0.6002 Service Pack 2
03:29:00.407 Number of processors: 2 586 0xF0A
03:29:00.408 ComputerName: MINWINPC UserName: §
03:29:03.947 Initialize success
03:29:08.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:29:08.994 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
03:29:09.015 Disk 0 MBR read successfully
03:29:09.018 Disk 0 MBR scan
03:29:09.022 Disk 0 unknown MBR code
03:29:09.032 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
03:29:09.047 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
03:29:09.052 Disk 0 scanning sectors +976773120
03:29:09.089 Disk 0 scanning C:\Windows\system32\drivers
03:29:22.211 Service scanning
03:29:25.526 Service i8042prt C:\Windows\system32\drivers\tskFE37.tmp **LOCKED** 32
03:29:27.517 Modules scanning
03:29:30.416 Module: C:\Windows\system32\DRIVERS\i8042prt.sys **SUSPICIOUS**
03:29:34.762 Disk 0 trace - called modules:
03:29:34.805 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ff65fc0]<<
03:29:34.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881335a8]
03:29:34.817 3 CLASSPNP.SYS[8bda08b3] -> nt!IofCallDriver -> [0x88c85920]
03:29:34.822 \Driver\00005369[0x88c85a58] -> IRP_MJ_CREATE -> 0x8ff65fc0
03:29:34.827 Scan finished successfully
03:31:18.897 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
03:31:18.952 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 14:13:48
-----------------------------
14:13:48.025 OS Version: Windows 6.0.6002 Service Pack 2
14:13:48.025 Number of processors: 2 586 0xF0A
14:13:48.026 ComputerName: MINWINPC UserName: §
14:14:11.971 Initialize success
14:14:32.758 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:14:32.769 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
14:14:32.791 Disk 0 MBR read successfully
14:14:32.795 Disk 0 MBR scan
14:14:32.800 Disk 0 unknown MBR code
14:14:32.808 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
14:14:32.822 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
14:14:32.830 Disk 0 scanning sectors +976773120
14:14:32.873 Disk 0 scanning C:\Windows\system32\drivers
14:14:46.006 Service scanning
14:15:09.486 Modules scanning
14:15:13.748 Module: C:\Windows\system32\DRIVERS\tdx.sys **SUSPICIOUS**
14:15:16.653 Disk 0 trace - called modules:
14:15:16.682 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xb2fb8fc0]<<
14:15:17.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8809b6e0]
14:15:17.016 3 CLASSPNP.SYS[8bda58b3] -> nt!IofCallDriver -> [0x8bbe9030]
14:15:17.026 \Driver\00007327[0x8bbfb5e0] -> IRP_MJ_CREATE -> 0xb2fb8fc0
14:15:17.035 Scan finished successfully
14:16:59.921 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
14:16:59.944 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 09:56:46
-----------------------------
09:56:46.481 OS Version: Windows 6.0.6002 Service Pack 2
09:56:46.481 Number of processors: 2 586 0xF0A
09:56:46.482 ComputerName: MINWINPC UserName: §
09:56:51.690 Initialize success
09:58:24.006 AVAST engine defs: 12022700
09:58:56.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:58:56.193 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
09:58:56.213 Disk 0 MBR read successfully
09:58:56.215 Disk 0 MBR scan
09:58:56.219 Disk 0 unknown MBR code
09:58:56.230 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
09:58:56.244 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
09:58:56.251 Disk 0 scanning sectors +976773120
09:58:56.290 Disk 0 scanning C:\Windows\system32\drivers
09:59:09.699 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JQ [Trj]
09:59:13.374 Disk 0 trace - called modules:
09:59:13.398 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x91e69fc0]<<
09:59:13.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88183748]
09:59:13.744 3 CLASSPNP.SYS[8bd9a8b3] -> nt!IofCallDriver -> [0x8a5c3d88]
09:59:13.757 \Driver\00006128[0x8a5c3ec0] -> IRP_MJ_CREATE -> 0x91e69fc0
09:59:18.370 AVAST engine scan C:\Windows
09:59:34.090 AVAST engine scan C:\Windows\system32
10:05:52.987 AVAST engine scan C:\Windows\system32\drivers
10:06:17.359 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Sirefef-JQ [Trj]
10:06:31.626 AVAST engine scan C:\Users\§
10:12:05.899 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
10:12:05.937 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"

