Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hapilli Google Redirect


  • This topic is locked This topic is locked
28 replies to this topic

#1 brantly04

brantly04

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 20 March 2012 - 06:05 PM

EDIT:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

When I go to google on my work computer it redirects to hapilli* when I click on a link sometimes.


I found the instructions for the problem here... http://www.bleepingcomputer.com/forums/topic365158.html


I have already followed these instructions and have posted logs.

Attached Files


Edited by boopme, 20 March 2012 - 07:44 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 21 March 2012 - 12:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 21 March 2012 - 11:25 AM

still having problem


Here is log



ComboFix 12-03-21.02 - bedgar 03/21/2012 8:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1117 [GMT -7:00]
Running from: c:\documents and settings\bedgar\Desktop\ComboFix.exe

.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-20 18:47 . 2012-03-20 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-03-20 18:47 . 2012-03-20 18:47 -------- d-----w- c:\program files\COMODO
2012-03-16 22:27 . 2012-03-16 22:57 -------- d-----w- c:\documents and settings\bedgar\Local Settings\Application Data\NPE
2012-03-16 22:27 . 2012-03-16 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-12 04:13 . 2012-03-12 04:13 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-12 04:13 . 2012-03-12 04:13 494968 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-12 04:13 . 2012-03-12 04:13 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-12 04:13 . 2012-03-12 04:13 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-12 04:13 . 2012-03-12 04:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-12 04:13 . 2012-03-12 04:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-01 23:15 . 2012-03-01 23:15 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-01 23:15 . 2012-03-01 23:15 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-01 23:15 . 2012-03-01 23:15 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-01 23:15 . 2012-03-01 23:15 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 18:54 . 2011-09-07 22:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2006-04-30 06:55 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-24 17:13 . 2009-04-28 18:59 5862140 -c--a-w- c:\windows\FramePkg.exe
2012-01-19 18:42 . 2012-01-19 18:44 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2012-01-19 18:42 . 2012-01-19 18:44 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-01-19 18:42 . 2012-01-19 18:44 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-01-19 18:42 . 2012-01-19 18:44 148520 ----a-w- c:\windows\system32\mfevtps.exe
2012-01-19 18:42 . 2010-03-26 03:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll
2012-01-19 18:41 . 2012-01-19 18:44 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-01-19 18:41 . 2012-01-19 18:44 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-01-19 18:41 . 2012-01-19 18:44 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-01-19 18:41 . 2012-01-19 18:44 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-01-19 18:41 . 2012-01-19 18:44 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-01-11 19:06 . 2012-02-15 17:04 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-04-30 06:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-01 23:16 . 2011-03-28 17:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-16_23.20.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-21 15:49 . 2012-03-21 15:49 16384 c:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2006-04-30 06:55 . 2012-03-21 15:52 73738 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2012-03-16 23:23 73738 c:\windows\system32\perfc009.dat
+ 2006-04-30 06:55 . 2012-03-21 15:52 448562 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2012-03-16 23:23 448562 c:\windows\system32\perfh009.dat
+ 2012-03-20 18:48 . 2012-03-20 18:48 8717824 c:\windows\Installer\cdc0ed.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 159744]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-03-30 181808]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-28 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-28 126976]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13549568]
"nwiz"="nwiz.exe" [2009-01-15 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-06-09 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-06-09 316736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-15 215360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-12 6749512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-11 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-11-19 77824]
PrintNow.lnk - c:\program files\PrintNow\printnow.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-02 21:40 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 -c--a-w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 17:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 5:47 PM 19760]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 9:13 PM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 9:13 PM 31704]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 11:08 AM 65584]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [1/19/2012 11:44 AM 89624]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/19/2012 11:44 AM 148520]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\SAManage\OcsService.exe [2/27/2007 12:32 PM 61440]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 10:10 PM 11152]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [6/11/2008 10:06 AM 81920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 12:42 PM 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/7/2009 9:18 AM 135664]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" --> c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/7/2009 9:18 AM 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/19/2012 11:44 AM 87808]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [9/23/2008 2:10 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [6/25/2009 1:42 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 16:18]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-07 16:18]
.
2012-03-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-06-11 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sakata.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
LSP: bmnet.dll
Trusted Zone: globalsakata.net
Trusted Zone: mygou.net
Trusted Zone: sakata-eu.com
Trusted Zone: sakata.com
TCP: DhcpNameServer = 10.6.1.1 10.1.1.20
FF - ProfilePath - c:\documents and settings\bedgar\Application Data\Mozilla\Firefox\Profiles\cp8obuvr.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-21 09:04
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1460)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\WRLogonNtf.DLL
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'lsass.exe'(1516)
c:\windows\system32\guard32.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'csrss.exe'(1424)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-03-21 09:19:04
ComboFix-quarantined-files.txt 2012-03-21 16:19
ComboFix2.txt 2012-03-16 23:26
.
Pre-Run: 50,692,485,120 bytes free
Post-Run: 50,848,407,552 bytes free
.
- - End Of File - - 670831C2AE3E69B77CA325A7E7CB2B75

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 21 March 2012 - 12:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 21 March 2012 - 01:42 PM

Here is log from tdsskiller




11:41:04.0913 5312 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
11:41:06.0914 5312 ============================================================
11:41:06.0914 5312 Current date / time: 2012/03/21 11:41:06.0914
11:41:06.0914 5312 SystemInfo:
11:41:06.0914 5312
11:41:06.0914 5312 OS Version: 5.1.2600 ServicePack: 3.0
11:41:06.0914 5312 Product type: Workstation
11:41:06.0914 5312 ComputerName: BEDGARLT01
11:41:06.0914 5312 UserName: bedgar
11:41:06.0914 5312 Windows directory: C:\WINDOWS
11:41:06.0914 5312 System windows directory: C:\WINDOWS
11:41:06.0914 5312 Processor architecture: Intel x86
11:41:06.0914 5312 Number of processors: 2
11:41:06.0914 5312 Page size: 0x1000
11:41:06.0914 5312 Boot type: Normal boot
11:41:06.0914 5312 ============================================================
11:41:08.0664 5312 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:41:08.0664 5312 \Device\Harddisk0\DR0:
11:41:08.0664 5312 MBR used
11:41:08.0664 5312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8972781
11:41:08.0711 5312 Initialize success
11:41:08.0711 5312 ============================================================
11:41:15.0837 0756 ============================================================
11:41:15.0837 0756 Scan started
11:41:15.0837 0756 Mode: Manual;
11:41:15.0837 0756 ============================================================
11:41:16.0462 0756 Abiosdsk - ok
11:41:16.0493 0756 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:41:16.0493 0756 abp480n5 - ok
11:41:16.0509 0756 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:41:16.0509 0756 ac97intc - ok
11:41:16.0555 0756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:41:16.0555 0756 ACPI - ok
11:41:16.0680 0756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:41:16.0680 0756 ACPIEC - ok
11:41:16.0727 0756 ADIHdAudAddService (6296f30a2760b2adae778a9f71fe46fe) C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:41:16.0727 0756 ADIHdAudAddService - ok
11:41:16.0852 0756 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:41:16.0852 0756 adpu160m - ok
11:41:16.0884 0756 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys
11:41:16.0884 0756 AEAudio - ok
11:41:16.0915 0756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:41:16.0930 0756 aec - ok
11:41:17.0071 0756 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:41:17.0071 0756 AegisP - ok
11:41:17.0134 0756 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:41:17.0134 0756 AFD - ok
11:41:17.0181 0756 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:41:17.0181 0756 agp440 - ok
11:41:17.0306 0756 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:41:17.0306 0756 agpCPQ - ok
11:41:17.0352 0756 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:41:17.0352 0756 Aha154x - ok
11:41:17.0399 0756 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:41:17.0399 0756 aic78u2 - ok
11:41:17.0431 0756 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:41:17.0431 0756 aic78xx - ok
11:41:17.0540 0756 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:41:17.0556 0756 AliIde - ok
11:41:17.0587 0756 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:41:17.0587 0756 alim1541 - ok
11:41:17.0618 0756 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:41:17.0618 0756 amdagp - ok
11:41:17.0634 0756 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:41:17.0649 0756 amsint - ok
11:41:17.0774 0756 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
11:41:17.0774 0756 ANC - ok
11:41:17.0806 0756 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:41:17.0806 0756 Arp1394 - ok
11:41:17.0837 0756 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:41:17.0837 0756 asc - ok
11:41:17.0868 0756 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:41:17.0868 0756 asc3350p - ok
11:41:17.0978 0756 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:41:17.0978 0756 asc3550 - ok
11:41:18.0009 0756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:41:18.0009 0756 AsyncMac - ok
11:41:18.0040 0756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:41:18.0040 0756 atapi - ok
11:41:18.0056 0756 Atdisk - ok
11:41:18.0071 0756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:41:18.0071 0756 Atmarpc - ok
11:41:18.0196 0756 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
11:41:18.0196 0756 atmeltpm - ok
11:41:18.0243 0756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:41:18.0243 0756 audstub - ok
11:41:18.0290 0756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:41:18.0290 0756 Beep - ok