09:50:47.0769 8480 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
09:50:48.0482 8480 ============================================================
09:50:48.0482 8480 Current date / time: 2012/02/27 09:50:48.0482
09:50:48.0482 8480 SystemInfo:
09:50:48.0482 8480
09:50:48.0482 8480 OS Version: 6.0.6002 ServicePack: 2.0
09:50:48.0482 8480 Product type: Workstation
09:50:48.0482 8480 ComputerName: MINWINPC
09:50:48.0483 8480 UserName: §
09:50:48.0483 8480 Windows directory: C:\Windows
09:50:48.0483 8480 System windows directory: C:\Windows
09:50:48.0483 8480 Processor architecture: Intel x86
09:50:48.0483 8480 Number of processors: 2
09:50:48.0483 8480 Page size: 0x1000
09:50:48.0483 8480 Boot type: Normal boot
09:50:48.0483 8480 ============================================================
09:50:49.0169 8480 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:50:49.0173 8480 \Device\Harddisk0\DR0:
09:50:49.0174 8480 MBR used
09:50:49.0174 8480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B76800, BlocksNum 0x3780F800
09:50:49.0254 8480 Initialize success
09:50:49.0254 8480 ============================================================
09:50:52.0495 3320 ============================================================
09:50:52.0495 3320 Scan started
09:50:52.0495 3320 Mode: Manual;
09:50:52.0495 3320 ============================================================
09:50:53.0766 3320 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
09:50:53.0774 3320 ACPI - ok
09:50:53.0839 3320 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
09:50:53.0848 3320 ADIHdAudAddService - ok
09:50:53.0908 3320 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:50:53.0919 3320 adp94xx - ok
09:50:53.0988 3320 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:50:53.0996 3320 adpahci - ok
09:50:54.0038 3320 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:50:54.0042 3320 adpu160m - ok
09:50:54.0076 3320 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:50:54.0081 3320 adpu320 - ok
09:50:54.0154 3320 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:50:54.0168 3320 AFD - ok
09:50:54.0201 3320 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:50:54.0207 3320 agp440 - ok
09:50:54.0287 3320 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:50:54.0291 3320 aic78xx - ok
09:50:54.0332 3320 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:50:54.0334 3320 aliide - ok
09:50:54.0361 3320 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:50:54.0363 3320 amdagp - ok
09:50:54.0425 3320 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:50:54.0431 3320 amdide - ok
09:50:54.0477 3320 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:50:54.0479 3320 AmdK7 - ok
09:50:54.0533 3320 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:50:54.0536 3320 AmdK8 - ok
09:50:54.0635 3320 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:50:54.0642 3320 arc - ok
09:50:54.0687 3320 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:50:54.0703 3320 arcsas - ok
09:50:54.0736 3320 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:50:54.0736 3320 AsyncMac - ok
09:50:54.0933 3320 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:50:54.0940 3320 atapi - ok
09:50:54.0996 3320 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:50:55.0002 3320 b57nd60x - ok
09:50:55.0050 3320 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:50:55.0051 3320 Beep - ok
09:50:55.0070 3320 blbdrive - ok
09:50:55.0217 3320 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:50:55.0222 3320 bowser - ok
09:50:55.0283 3320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:50:55.0291 3320 BrFiltLo - ok
09:50:55.0340 3320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:50:55.0342 3320 BrFiltUp - ok
09:50:55.0383 3320 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:50:55.0388 3320 Brserid - ok
09:50:55.0457 3320 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
09:50:55.0460 3320 BrSerIf - ok
09:50:55.0516 3320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:50:55.0519 3320 BrSerWdm - ok
09:50:55.0564 3320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:50:55.0566 3320 BrUsbMdm - ok
09:50:55.0641 3320 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
09:50:55.0645 3320 BrUsbSer - ok
09:50:55.0716 3320 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
09:50:55.0720 3320 BthEnum - ok
09:50:55.0785 3320 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
09:50:55.0785 3320 BTHMODEM - ok
09:50:55.0843 3320 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
09:50:55.0846 3320 BthPan - ok
09:50:55.0962 3320 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
09:50:55.0996 3320 BTHPORT - ok
09:50:56.0087 3320 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
09:50:56.0091 3320 BTHUSB - ok
09:50:56.0185 3320 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
09:50:56.0192 3320 btusbflt - ok
09:50:56.0240 3320 BTWAMPFL (2a0de6423d6be95c96124fc66046176e) C:\Windows\system32\DRIVERS\btwampfl.sys
09:50:56.0247 3320 BTWAMPFL - ok
09:50:56.0302 3320 btwaudio (cc0a5e69d19b5c1ecc6cf9bf3acc3969) C:\Windows\system32\drivers\btwaudio.sys
09:50:56.0306 3320 btwaudio - ok
09:50:56.0358 3320 btwavdt (9abea4dc976e3f47da2d4b169719cbaa) C:\Windows\system32\drivers\btwavdt.sys
09:50:56.0363 3320 btwavdt - ok
09:50:56.0401 3320 btwl2cap (a94032a7755164e13c75e0e7409afd65) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:50:56.0403 3320 btwl2cap - ok
09:50:56.0465 3320 btwrchid (1e5468447e4d18fbea5f01267d6495a5) C:\Windows\system32\DRIVERS\btwrchid.sys
09:50:56.0475 3320 btwrchid - ok
09:50:56.0587 3320 catchme - ok
09:50:56.0851 3320 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:50:56.0851 3320 cdfs - ok
09:50:56.0918 3320 cdrom - ok
09:50:56.0993 3320 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:50:56.0997 3320 circlass - ok
09:50:57.0220 3320 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:50:57.0239 3320 CLFS - ok
09:50:57.0331 3320 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:50:57.0338 3320 CmBatt - ok
09:50:57.0394 3320 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:50:57.0396 3320 cmdide - ok
09:50:57.0427 3320 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:50:57.0430 3320 Compbatt - ok
09:50:57.0468 3320 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:50:57.0469 3320 crcdisk - ok
09:50:57.0506 3320 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:50:57.0514 3320 Crusoe - ok
09:50:57.0603 3320 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
09:50:57.0662 3320 CSC - ok
09:50:57.0707 3320 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
09:50:57.0710 3320 CVirtA - ok
09:50:57.0820 3320 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
09:50:57.0848 3320 CVPNDRVA - ok
09:50:57.0943 3320 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:50:57.0951 3320 DfsC - ok
09:50:58.0004 3320 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
09:50:58.0007 3320 DgiVecp - ok
09:50:58.0084 3320 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:50:58.0087 3320 disk - ok
09:50:58.0134 3320 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
09:50:58.0138 3320 DNE - ok
09:50:58.0236 3320 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:50:58.0240 3320 Dot4 - ok
09:50:58.0282 3320 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:50:58.0289 3320 Dot4Print - ok
09:50:58.0323 3320 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
09:50:58.0325 3320 Dot4Scan - ok
09:50:58.0356 3320 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:50:58.0359 3320 dot4usb - ok
09:50:58.0428 3320 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:50:58.0430 3320 drmkaud - ok
09:50:58.0480 3320 DroidCam (d9f07d1b8dff55480a88eb4f9cde5824) C:\Windows\system32\drivers\droidcam.sys
09:50:58.0482 3320 DroidCam - ok
09:50:58.0556 3320 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:50:58.0574 3320 DXGKrnl - ok
09:50:58.0680 3320 e1express (684780bc2120dc5c7b61c4e4da340f6c) C:\Windows\system32\DRIVERS\e1e6032.sys
09:50:58.0687 3320 e1express - ok
09:50:58.0731 3320 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:50:58.0735 3320 E1G60 - ok
09:50:58.0803 3320 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:50:58.0808 3320 Ecache - ok
09:50:58.0851 3320 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:50:58.0859 3320 elxstor - ok
09:50:58.0988 3320 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:50:58.0988 3320 exfat - ok
09:50:59.0016 3320 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:50:59.0022 3320 fastfat - ok
09:50:59.0066 3320 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:50:59.0069 3320 fdc - ok
09:50:59.0124 3320 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:50:59.0126 3320 FileInfo - ok
09:50:59.0160 3320 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:50:59.0163 3320 Filetrace - ok
09:50:59.0192 3320 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:50:59.0194 3320 flpydisk - ok
09:50:59.0228 3320 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:50:59.0233 3320 FltMgr - ok
09:50:59.0300 3320 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:50:59.0302 3320 Fs_Rec - ok
09:50:59.0332 3320 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:50:59.0335 3320 gagp30kx - ok
09:50:59.0372 3320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:50:59.0376 3320 GEARAspiWDM - ok
09:50:59.0421 3320 GzTpHid (f5384d94508875c427ac9e4f0018e854) C:\Windows\system32\DRIVERS\GzTpHid.sys
09:50:59.0423 3320 GzTpHid - ok
09:50:59.0467 3320 HBtnKey (72e296127300412d1d472f6471c69ab2) C:\Windows\system32\DRIVERS\tkbtnpn.sys
09:50:59.0469 3320 HBtnKey - ok
09:50:59.0518 3320 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:50:59.0526 3320 HdAudAddService - ok
09:50:59.0589 3320 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:50:59.0591 3320 HDAudBus - ok
09:50:59.0635 3320 HECI (fa83d4e20326aa10216b81b8bb27bc44) C:\Windows\system32\DRIVERS\HECI.sys
09:50:59.0641 3320 HECI - ok
09:50:59.0681 3320 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:50:59.0683 3320 HidBth - ok
09:50:59.0715 3320 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:50:59.0721 3320 HidIr - ok
09:50:59.0799 3320 HidUsb (c917f0c196ac0e4b6b9d3f0fa860af53) C:\Windows\system32\DRIVERS\hidusb.sys
09:50:59.0800 3320 HidUsb - ok
09:50:59.0838 3320 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:50:59.0840 3320 HpCISSs - ok
09:50:59.0904 3320 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:50:59.0909 3320 HSFHWAZL - ok
09:51:00.0052 3320 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:51:00.0144 3320 HSF_DPV - ok
09:51:00.0210 3320 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:51:00.0222 3320 HSXHWAZL - ok
09:51:00.0314 3320 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:51:00.0347 3320 HTTP - ok
09:51:00.0399 3320 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:51:00.0401 3320 i2omp - ok
09:51:00.0493 3320 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:51:00.0542 3320 i8042prt - ok
09:51:00.0851 3320 ialm (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:51:00.0904 3320 ialm - ok
09:51:00.0956 3320 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
09:51:00.0959 3320 iaStor - ok
09:51:01.0005 3320 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:51:01.0012 3320 iaStorV - ok
09:51:01.0059 3320 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:51:01.0061 3320 IBMPMDRV - ok
09:51:01.0172 3320 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:51:01.0201 3320 igfx - ok
09:51:01.0242 3320 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:51:01.0244 3320 iirsp - ok
09:51:01.0321 3320 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:51:01.0329 3320 intelide - ok
09:51:01.0394 3320 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:51:01.0396 3320 intelppm - ok
09:51:01.0451 3320 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:51:01.0453 3320 IpFilterDriver - ok
09:51:01.0485 3320 IpInIp - ok
09:51:01.0524 3320 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:51:01.0529 3320 IPMIDRV - ok
09:51:01.0557 3320 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:51:01.0560 3320 IPNAT - ok
09:51:01.0618 3320 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:51:01.0620 3320 IRENUM - ok
09:51:01.0646 3320 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:51:01.0649 3320 isapnp - ok
09:51:01.0723 3320 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
09:51:01.0729 3320 iScsiPrt - ok
09:51:01.0758 3320 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:51:01.0760 3320 iteatapi - ok
09:51:01.0789 3320 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:51:01.0792 3320 iteraid - ok
09:51:01.0862 3320 Iviaspi (6cc0445b21295f16116cf787f8028444) C:\Windows\system32\drivers\iviaspi.sys
09:51:01.0862 3320 Iviaspi - ok
09:51:01.0898 3320 iviVD (2071443f12b5823cf8dad4f28a1dae17) C:\Windows\system32\DRIVERS\iviVD.sys
09:51:01.0899 3320 iviVD - ok
09:51:01.0931 3320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:51:01.0933 3320 kbdclass - ok
09:51:01.0963 3320 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:51:01.0963 3320 kbdhid - ok
09:51:02.0026 3320 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:51:02.0036 3320 KSecDD - ok
09:51:02.0110 3320 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
09:51:02.0113 3320 Lbd - ok
09:51:02.0163 3320 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
09:51:02.0165 3320 lenovo.smi - ok
09:51:02.0210 3320 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:51:02.0214 3320 lltdio - ok
09:51:02.0300 3320 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:51:02.0304 3320 LSI_FC - ok
09:51:02.0376 3320 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:51:02.0379 3320 LSI_SAS - ok
09:51:02.0414 3320 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:51:02.0417 3320 LSI_SCSI - ok
09:51:02.0451 3320 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:51:02.0454 3320 luafv - ok
09:51:02.0484 3320 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\Windows\system32\mbmiodrvr.sys
09:51:02.0487 3320 mbmiodrvr - ok
09:51:02.0507 3320 mcdbus - ok
09:51:02.0552 3320 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:51:02.0554 3320 mdmxsdk - ok
09:51:02.0584 3320 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:51:02.0587 3320 megasas - ok
09:51:02.0627 3320 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:51:02.0630 3320 Modem - ok
09:51:02.0672 3320 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:51:02.0672 3320 monitor - ok
09:51:02.0716 3320 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:51:02.0717 3320 mouclass - ok
09:51:02.0749 3320 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:51:02.0751 3320 mouhid - ok
09:51:02.0772 3320 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:51:02.0774 3320 MountMgr - ok
09:51:02.0805 3320 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:51:02.0847 3320 mpio - ok
09:51:02.0874 3320 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:51:02.0876 3320 mpsdrv - ok
09:51:02.0902 3320 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:51:02.0904 3320 Mraid35x - ok
09:51:02.0963 3320 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:51:02.0967 3320 MRxDAV - ok
09:51:03.0039 3320 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:51:03.0043 3320 mrxsmb - ok
09:51:03.0107 3320 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:51:03.0113 3320 mrxsmb10 - ok
09:51:03.0167 3320 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:51:03.0171 3320 mrxsmb20 - ok
09:51:03.0225 3320 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:51:03.0225 3320 msahci - ok
09:51:03.0257 3320 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:51:03.0257 3320 msdsm - ok
09:51:03.0311 3320 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:51:03.0314 3320 Msfs - ok
09:51:03.0386 3320 MSHUSBVideo (01446556c149bba152e2ff79e296889f) C:\Windows\system32\Drivers\nx6000.sys
09:51:03.0388 3320 MSHUSBVideo - ok
09:51:03.0431 3320 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:51:03.0434 3320 msisadrv - ok
09:51:03.0480 3320 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:51:03.0484 3320 MSKSSRV - ok
09:51:03.0517 3320 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:51:03.0519 3320 MSPCLOCK - ok
09:51:03.0553 3320 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:51:03.0555 3320 MSPQM - ok
09:51:03.0601 3320 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:51:03.0603 3320 MsRPC - ok
09:51:03.0647 3320 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:51:03.0650 3320 mssmbios - ok
09:51:03.0702 3320 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:51:03.0704 3320 MSTEE - ok