11:41:18.0321 0756 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
11:41:18.0321 0756 BMLoad - ok
11:41:18.0478 0756 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
11:41:18.0478 0756 BTWUSB - ok
11:41:18.0556 0756 catchme - ok
11:41:18.0681 0756 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:41:18.0681 0756 cbidf - ok
11:41:18.0696 0756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:41:18.0696 0756 cbidf2k - ok
11:41:18.0712 0756 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:41:18.0712 0756 cd20xrnt - ok
11:41:18.0743 0756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:41:18.0743 0756 Cdaudio - ok
11:41:18.0774 0756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:41:18.0790 0756 Cdfs - ok
11:41:18.0915 0756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:41:18.0931 0756 Cdrom - ok
11:41:18.0931 0756 Changer - ok
11:41:18.0962 0756 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:41:18.0962 0756 CmBatt - ok
11:41:19.0009 0756 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
11:41:19.0025 0756 cmdGuard - ok
11:41:19.0150 0756 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
11:41:19.0150 0756 cmdHlp - ok
11:41:19.0196 0756 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:41:19.0196 0756 CmdIde - ok
11:41:19.0228 0756 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:41:19.0243 0756 Compbatt - ok
11:41:19.0275 0756 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:41:19.0275 0756 Cpqarray - ok
11:41:19.0415 0756 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
11:41:19.0415 0756 ctxusbm - ok
11:41:19.0446 0756 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:41:19.0462 0756 dac2w2k - ok
11:41:19.0478 0756 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:41:19.0478 0756 dac960nt - ok
11:41:19.0525 0756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:41:19.0525 0756 Disk - ok
11:41:19.0634 0756 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:41:19.0634 0756 DLABOIOM - ok
11:41:19.0681 0756 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:41:19.0681 0756 DLACDBHM - ok
11:41:19.0712 0756 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:41:19.0712 0756 DLADResN - ok
11:41:19.0743 0756 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:41:19.0743 0756 DLAIFS_M - ok
11:41:19.0853 0756 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:41:19.0853 0756 DLAOPIOM - ok
11:41:19.0868 0756 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:41:19.0868 0756 DLAPoolM - ok
11:41:19.0931 0756 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:41:19.0931 0756 DLARTL_N - ok
11:41:19.0947 0756 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:41:19.0947 0756 DLAUDFAM - ok
11:41:20.0072 0756 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:41:20.0072 0756 DLAUDF_M - ok
11:41:20.0181 0756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:41:20.0197 0756 dmboot - ok
11:41:20.0337 0756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:41:20.0353 0756 dmio - ok
11:41:20.0368 0756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:41:20.0368 0756 dmload - ok
11:41:20.0400 0756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:41:20.0400 0756 DMusic - ok
11:41:20.0525 0756 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:41:20.0525 0756 dpti2o - ok
11:41:20.0572 0756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:41:20.0572 0756 drmkaud - ok
11:41:20.0603 0756 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:41:20.0603 0756 DRVMCDB - ok
11:41:20.0634 0756 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:41:20.0634 0756 DRVNDDM - ok
11:41:20.0759 0756 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:41:20.0759 0756 E100B - ok
11:41:20.0806 0756 e1express (67396a6b3adac7ff233cadf6d1660dba) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:41:20.0806 0756 e1express - ok
11:41:20.0884 0756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:41:20.0884 0756 Fastfat - ok
11:41:20.0978 0756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:41:20.0978 0756 Fdc - ok
11:41:21.0040 0756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:41:21.0040 0756 Fips - ok
11:41:21.0072 0756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:41:21.0072 0756 Flpydisk - ok
11:41:21.0134 0756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:41:21.0134 0756 FltMgr - ok
11:41:21.0228 0756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:41:21.0228 0756 Fs_Rec - ok
11:41:21.0275 0756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:41:21.0275 0756 Ftdisk - ok
11:41:21.0337 0756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:41:21.0337 0756 Gpc - ok
11:41:21.0400 0756 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
11:41:21.0400 0756 grmnusb - ok
11:41:21.0494 0756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:41:21.0509 0756 HDAudBus - ok
11:41:21.0587 0756 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:41:21.0587 0756 HidUsb - ok
11:41:21.0619 0756 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:41:21.0619 0756 hpn - ok
11:41:21.0728 0756 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:41:21.0728 0756 HSFHWAZL - ok
11:41:21.0822 0756 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:41:21.0837 0756 HSF_DPV - ok
11:41:21.0947 0756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:41:21.0947 0756 HTTP - ok
11:41:22.0041 0756 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:41:22.0041 0756 i2omgmt - ok
11:41:22.0166 0756 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:41:22.0166 0756 i2omp - ok
11:41:22.0228 0756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:41:22.0228 0756 i8042prt - ok
11:41:22.0447 0756 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:41:22.0634 0756 ialm - ok
11:41:22.0791 0756 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:41:22.0791 0756 iaStor - ok
11:41:22.0931 0756 IBMPMDRV (326edb99d2b509f6c48bf723c1817292) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:41:22.0931 0756 IBMPMDRV - ok
11:41:22.0978 0756 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:41:22.0978 0756 IBMTPCHK - ok
11:41:23.0025 0756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:41:23.0025 0756 Imapi - ok
11:41:23.0150 0756 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:41:23.0150 0756 ini910u - ok
11:41:23.0197 0756 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
11:41:23.0197 0756 Inspect - ok
11:41:23.0244 0756 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:41:23.0244 0756 IntelIde - ok
11:41:23.0291 0756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:41:23.0291 0756 intelppm - ok
11:41:23.0431 0756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:41:23.0431 0756 Ip6Fw - ok
11:41:23.0478 0756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:41:23.0478 0756 IpFilterDriver - ok
11:41:23.0541 0756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:41:23.0541 0756 IpInIp - ok
11:41:23.0681 0756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:41:23.0681 0756 IpNat - ok
11:41:23.0728 0756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:41:23.0728 0756 IPSec - ok
11:41:23.0759 0756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:41:23.0759 0756 IRENUM - ok
11:41:23.0806 0756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:41:23.0806 0756 isapnp - ok
11:41:23.0931 0756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:41:23.0931 0756 Kbdclass - ok
11:41:23.0978 0756 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:41:23.0978 0756 kbdhid - ok
11:41:24.0010 0756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:41:24.0025 0756 kmixer - ok
11:41:24.0072 0756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:41:24.0072 0756 KSecDD - ok
11:41:24.0166 0756 lbrtfdc - ok
11:41:24.0228 0756 LenovoRd (e0e962e7ee5624f8fad8319255e0ee5b) C:\WINDOWS\system32\Drivers\LenovoRd.sys
11:41:24.0228 0756 LenovoRd - ok
11:41:24.0275 0756 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:41:24.0275 0756 mdmxsdk - ok
11:41:24.0338 0756 mfeapfk (80d337a6104f6f69c89f42602c50e5d8) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:41:24.0338 0756 mfeapfk - ok
11:41:24.0463 0756 mfeavfk (54ee8eec41c2f9f03cad1874b6af54b0) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:41:24.0478 0756 mfeavfk - ok
11:41:24.0494 0756 mfeavfk01 - ok
11:41:24.0525 0756 mfebopk (61b36c8a0992b813cb2445e29296c654) C:\WINDOWS\system32\drivers\mfebopk.sys
11:41:24.0525 0756 mfebopk - ok
11:41:24.0588 0756 mfehidk (87dfa0244a4cbc817a24d067b4e4ed24) C:\WINDOWS\system32\drivers\mfehidk.sys
11:41:24.0588 0756 mfehidk - ok
11:41:24.0728 0756 mferkdet (60a05b48c781c0a69ff2e2e4fe3cf27c) C:\WINDOWS\system32\drivers\mferkdet.sys
11:41:24.0728 0756 mferkdet - ok
11:41:24.0791 0756 mferkdk - ok
11:41:24.0822 0756 mfetdi2k (98d63d6bd19484edac7788eb1bff421c) C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:41:24.0822 0756 mfetdi2k - ok
11:41:24.0947 0756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:41:24.0963 0756 mnmdd - ok
11:41:25.0010 0756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:41:25.0010 0756 Modem - ok
11:41:25.0057 0756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:41:25.0057 0756 Mouclass - ok
11:41:25.0119 0756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:41:25.0119 0756 mouhid - ok
11:41:25.0197 0756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:41:25.0197 0756 MountMgr - ok