09:51:03.0752 3320 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:51:03.0754 3320 Mup - ok
09:51:03.0832 3320 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:51:03.0837 3320 NativeWifiP - ok
09:51:03.0915 3320 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:51:03.0928 3320 NDIS - ok
09:51:03.0983 3320 Ndisprot (d3cc1a514fd1ae44a7ed3c5e170961c7) C:\Windows\system32\drivers\Ndisprot.sys
09:51:03.0986 3320 Ndisprot - ok
09:51:04.0026 3320 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:51:04.0028 3320 NdisTapi - ok
09:51:04.0064 3320 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:51:04.0066 3320 Ndisuio - ok
09:51:04.0113 3320 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:51:04.0117 3320 NdisWan - ok
09:51:04.0166 3320 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:51:04.0167 3320 NDProxy - ok
09:51:04.0204 3320 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:51:04.0206 3320 NetBIOS - ok
09:51:04.0275 3320 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:51:04.0307 3320 netbt - ok
09:51:04.0431 3320 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
09:51:04.0482 3320 NETw4v32 - ok
09:51:04.0649 3320 NETw5v32 (39cba1ae2a400ef99c3dec9f9f601876) C:\Windows\system32\DRIVERS\NETw5v32.sys
09:51:04.0775 3320 NETw5v32 - ok
09:51:04.0885 3320 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:51:04.0887 3320 nfrd960 - ok
09:51:04.0940 3320 nmwcd (9a908a9bb857c2cceb2907eb9dcaeb8b) C:\Windows\system32\drivers\ccdcmb.sys
09:51:04.0942 3320 nmwcd - ok
09:51:04.0980 3320 nmwcdc (68ec3ee2348e475ea62c66e6aafcfc9b) C:\Windows\system32\drivers\ccdcmbo.sys
09:51:04.0981 3320 nmwcdc - ok
09:51:05.0023 3320 nmwcdnsu (be7fd9ca07e7d39f77c78ba5756930d9) C:\Windows\system32\drivers\nmwcdnsu.sys
09:51:05.0028 3320 nmwcdnsu - ok
09:51:05.0088 3320 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:51:05.0090 3320 Npfs - ok
09:51:05.0121 3320 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:51:05.0123 3320 nsiproxy - ok
09:51:05.0207 3320 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:51:05.0236 3320 Ntfs - ok
09:51:05.0298 3320 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:51:05.0300 3320 ntrigdigi - ok
09:51:05.0338 3320 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:51:05.0340 3320 Null - ok
09:51:05.0435 3320 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:51:05.0436 3320 nvraid - ok
09:51:05.0472 3320 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:51:05.0474 3320 nvstor - ok
09:51:05.0520 3320 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:51:05.0523 3320 nv_agp - ok
09:51:05.0549 3320 NwlnkFlt - ok
09:51:05.0582 3320 NwlnkFwd - ok
09:51:05.0647 3320 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
09:51:05.0655 3320 ohci1394 - ok
09:51:05.0726 3320 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
09:51:05.0730 3320 Parport - ok
09:51:05.0783 3320 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:51:05.0786 3320 partmgr - ok
09:51:05.0830 3320 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
09:51:05.0832 3320 Parvdm - ok
09:51:05.0895 3320 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
09:51:05.0897 3320 pccsmcfd - ok
09:51:06.0106 3320 PCD5SRVC{DF187064-5DA14001-05040000} (9489c4cf14126a06b061163d2b261c69) C:\PROGRA~1\PCDR5\PCD5SRVC.pkms
09:51:06.0222 3320 PCD5SRVC{DF187064-5DA14001-05040000} - ok
09:51:06.0389 3320 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:51:06.0404 3320 pci - ok
09:51:06.0453 3320 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
09:51:06.0459 3320 pciide - ok
09:51:06.0516 3320 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
09:51:06.0524 3320 pcmcia - ok
09:51:06.0696 3320 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:51:06.0726 3320 PEAUTH - ok
09:51:07.0119 3320 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:51:07.0140 3320 PptpMiniport - ok
09:51:07.0223 3320 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
09:51:07.0225 3320 PROCDD - ok
09:51:07.0271 3320 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:51:07.0274 3320 Processor - ok
09:51:07.0366 3320 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
09:51:07.0367 3320 psadd - ok
09:51:07.0486 3320 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:51:07.0494 3320 PSched - ok
09:51:07.0543 3320 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
09:51:07.0546 3320 PxHelp20 - ok
09:51:07.0626 3320 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:51:07.0655 3320 ql2300 - ok
09:51:07.0713 3320 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:51:07.0721 3320 ql40xx - ok
09:51:07.0781 3320 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:51:07.0784 3320 QWAVEdrv - ok
09:51:07.0825 3320 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:51:07.0828 3320 RasAcd - ok
09:51:07.0938 3320 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:51:07.0941 3320 Rasl2tp - ok
09:51:08.0038 3320 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:51:08.0040 3320 RasPppoe - ok
09:51:08.0135 3320 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:51:08.0139 3320 RasSstp - ok
09:51:08.0196 3320 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:51:08.0204 3320 rdbss - ok
09:51:08.0259 3320 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:51:08.0260 3320 RDPCDD - ok
09:51:08.0343 3320 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
09:51:08.0349 3320 rdpdr - ok
09:51:08.0381 3320 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:51:08.0383 3320 RDPENCDD - ok
09:51:08.0458 3320 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:51:08.0464 3320 RDPWD - ok
09:51:08.0590 3320 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
09:51:08.0592 3320 RFCOMM - ok
09:51:08.0637 3320 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:51:08.0640 3320 rspndr - ok
09:51:08.0717 3320 rt70x86 (5a54d765d6092b23d47ad9dbf7f6d7e4) C:\Windows\system32\DRIVERS\netr70.sys
09:51:08.0725 3320 rt70x86 - ok
09:51:08.0786 3320 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:51:08.0790 3320 sbp2port - ok
09:51:08.0862 3320 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
09:51:08.0866 3320 sdbus - ok
09:51:09.0049 3320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:51:09.0051 3320 secdrv - ok
09:51:09.0117 3320 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
09:51:09.0119 3320 Serenum - ok
09:51:09.0161 3320 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
09:51:09.0165 3320 Serial - ok
09:51:09.0218 3320 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:51:09.0221 3320 sermouse - ok
09:51:09.0347 3320 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:51:09.0349 3320 sffdisk - ok
09:51:09.0389 3320 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
09:51:09.0393 3320 sffp_mmc - ok
09:51:09.0482 3320 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:51:09.0485 3320 sffp_sd - ok
09:51:09.0541 3320 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
09:51:09.0543 3320 sfloppy - ok
09:51:09.0634 3320 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys
09:51:09.0637 3320 Shockprf - ok
09:51:09.0725 3320 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:51:09.0728 3320 sisagp - ok
09:51:09.0789 3320 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:51:09.0791 3320 SiSRaid2 - ok
09:51:09.0847 3320 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:51:09.0850 3320 SiSRaid4 - ok
09:51:09.0994 3320 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:51:09.0997 3320 Smb - ok
09:51:10.0072 3320 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
09:51:10.0074 3320 smihlp2 - ok
09:51:10.0165 3320 snapman (624f51c7c12b9aeec433a2dd9b43f90f) C:\Windows\system32\DRIVERS\snapman.sys
09:51:10.0167 3320 snapman - ok
09:51:10.0231 3320 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:51:10.0233 3320 spldr - ok
09:51:10.0311 3320 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:51:10.0318 3320 srv - ok
09:51:10.0371 3320 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:51:10.0376 3320 srv2 - ok
09:51:10.0456 3320 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:51:10.0461 3320 srvnet - ok
09:51:10.0510 3320 SSPORT - ok
09:51:10.0608 3320 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
09:51:10.0609 3320 StillCam - ok
09:51:10.0698 3320 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:51:10.0701 3320 swenum - ok
09:51:10.0765 3320 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:51:10.0767 3320 Symc8xx - ok
09:51:10.0806 3320 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:51:10.0808 3320 Sym_hi - ok
09:51:10.0851 3320 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:51:10.0853 3320 Sym_u3 - ok
09:51:10.0940 3320 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\Windows\system32\DRIVERS\tap0901.sys
09:51:10.0943 3320 tap0901 - ok
09:51:11.0036 3320 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:51:11.0063 3320 Tcpip - ok
09:51:11.0119 3320 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:51:11.0126 3320 Tcpip6 - ok
09:51:11.0184 3320 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:51:11.0185 3320 tcpipreg - ok
09:51:11.0240 3320 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\Windows\system32\Drivers\tcusb.sys
09:51:11.0242 3320 TcUsb - ok
09:51:11.0324 3320 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:51:11.0324 3320 TDPIPE - ok
09:51:11.0349 3320 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:51:11.0352 3320 TDTCP - ok
09:51:11.0410 3320 tdx (f8fa40f8e3b28b3c5aefb0bd31cc3b46) C:\Windows\system32\DRIVERS\tdx.sys
09:51:11.0415 3320 tdx ( Virus.Win32.ZAccess.c ) - infected
09:51:11.0415 3320 tdx - detected Virus.Win32.ZAccess.c (0)
09:51:11.0518 3320 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
09:51:11.0521 3320 TermDD - ok
09:51:11.0639 3320 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
09:51:11.0642 3320 tifsfilter - ok
09:51:11.0752 3320 timounter (1dcf219ec8de87c99b5ad6216000f6d3) C:\Windows\system32\DRIVERS\timntr.sys
09:51:11.0771 3320 timounter - ok
09:51:11.0844 3320 Tp4Track (1c950ae9c09904c229525f22eefc15db) C:\Windows\system32\DRIVERS\tp4track.sys
09:51:11.0847 3320 Tp4Track - ok
09:51:11.0888 3320 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys
09:51:11.0890 3320 TPDIGIMN - ok
09:51:11.0977 3320 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
09:51:11.0979 3320 TPM - ok
09:51:12.0045 3320 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:51:12.0047 3320 tssecsrv - ok
09:51:12.0090 3320 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:51:12.0092 3320 tunmp - ok
09:51:12.0142 3320 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:51:12.0145 3320 tunnel - ok
09:51:12.0215 3320 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
09:51:12.0216 3320 tvtfilter - ok
09:51:12.0267 3320 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
09:51:12.0269 3320 TVTI2C - ok
09:51:12.0350 3320 tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
09:51:12.0353 3320 tvtumon - ok
09:51:12.0437 3320 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:51:12.0440 3320 uagp35 - ok
09:51:12.0505 3320 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:51:12.0512 3320 udfs - ok
09:51:12.0587 3320 UIUSys - ok
09:51:12.0639 3320 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:51:12.0642 3320 uliagpkx - ok
09:51:12.0701 3320 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:51:12.0709 3320 uliahci - ok
09:51:12.0761 3320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:51:12.0765 3320 UlSata - ok
09:51:12.0835 3320 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:51:12.0840 3320 ulsata2 - ok
09:51:12.0944 3320 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:51:12.0949 3320 umbus - ok
09:51:13.0049 3320 upperdev (a34560a5d516a2f5240180370866b99d) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
09:51:13.0060 3320 upperdev - ok
09:51:13.0141 3320 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:51:13.0144 3320 USBAAPL - ok
09:51:13.0213 3320 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:51:13.0215 3320 usbaudio - ok
09:51:13.0299 3320 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:51:13.0305 3320 usbccgp - ok
09:51:13.0386 3320 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:51:13.0390 3320 usbcir - ok
09:51:13.0443 3320 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:51:13.0445 3320 usbehci - ok
09:51:13.0547 3320 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:51:13.0558 3320 usbhub - ok
09:51:13.0661 3320 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:51:13.0662 3320 usbohci - ok
09:51:13.0742 3320 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:51:13.0744 3320 usbprint - ok
09:51:13.0791 3320 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:51:13.0794 3320 usbscan - ok
09:51:13.0876 3320 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
09:51:13.0879 3320 usbser - ok
09:51:13.0910 3320 UsbserFilt (6410eebd6e0427466812858ee84c8467) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
09:51:13.0912 3320 UsbserFilt - ok
09:51:14.0070 3320 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:51:14.0073 3320 USBSTOR - ok
09:51:14.0120 3320 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:51:14.0123 3320 usbuhci - ok
09:51:14.0175 3320 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:51:14.0180 3320 usbvideo - ok
09:51:14.0250 3320 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
09:51:14.0253 3320 VClone - ok
09:51:14.0315 3320 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:51:14.0318 3320 vga - ok
09:51:14.0366 3320 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:51:14.0369 3320 VgaSave - ok
09:51:14.0403 3320 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:51:14.0405 3320 viaagp - ok
09:51:14.0442 3320 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:51:14.0446 3320 ViaC7 - ok
09:51:14.0509 3320 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:51:14.0511 3320 viaide - ok
09:51:14.0568 3320 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:51:14.0570 3320 volmgr - ok
09:51:14.0650 3320 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:51:14.0657 3320 volmgrx - ok
09:51:14.0721 3320 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:51:14.0727 3320 volsnap - ok
09:51:14.0779 3320 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
09:51:14.0782 3320 vpnva - ok
09:51:14.0819 3320 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:51:14.0823 3320 vsmraid - ok
09:51:14.0881 3320 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:51:14.0883 3320 WacomPen - ok
09:51:14.0928 3320 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:14.0932 3320 Wanarp - ok
09:51:14.0943 3320 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:51:14.0945 3320 Wanarpv6 - ok
09:51:15.0038 3320 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:51:15.0041 3320 Wd - ok
09:51:15.0100 3320 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:51:15.0134 3320 Wdf01000 - ok
09:51:15.0286 3320 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:51:15.0292 3320 winachsf - ok
09:51:15.0434 3320 wisdpen (6b2f446b11fb390ad8112c0437dce158) C:\Windows\system32\DRIVERS\wisdpen.sys
09:51:15.0437 3320 wisdpen - ok
09:51:15.0548 3320 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:51:15.0550 3320 WmiAcpi - ok
09:51:15.0650 3320 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:51:15.0652 3320 WpdUsb - ok
09:51:15.0701 3320 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:51:15.0704 3320 ws2ifsl - ok
09:51:15.0788 3320 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:51:15.0792 3320 WUDFRd - ok
09:51:15.0839 3320 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
09:51:15.0842 3320 XAudio - ok
09:51:15.0959 3320 MBR (0x1B8) (9df836fad0233224525bd702d5c44a5a) \Device\Harddisk0\DR0
09:51:16.0186 3320 \Device\Harddisk0\DR0 - ok
09:51:16.0224 3320 Boot (0x1200) (63c1521b964880fb1689f1a13c6015c4) \Device\Harddisk0\DR0\Partition0
09:51:16.0226 3320 \Device\Harddisk0\DR0\Partition0 - ok
09:51:16.0227 3320 ============================================================
09:51:16.0227 3320 Scan finished
09:51:16.0227 3320 ============================================================
09:51:16.0243 6220 Detected object count: 1
09:51:16.0244 6220 Actual detected object count: 1
09:51:18.0839 6220 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
09:51:18.0850 6220 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
09:51:25.0268 6220 Backup copy found, using it..
09:51:25.0289 6220 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
09:51:32.0782 6220 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
09:57:13.0241 6452 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 27 February 2012 - 03:07 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 01 March 2012 - 01:04 AM