11:41:25.0228 0756 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:41:25.0228 0756 mraid35x - ok
11:41:25.0275 0756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:41:25.0291 0756 MRxDAV - ok
11:41:25.0369 0756 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:41:25.0385 0756 MRxSmb - ok
11:41:25.0510 0756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:41:25.0510 0756 Msfs - ok
11:41:25.0541 0756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:41:25.0541 0756 MSKSSRV - ok
11:41:25.0588 0756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:41:25.0588 0756 MSPCLOCK - ok
11:41:25.0603 0756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:41:25.0603 0756 MSPQM - ok
11:41:25.0635 0756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:41:25.0635 0756 mssmbios - ok
11:41:25.0744 0756 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:41:25.0744 0756 Mup - ok
11:41:25.0807 0756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:41:25.0807 0756 NDIS - ok
11:41:25.0869 0756 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:41:25.0869 0756 NdisTapi - ok
11:41:25.0994 0756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:41:25.0994 0756 Ndisuio - ok
11:41:26.0041 0756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:41:26.0041 0756 NdisWan - ok
11:41:26.0088 0756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:41:26.0088 0756 NDProxy - ok
11:41:26.0244 0756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:41:26.0244 0756 NetBIOS - ok
11:41:26.0432 0756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:41:26.0447 0756 NetBT - ok
11:41:26.0713 0756 NETw4x32 (01f8a43ff0b77df0e115a7ed4bd76d68) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
11:41:26.0791 0756 NETw4x32 - ok
11:41:26.0994 0756 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:41:26.0994 0756 NIC1394 - ok
11:41:27.0182 0756 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
11:41:27.0182 0756 Nmea - ok
11:41:27.0307 0756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:41:27.0307 0756 Npfs - ok
11:41:27.0369 0756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:41:27.0369 0756 Ntfs - ok
11:41:27.0494 0756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:41:27.0494 0756 Null - ok
11:41:27.0760 0756 nv (8f91d713ebb1682f36dd93525861149f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:41:27.0963 0756 nv - ok
11:41:28.0104 0756 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
11:41:28.0104 0756 NWADI - ok
11:41:28.0151 0756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:41:28.0151 0756 NwlnkFlt - ok
11:41:28.0182 0756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:41:28.0198 0756 NwlnkFwd - ok
11:41:28.0323 0756 NWUSBCDFIL (224131778c92aee8c13afac5fbff19ca) C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
11:41:28.0323 0756 NWUSBCDFIL - ok
11:41:28.0385 0756 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
11:41:28.0401 0756 NWUSBModem - ok
11:41:28.0432 0756 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
11:41:28.0448 0756 NWUSBPort - ok
11:41:28.0573 0756 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
11:41:28.0573 0756 NWUSBPort2 - ok
11:41:28.0619 0756 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:41:28.0619 0756 ohci1394 - ok
11:41:28.0666 0756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:41:28.0666 0756 Parport - ok
11:41:28.0791 0756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:41:28.0791 0756 PartMgr - ok
11:41:28.0838 0756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:41:28.0838 0756 ParVdm - ok
11:41:28.0870 0756 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
11:41:28.0885 0756 PCASp50 - ok
11:41:28.0916 0756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:41:28.0916 0756 PCI - ok
11:41:29.0010 0756 PCIDump - ok
11:41:29.0057 0756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:41:29.0057 0756 PCIIde - ok
11:41:29.0104 0756 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:41:29.0104 0756 Pcmcia - ok
11:41:29.0307 0756 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
11:41:29.0338 0756 PCTINDIS5 - ok
11:41:29.0401 0756 PDCOMP - ok
11:41:29.0416 0756 PDFRAME - ok
11:41:29.0432 0756 PDRELI - ok
11:41:29.0448 0756 PDRFRAME - ok
11:41:29.0479 0756 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:41:29.0495 0756 perc2 - ok
11:41:29.0510 0756 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:41:29.0510 0756 perc2hib - ok
11:41:29.0604 0756 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:41:29.0604 0756 pmem - ok
11:41:29.0698 0756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:41:29.0698 0756 PptpMiniport - ok
11:41:29.0729 0756 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