It said tidserv was not found on this computer...

#8 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 01 March 2012 - 02:37 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 22:04:54
-----------------------------
22:04:54.634 OS Version: Windows 6.0.6002 Service Pack 2
22:04:54.635 Number of processors: 2 586 0xF0A
22:04:54.636 ComputerName: MINWINPC UserName: §
22:04:56.333 Initialize success
22:07:49.521 AVAST engine defs: 12022901
22:08:32.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:08:32.524 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
22:08:32.539 Disk 0 MBR read successfully
22:08:32.539 Disk 0 MBR scan
22:08:32.555 Disk 0 unknown MBR code
22:08:32.571 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
22:08:32.586 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
22:08:32.602 Disk 0 scanning sectors +976773120
22:08:32.695 Disk 0 scanning C:\Windows\system32\drivers
22:08:48.856 Service scanning
22:09:44.205 Modules scanning
22:09:57.438 Disk 0 trace - called modules:
22:09:57.470 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
22:09:57.878 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881c5118]
22:09:57.882 3 CLASSPNP.SYS[8bda58b3] -> nt!IofCallDriver -> [0x86f7dad8]
22:09:57.886 5 acpi.sys[83a946a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f64028]
22:10:00.180 AVAST engine scan C:\Windows
22:10:05.842 AVAST engine scan C:\Windows\system32
22:14:40.886 AVAST engine scan C:\Windows\system32\drivers
22:15:12.797 AVAST engine scan C:\Users\§
22:49:22.018 AVAST engine scan C:\ProgramData
22:54:25.844 Scan finished successfully
23:35:53.918 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
23:36:39.862 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
23:36:39.862 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"

#9 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 01 March 2012 - 02:38 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 22:04:54
-----------------------------
22:04:54.634 OS Version: Windows 6.0.6002 Service Pack 2
22:04:54.635 Number of processors: 2 586 0xF0A
22:04:54.636 ComputerName: MINWINPC UserName: §
22:04:56.333 Initialize success
22:07:49.521 AVAST engine defs: 12022901
22:08:32.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:08:32.524 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
22:08:32.539 Disk 0 MBR read successfully
22:08:32.539 Disk 0 MBR scan
22:08:32.555 Disk 0 unknown MBR code
22:08:32.571 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 22252 MB offset 2048
22:08:32.586 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 454687 MB offset 45574144
22:08:32.602 Disk 0 scanning sectors +976773120
22:08:32.695 Disk 0 scanning C:\Windows\system32\drivers
22:08:48.856 Service scanning
22:09:44.205 Modules scanning
22:09:57.438 Disk 0 trace - called modules:
22:09:57.470 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
22:09:57.878 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x881c5118]
22:09:57.882 3 CLASSPNP.SYS[8bda58b3] -> nt!IofCallDriver -> [0x86f7dad8]
22:09:57.886 5 acpi.sys[83a946a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f64028]
22:10:00.180 AVAST engine scan C:\Windows
22:10:05.842 AVAST engine scan C:\Windows\system32
22:14:40.886 AVAST engine scan C:\Windows\system32\drivers
22:15:12.797 AVAST engine scan C:\Users\§
22:49:22.018 AVAST engine scan C:\ProgramData
22:54:25.844 Scan finished successfully
23:35:53.918 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
23:36:39.862 Disk 0 MBR has been saved successfully to "C:\Users\§\Documents\Downloads\MBR.dat"
23:36:39.862 The log file has been saved successfully to "C:\Users\§\Documents\Downloads\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 01 March 2012 - 02:51 PM