11:41:29.0729 0756 PROCDD - ok
11:41:29.0807 0756 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:41:29.0807 0756 Processor - ok
11:41:29.0885 0756 psadd (ce5114c9d3ab67e6f6f8017c5f975292) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:41:29.0901 0756 psadd - ok
11:41:29.0932 0756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:41:29.0932 0756 PSched - ok
11:41:29.0979 0756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:41:29.0979 0756 Ptilink - ok
11:41:30.0057 0756 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:41:30.0057 0756 PxHelp20 - ok
11:41:30.0120 0756 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:41:30.0120 0756 ql1080 - ok
11:41:30.0167 0756 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:41:30.0167 0756 Ql10wnt - ok
11:41:30.0213 0756 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:41:30.0213 0756 ql12160 - ok
11:41:30.0292 0756 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:41:30.0292 0756 ql1240 - ok
11:41:30.0370 0756 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:41:30.0370 0756 ql1280 - ok
11:41:30.0401 0756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:41:30.0401 0756 RasAcd - ok
11:41:30.0448 0756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:41:30.0448 0756 Rasl2tp - ok
11:41:30.0542 0756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:41:30.0542 0756 RasPppoe - ok
11:41:30.0604 0756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:41:30.0620 0756 Raspti - ok
11:41:30.0635 0756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:41:30.0651 0756 Rdbss - ok
11:41:30.0667 0756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:41:30.0682 0756 RDPCDD - ok
11:41:30.0760 0756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:41:30.0760 0756 rdpdr - ok
11:41:30.0854 0756 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:41:30.0854 0756 RDPWD - ok
11:41:30.0901 0756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:41:30.0901 0756 redbook - ok
11:41:30.0995 0756 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:41:30.0995 0756 RimVSerPort - ok
11:41:31.0073 0756 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:41:31.0073 0756 ROOTMODEM - ok
11:41:31.0120 0756 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:41:31.0135 0756 s24trans - ok
11:41:31.0245 0756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:41:31.0245 0756 Secdrv - ok
11:41:31.0323 0756 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:41:31.0323 0756 serenum - ok
11:41:31.0354 0756 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:41:31.0354 0756 Serial - ok
11:41:31.0385 0756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:41:31.0385 0756 Sfloppy - ok
11:41:31.0479 0756 Shockprf (6873edc0d75e1e255208442ea3e018c1) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:41:31.0479 0756 Shockprf - ok
11:41:31.0526 0756 Simbad - ok
11:41:31.0573 0756 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:41:31.0573 0756 sisagp - ok
11:41:31.0651 0756 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
11:41:31.0651 0756 smihlp - ok
11:41:31.0714 0756 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:41:31.0729 0756 Sparrow - ok
11:41:31.0807 0756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:41:31.0807 0756 splitter - ok
11:41:31.0854 0756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:41:31.0854 0756 sr - ok
11:41:31.0901 0756 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:41:31.0917 0756 Srv - ok
11:41:32.0042 0756 SSFS0BB9 (29fb5b5a8fb7d1f6bec12e12751263ac) C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
11:41:32.0042 0756 SSFS0BB9 - ok
11:41:32.0073 0756 SSHRMD (9304b0be1c09aa876be200761a50be65) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
11:41:32.0073 0756 SSHRMD - ok
11:41:32.0120 0756 SSIDRV (d9b7d9e7802706ca624b6953e128aa59) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
11:41:32.0120 0756 SSIDRV - ok
11:41:32.0167 0756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:41:32.0167 0756 swenum - ok
11:41:32.0307 0756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:41:32.0307 0756 swmidi - ok
11:41:32.0354 0756 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\WINDOWS\system32\DRIVERS\swmsflt.sys
11:41:32.0354 0756 swmsflt - ok
11:41:32.0417 0756 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
11:41:32.0417 0756 swmx00 - ok
11:41:32.0557 0756 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
11:41:32.0557 0756 SWNC5E00 - ok
11:41:32.0636 0756 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:41:32.0636 0756 symc810 - ok
11:41:32.0698 0756 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:41:32.0714 0756 symc8xx - ok