try an run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 02 March 2012 - 04:21 PM

Combofix ran and completed successfully, but every time i try to run any program i get an error message: "Illegal operation on a registry key that has been marked for deletion." I read elsewhere that a restart would solve this problem but didn't want to do it without consulting you first.





ComboFix 12-03-01.02 - ß 03/02/2012 12:31:49.1.2 - x86
MicrosoftÆ Windows Vistaô Business 6.0.6002.2.1252.1.1033.18.3061.1975 [GMT -8:00]
Running from: c:\users\ß\Documents\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\program files\Mozilla Firefox\chrome\p4ffxtbr.jar
c:\program files\Mozilla Firefox\chrome\p4ffxtbr.manifest
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
C:\setup.exe
c:\users\ß\AppData\Roaming\Adobe\plugs
c:\users\ß\AppData\Roaming\Adobe\shed
c:\users\ß\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
c:\users\ß\g2mdlhlpx.exe
c:\windows\$NtUninstallKB28288$
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 20:47 . 2012-03-02 20:54 -------- d-----w- c:\users\ß\AppData\Local\temp
2012-03-02 20:47 . 2012-03-02 20:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-02 20:47 . 2012-03-02 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 20:47 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-02 11:32 . 2012-03-02 11:32 -------- dc----w- C:\123
2012-02-16 10:56 . 2012-02-16 10:56 -------- d-----w- c:\program files\ESET
2012-02-15 11:16 . 2012-02-15 11:16 98992 ----a-w- c:\windows\system32\drivers\61219224.sys
2012-02-14 08:48 . 2012-02-14 08:48 -------- d-----w- c:\users\ß\AppData\Roaming\EbkReader
2012-02-14 05:25 . 2012-02-14 05:25 -------- d-----w- c:\program files\SplitMediaLabs
2012-02-14 05:19 . 2012-02-14 05:19 -------- d-----w- c:\program files\Xiph.Org
2012-02-06 06:16 . 2012-02-06 06:16 -------- d-----w- c:\users\ß\AppData\Local\-XL-_Development
2012-02-06 06:08 . 2012-02-06 06:08 -------- d-----w- c:\users\ß\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 20:46 . 2009-08-18 21:46 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-26 03:30 . 2011-05-24 07:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 11:46 . 2008-09-25 18:57 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-15 18:34 . 2009-08-18 21:45 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-14 02:16 . 2011-06-15 08:12 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 18:57 . 2009-08-18 21:46 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-10 23:24 . 2008-11-20 00:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-05-09 08:49 176936 ----a-w- c:\program files\TVersitybar\prxtbTVer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2010-11-09 119104]
"Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-12-03 226816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 435488]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-29 177440]
"GzSnd"="c:\program files\Gunze\GZTP_Pack\GzSnd.exe" [2006-09-12 237568]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-10-28 468328]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-16 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LENTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE" [2011-03-22 1242472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-17 50688]
Rainmeter.lnk.disabled [2011-4-4 1714]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 23:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\ß\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"{BF12B03B-501B-42A1-67E8-0C7654F7679B}"=c:\users\ß\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
"Facebook Update"="c:\users\ß\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"{00000000-0000-0000-0000-000000000000}"=c:\users\ß\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3146425336-1234613144-60880418-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
smsmdd
nvstor32
mksvirmonsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2012-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-26 08:47]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:28]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:28]
.
2012-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57515
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\ß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Capture Selection
IE: SmarThru4 Save as HTML
IE: SmarThru4 Save Selected Text
IE: SmarThru4 Web Capture
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\users\ß\AppData\Roaming\Mozilla\Firefox\Profiles\7ru8xynk.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.woot.com/
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{BF12B03B-501B-42A1-67E8-0C7654F7679B} - c:\users\ß\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
HKLM-Run-TpShocks - TpShocks.exe
SafeBoot-25581259.sys
SafeBoot-45527099.sys
SafeBoot-58569260.sys
SafeBoot-79745680.sys
SafeBoot-82838036.sys
SafeBoot-88609155.sys
SafeBoot-92875501.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 12:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{DF187064-5DA14001-05040000}]
"ImagePath"="\??\c:\progra~1\PCDR5\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3146425336-1234613144-60880418-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):71,20,65,61,32,42,10,72,06,f7,2e,68,99,98,80,96,59,f0,18,07,48,
32,b3,6b,53,89,ad,20,9a,be,e1,6e,ce,65,eb,47,a0,d9,a3,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3146425336-1234613144-60880418-1003_Classes\CLSID\{b85a4393-e5ed-4908-ae3d-6e4ba27c8c9c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f4
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,c6,02,99,4e,01,65,f2,77,ca,cf,17,a6,11,c9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(2908)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\LENOVO\VIRTSCRL\lvvsst.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Intel\AMT\UNS.exe
c:\program files\ThinkVantage Fingerprint Software\upeksrvc.exe
c:\windows\system32\WebUpdateSvc4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2012-03-02 13:02:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 21:02
.
Pre-Run: 243,611,144,192 bytes free
Post-Run: 243,177,017,344 bytes free
.
- - End Of File - - 6A9EBB7B0CB599DE0260D6DD619E6427

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 02 March 2012 - 05:41 PM

Greetings

yes restart the computer

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\drivers\61219224.sys

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:57515

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 02 March 2012 - 09:27 PM

Combofix completed with no mishaps. Computer seems to be running better. Only issues are that Firefox still has a redirect virus, alebit not as bad. Chrome seems to be fixed though.

Log is as follows. Thanks again for your continued help...any ideas on what to do for firefox? Does it look like the root is gone?