11:41:32.0745 0756 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:41:32.0745 0756 sym_hi - ok
11:41:32.0792 0756 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:41:32.0792 0756 sym_u3 - ok
11:41:32.0870 0756 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:41:32.0870 0756 SynTP - ok
11:41:32.0948 0756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:41:32.0948 0756 sysaudio - ok
11:41:33.0011 0756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:41:33.0011 0756 Tcpip - ok
11:41:33.0136 0756 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
11:41:33.0136 0756 tcpipBM - ok
11:41:33.0183 0756 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
11:41:33.0198 0756 TcUsb - ok
11:41:33.0245 0756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:41:33.0261 0756 TDPIPE - ok
11:41:33.0370 0756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:41:33.0370 0756 TDTCP - ok
11:41:33.0417 0756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:41:33.0417 0756 TermDD - ok
11:41:33.0479 0756 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:41:33.0495 0756 TosIde - ok
11:41:33.0605 0756 TPDIGIMN (9c72fdd0fa2d3be3bd5cca211fb19916) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:41:33.0605 0756 TPDIGIMN - ok
11:41:33.0667 0756 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:41:33.0667 0756 TPHKDRV - ok
11:41:33.0714 0756 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
11:41:33.0714 0756 TPPWRIF - ok
11:41:33.0823 0756 TSMAPIP (6880cc241678cc3a148082c05b1db786) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
11:41:33.0823 0756 TSMAPIP - ok
11:41:33.0901 0756 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:41:33.0901 0756 tvtfilter - ok
11:41:33.0948 0756 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:41:33.0948 0756 TVTI2C - ok
11:41:33.0980 0756 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
11:41:33.0980 0756 TVTPktFilter - ok
11:41:34.0089 0756 U2SP (b41df0083a859a8cbe87382c952877ea) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
11:41:34.0089 0756 U2SP - ok
11:41:34.0151 0756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:41:34.0151 0756 Udfs - ok
11:41:34.0167 0756 UIUSys - ok
11:41:34.0214 0756 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:41:34.0214 0756 ultra - ok
11:41:34.0355 0756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:41:34.0355 0756 Update - ok
11:41:34.0511 0756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:41:34.0511 0756 usbccgp - ok
11:41:34.0558 0756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:41:34.0573 0756 usbehci - ok
11:41:34.0605 0756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:41:34.0605 0756 usbhub - ok
11:41:34.0730 0756 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:41:34.0730 0756 usbscan - ok
11:41:34.0761 0756 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:41:34.0761 0756 USBSTOR - ok
11:41:34.0808 0756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:41:34.0808 0756 usbuhci - ok
11:41:34.0839 0756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:41:34.0839 0756 VgaSave - ok
11:41:34.0964 0756 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:41:34.0964 0756 viaagp - ok
11:41:35.0027 0756 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:41:35.0027 0756 ViaIde - ok
11:41:35.0042 0756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:41:35.0058 0756 VolSnap - ok
11:41:35.0105 0756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:41:35.0120 0756 Wanarp - ok
11:41:35.0214 0756 WDICA - ok
11:41:35.0261 0756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:41:35.0277 0756 wdmaud - ok
11:41:35.0339 0756 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:41:35.0355 0756 winachsf - ok
11:41:35.0511 0756 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:41:35.0511 0756 WmiAcpi - ok
11:41:35.0589 0756 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:41:35.0589 0756 WS2IFSL - ok
11:41:35.0652 0756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:41:35.0652 0756 WudfPf - ok
11:41:35.0777 0756 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:41:35.0777 0756 WudfRd - ok
11:41:35.0839 0756 MBR (0x1B8) (2ab40fd3bc9212826f45ca4f99d15f4d) \Device\Harddisk0\DR0
11:41:35.0870 0756 \Device\Harddisk0\DR0 - ok
11:41:35.0870 0756 Boot (0x1200) (f182383cba3106127242a8d3c744d685) \Device\Harddisk0\DR0\Partition0
11:41:35.0870 0756 \Device\Harddisk0\DR0\Partition0 - ok
11:41:35.0870 0756 ============================================================
11:41:35.0870 0756 Scan finished
11:41:35.0870 0756 ============================================================
11:41:35.0886 5096 Detected object count: 0
11:41:35.0886 5096 Actual detected object count: 0

Edited by brantly04, 21 March 2012 - 01:43 PM.


#6 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 21 March 2012 - 01:58 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 11:43:58
-----------------------------
11:43:58.186 OS Version: Windows 5.1.2600 Service Pack 3
11:43:58.186 Number of processors: 2 586 0xF0B
11:43:58.186 ComputerName: BEDGARLT01 UserName: bedgar
11:44:05.733 Initialze error C0000022 - driver not loaded
11:49:37.718 AVAST engine defs: 12032000
11:50:47.687 Service scanning
11:51:35.766 Modules scanning
11:51:35.766 Disk 0 trace - called modules:
11:51:35.766
11:51:36.422 AVAST engine scan C:\WINDOWS
11:52:01.781 AVAST engine scan C:\WINDOWS\system32
11:55:04.454 AVAST engine scan C:\WINDOWS\system32\drivers
11:55:25.360 AVAST engine scan C:\Documents and Settings\bedgar
11:56:49.236 AVAST engine scan C:\Documents and Settings\All Users
11:57:17.691 Scan finished successfully
11:58:26.804 The log file has been saved successfully to "C:\Documents and Settings\bedgar\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 21 March 2012 - 02:46 PM

Hello


does this happen in all browsers or just one and which one does it do it in


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 21 March 2012 - 03:35 PM

firefox

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 21 March 2012 - 04:34 PM

Hello


I thought so, I want you to uninstall firefox and when asked about user data I want that deleted also

then download the latest firefox and reinstall it


come back here and let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 22 March 2012 - 03:37 PM

haven't seen any new redirects after firefox reinstall


Thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 22 March 2012 - 09:48 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 24 March 2012 - 11:41 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 27 March 2012 - 02:02 PM

32 Bit HP CIO Components Installer
Access Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Apple Software Update
BrainStorm QuickHelp
Citrix online plug-in
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Filzip 3.06
Google Earth
Google Update Helper
GoToAssist Corporate
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Image Resizer Powertoy for Windows XP
InstallVC90Support
Integrated Camera
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD
INTOGRATE Axapta - CRM
Java 2 Runtime Environment, SE v1.4.2_17
Java™ 6 Update 20
Lenovo Registration
Lotus Notes 7.0.2
Maintenance Manager
McAfee Agent
McAfee VirusScan Enterprise
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Business Solutions-Axapta Client 3.0 SP4
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
mMHouse
Mozilla Firefox 10.0.2 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
Navision Axapta Client
NVIDIA Drivers
On Screen Display
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
SAManage Agent 4.0.3.6
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Sprint SmartView
Spybot - Search & Destroy
Staples USB-to-Serial Adapter 2.04
System Migration Assistant
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
XP Themes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:19 AM

Posted 27 March 2012 - 05:34 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.3.1
Java 2 Runtime Environment, SE v1.4.2_17
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 brantly04

brantly04
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 28 March 2012 - 05:09 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
bedgar :: BEDGARLT01 [administrator]

Protection: Enabled

3/28/2012 3:00:34 PM
mbam-log-2012-03-28 (15-00-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257944
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users