ComboFix 12-03-01.02 - § 03/02/2012 17:24:46.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3061.1785 [GMT -8:00]
Running from: c:\users\º\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\º\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 01:40 . 2012-03-03 01:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-03 01:40 . 2012-03-03 01:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 01:40 . 2012-03-03 01:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-02 20:47 . 2012-03-03 01:40 -------- d-----w- c:\users\§\AppData\Local\temp
2012-03-02 20:47 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-02 11:32 . 2012-03-02 11:32 -------- dc----w- C:\123
2012-02-16 10:56 . 2012-02-16 10:56 -------- d-----w- c:\program files\ESET
2012-02-15 11:16 . 2012-02-15 11:16 98992 ----a-w- c:\windows\system32\drivers\61219224.sys
2012-02-14 08:48 . 2012-02-14 08:48 -------- d-----w- c:\users\§\AppData\Roaming\EbkReader
2012-02-14 05:25 . 2012-02-14 05:25 -------- d-----w- c:\program files\SplitMediaLabs
2012-02-14 05:19 . 2012-02-14 05:19 -------- d-----w- c:\program files\Xiph.Org
2012-02-06 06:16 . 2012-02-06 06:16 -------- d-----w- c:\users\§\AppData\Local\-XL-_Development
2012-02-06 06:08 . 2012-02-06 06:08 -------- d-----w- c:\users\§\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 20:46 . 2009-08-18 21:46 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-26 03:30 . 2011-05-24 07:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 11:46 . 2008-09-25 18:57 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-15 18:34 . 2009-08-18 21:45 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-14 02:16 . 2011-06-15 08:12 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-13 18:57 . 2009-08-18 21:46 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-10 23:24 . 2008-11-20 00:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-05-09 08:49 176936 ----a-w- c:\program files\TVersitybar\prxtbTVer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2010-11-09 119104]
"Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-12-03 226816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 435488]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-29 177440]
"GzSnd"="c:\program files\Gunze\GZTP_Pack\GzSnd.exe" [2006-09-12 237568]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-10-28 468328]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-16 154136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-07 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LENTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE" [2011-03-22 1242472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 840992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-17 50688]
Rainmeter.lnk.disabled [2011-4-4 1714]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-6 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 23:54 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\§\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"{BF12B03B-501B-42A1-67E8-0C7654F7679B}"=c:\users\§\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
"Facebook Update"="c:\users\§\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"{00000000-0000-0000-0000-000000000000}"=c:\users\§\AppData\Roaming\Skype\chromecarz00\chatsync\b4\SearchIndexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3146425336-1234613144-60880418-1003]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
smsmdd
nvstor32
mksvirmonsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2012-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-26 08:47]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:28]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 18:28]
.
2012-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
2012-03-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://shop.thefreevpn.com/home.php
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57515
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\§\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Capture Selection
IE: SmarThru4 Save as HTML
IE: SmarThru4 Save Selected Text
IE: SmarThru4 Web Capture
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\users\§\AppData\Roaming\Mozilla\Firefox\Profiles\7ru8xynk.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.woot.com/
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 17:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{DF187064-5DA14001-05040000}]
"ImagePath"="\??\c:\progra~1\PCDR5\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3146425336-1234613144-60880418-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):71,20,65,61,32,42,10,72,06,f7,2e,68,99,98,80,96,59,f0,18,07,48,
32,b3,6b,53,89,ad,20,9a,be,e1,6e,ce,65,eb,47,a0,d9,a3,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3146425336-1234613144-60880418-1003_Classes\CLSID\{b85a4393-e5ed-4908-ae3d-6e4ba27c8c9c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f4
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,c6,02,99,4e,01,65,f2,77,ca,cf,17,a6,11,c9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4476)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
.
Completion time: 2012-03-02 17:44:38
ComboFix-quarantined-files.txt 2012-03-03 01:44
ComboFix2.txt 2012-03-02 21:02
.
Pre-Run: 243,175,309,312 bytes free
Post-Run: 242,940,624,896 bytes free
.
- - End Of File - - 6ADAA05646AD339A784F80204BCCC667

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 02 March 2012 - 09:42 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chromecarz00

chromecarz00
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 02 March 2012 - 10:13 PM

OTL logfile created on: 3/2/2012 6:58:53 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\§\Documents\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.58% Memory free
6.18 Gb Paging File | 4.44 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 444.03 Gb Total Space | 226.91 Gb Free Space | 51.10% Space Free | Partition Type: NTFS

Computer Name: MINWINPC | User Name: § | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\§\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Unified Remote\RemoteServer.exe (Unified Remote)
PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft Limited )
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe (GUNZE Limited)


========== Modules (No Company Name) ==========

MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Users\§\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc9e5e32218f8a3d2f21d89511335713\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\af95bce9a5fcfe3119fc175cc9b0b3d5\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\020ccbaa78022e92722e98d1c677bfed\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f72ff4e603cc8879eb7b18841bfa9c0c\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\a2191137e48d026aafbd8395d767afa1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c3b1fb3982b305452a4c7c8cdcb1934\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2adac0cd51859321437cc684331a3b45\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bbcb0d5e67db5452b3ba77fd71ea182d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\adeec723413d77446d6606813c050048\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b13a0678a604588bfb6a4ebfadc32cb0\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ()
MOD - C:\Program Files\WinRar\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (TPHDEXLGSVC) -- File not found
SRV - (NecUsb3) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (CoordinatorServiceHost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Remote Solver for Flow Simulation 2010) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (UpekSrvc) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WebUpdate4) -- C:\Windows\System32\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer)
SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel® -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- File not found
DRV - (SSPORT) -- File not found
DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (mcdbus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (DroidCam) -- C:\Windows\System32\drivers\droidcam.sys (Dev47Apps)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (rt70x86) -- C:\Windows\System32\drivers\netr70.sys (Ralink Technology Corp.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (wisdpen) -- C:\Windows\System32\drivers\wisdpen.sys (Wacom Technology)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (smihlp2) SMI Helper Driver (smihlp2) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (Ndisprot) -- C:\Windows\System32\drivers\ndisprot.sys ()
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (PCD5SRVC{DF187064-5DA14001-05040000}) -- C:\Program Files\PCDR5\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (iviVD) -- C:\Windows\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (GzTpHid) -- C:\Windows\System32\drivers\GzTpHid.sys (GUNZE)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{35F1AC8E-5B87-4FDD-8A96-D9C2110039C7}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://shop.thefreevpn.com/home.php
IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll (Conduit Ltd.)
IE - HKU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\..\SearchScopes\{35F1AC8E-5B87-4FDD-8A96-D9C2110039C7}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57515

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.woot.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.113
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {6BF9CA11-53E7-4F1B-B39D-245F97471E7C}:1.9.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {6E1A2A2E-AE2A-4A26-A812-46F54288379E}:3.6.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@millisecond.com/npInquisit,version=2.0: C:\Program Files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610047.dll (Millisecond Software)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.67837: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\§\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\§\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\§\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 19:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2012/02/13 17:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/04 15:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 21:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012/01/04 15:08:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/10/16 11:46:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6BF9CA11-53E7-4F1B-B39D-245F97471E7C}: C:\Users\§\AppData\Local\{6BF9CA11-53E7-4F1B-B39D-245F97471E7C} [2011/06/03 13:44:56 | 000,000,000 | ---D | M]

[2009/12/16 18:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\§\AppData\Roaming\Mozilla\Extensions
[2009/12/16 18:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\§\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/03/02 18:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\§\AppData\Roaming\Mozilla\Firefox\Profiles\7ru8xynk.default\extensions
[2012/03/02 18:24:57 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Users\§\AppData\Roaming\Mozilla\Firefox\Profiles\7ru8xynk.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2011/08/04 11:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\§\AppData\Roaming\Mozilla\Firefox\Profiles\a2i40b76.Default User\extensions
[2011/03/02 17:50:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\§\AppData\Roaming\Mozilla\Firefox\Profiles\a2i40b76.Default User\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/12/06 14:36:08 | 000,001,720 | ---- | M] () -- C:\Users\§\AppData\Roaming\Mozilla\Firefox\Profiles\7ru8xynk.default\searchplugins\youtube-video-search.xml
[2010/11/05 07:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/07 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
File not found (No name found) -- C:\USERS\§\APPDATA\LOCAL\{6BF9CA11-53E7-4F1B-B39D-245F97471E7C}
File not found (No name found) -- C:\USERS\§\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/03 16:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/06/14 11:54:26 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2008/11/20 19:04:50 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/05/14 08:23:17 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\\u00A7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\\u00A7\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\\u00A7\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\\u00A7\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\\u00A7\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Inquisit Web Edition (Enabled) = C:\Program Files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610047.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\\u00A7\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Unfriend Finder = C:\Users\§\AppData\Local\Google\Chrome\User Data\Default\Extensions\kddnblacojpnmjdlpnndlcamnmmkfina\35_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\§\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\3.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\§\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/03/02 12:53:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVer.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [GzSnd] C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe (GUNZE Limited)
O4 - HKLM..\Run: [LENTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [TabletButton] C:\Program Files\ThinkPad\Tablet Shortcut\TabletButton.EXE (Lenovo Group Limited )
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe (Unified Remote)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3146425336-1234613144-60880418-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\§\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - Reg Error: Value error. File not found
O8 - Extra context menu item: SmarThru4 Save as HTML - Reg Error: Value error. File not found
O8 - Extra context menu item: SmarThru4 Save Selected Text - Reg Error: Value error. File not found
O8 - Extra context menu item: SmarThru4 Web Capture - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{198347B0-BF60-42BA-B821-6200A1CF245B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C7D5F45-6D58-4062-96E7-32BFB96D23BE}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\§\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\§\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 18:31:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/02 17:41:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/02 17:21:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/02 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\temp
[2012/03/02 11:21:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/02 11:21:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/02 11:21:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/02 03:32:04 | 000,000,000 | ---D | C] -- C:\123
[2012/02/23 13:19:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\§\Desktop\dds.scr
[2012/02/16 02:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/15 03:16:05 | 000,098,992 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\61219224.sys
[2012/02/14 00:48:34 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\EbkReader
[2012/02/13 21:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplitMediaLabs
[2012/02/13 21:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\SplitMediaLabs
[2012/02/13 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
[2012/02/13 21:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2012/02/13 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Codec Pack
[2012/02/13 21:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Xiph.Org
[2012/02/13 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TVersity Codec Pack
[2012/02/13 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/02/13 21:18:37 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\Conduit
[2012/02/13 21:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\TVersitybar
[2012/02/12 19:42:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 19:42:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/12 19:08:03 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\DDMSettings
[2012/02/12 19:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/02/09 22:52:37 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\Facebook
[2012/02/07 03:52:31 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\825CE
[2012/02/07 03:51:54 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\FC782
[2012/02/07 01:22:13 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/05 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2012/02/05 22:16:48 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\-XL-_Development
[2012/02/05 22:08:51 | 000,000,000 | ---D | C] -- C:\Users\§\AppData\Local\PackageAware
[2012/02/05 21:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\§\Desktop\*.tmp files -> C:\Users\§\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/02 18:36:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 18:32:16 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/02 18:26:30 | 000,670,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 18:26:30 | 000,128,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 18:21:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 18:20:46 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012/03/02 18:20:09 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012/03/02 18:19:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 18:19:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 18:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 18:16:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/02 12:53:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/02 12:28:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/02 12:28:07 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/02 11:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/27 11:09:06 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/02/25 19:30:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/25 19:23:57 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/23 13:19:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\§\Desktop\dds.scr
[2012/02/23 13:19:10 | 002,041,519 | ---- | M] () -- C:\Users\§\Desktop\tdsskiller.zip
[2012/02/23 13:11:14 | 000,000,000 | ---- | M] () -- C:\Users\§\defogger_reenable
[2012/02/22 14:12:43 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 03:52:27 | 000,001,356 | ---- | M] () -- C:\Users\§\AppData\Local\d3d9caps.dat
[2012/02/15 14:14:17 | 000,000,697 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/15 03:16:05 | 000,098,992 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\System32\drivers\61219224.sys
[2012/02/13 21:19:10 | 000,001,999 | ---- | M] () -- C:\Users\§\Desktop\TVersity.lnk
[2012/02/13 20:14:03 | 001,496,809 | ---- | M] () -- C:\Users\§\Desktop\n copy.jpg
[2012/02/13 20:10:13 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/02/13 13:57:00 | 000,441,283 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120302-034014.backup
[2012/02/13 10:02:51 | 000,000,759 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120213-135700.backup
[2012/02/12 04:58:42 | 000,057,991 | ---- | M] () -- C:\Users\§\Desktop\Untitled-1.jpg
[2012/02/08 02:16:51 | 000,103,733 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2012/02/08 02:16:51 | 000,000,196 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2012/02/07 01:40:18 | 000,084,992 | ---- | M] () -- C:\Users\§\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 21:56:23 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\§\Desktop\*.tmp files -> C:\Users\§\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 11:21:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/02 11:21:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/02 11:21:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/02 11:21:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/02 11:21:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/23 13:11:14 | 000,000,000 | ---- | C] () -- C:\Users\§\defogger_reenable
[2012/02/22 14:12:43 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 03:23:42 | 002,041,519 | ---- | C] () -- C:\Users\§\Desktop\tdsskiller.zip
[2012/02/13 21:19:10 | 000,001,999 | ---- | C] () -- C:\Users\§\Desktop\TVersity.lnk
[2012/02/13 20:14:01 | 001,496,809 | ---- | C] () -- C:\Users\§\Desktop\n copy.jpg
[2012/02/13 14:01:37 | 000,001,356 | ---- | C] () -- C:\Users\§\AppData\Local\d3d9caps.dat
[2012/02/12 04:58:39 | 000,057,991 | ---- | C] () -- C:\Users\§\Desktop\Untitled-1.jpg
[2012/02/08 02:16:51 | 000,103,733 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2012/02/08 02:16:51 | 000,000,196 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2012/02/08 02:02:19 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/05 21:56:23 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/06/03 13:44:58 | 000,000,120 | ---- | C] () -- C:\Users\§\AppData\Local\Ckenokezezocohof.dat
[2011/06/03 13:44:58 | 000,000,000 | ---- | C] () -- C:\Users\§\AppData\Local\Yfucalifipul.bin
[2011/02/28 22:09:23 | 000,000,034 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2010/12/16 21:30:33 | 000,047,628 | ---- | C] () -- C:\Windows\System32\wuwuninst.exe
[2010/12/07 16:47:15 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2010/12/06 14:32:34 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/12/06 14:31:10 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/12/06 14:31:10 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/12/06 14:31:10 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7840w.dat
[2010/12/06 14:27:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010/12/06 14:27:28 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010/12/06 14:27:24 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/12/06 14:27:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/12/06 14:27:22 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/12/05 11:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\TabletPool.INI
[2010/12/04 22:22:06 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/06 23:23:21 | 000,000,000 | ---- | C] () -- C:\Users\§\AppData\Local\Temptable.xml
[2010/11/04 07:37:19 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/09/30 07:42:45 | 000,084,992 | ---- | C] () -- C:\Users\§\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 16:21:19 | 000,061,440 | ---- | C] () -- C:\Windows\System32\mjpcodec.dll
[2010/03/23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users