Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with S.M.A.R.T. HDD


  • This topic is locked This topic is locked
22 replies to this topic

#1 davo09

davo09

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 09 June 2012 - 02:32 PM

Hi, I have a problem with my PC it will not startup correctly. When the PC starts, there is no background and no icons. There are very few programs in the Start menu. Before this happened, I got some error messages and then this program opened up named (S.M.A.R.T HDD scanner). I googled it and found out its a virus. I am able to run the computer in SAFE MODE WITH NETWORKING. I have followed all the steps in your S.M.A.R.T HDD Removal page, but I am having trouble running the TDSSKiller. After i ran the RKill successfully, I was unable to run TDSSKiller. I even tried renaming it to several different names (123.com, iexplore.com) and none of them worked. Im not sure if its because im running all of this in SAFE MODE WITH NETWORKING. Also, when i run GMER, almost all the icons on the right are grayed out. The only ones available to check are the 'services, registry, files, ADS' icons. So when it finished it didnt find any modifications. Thats why the ark file is blank, and it wont let me upload a blank file.

I HAVE A IBM LENOVO THINKPAD, I AM RUNNING WINDOWS XP HOME EDITION WITH SP3.



DDS.TXT
-------

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 11:43:33 on 2012-06-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1752 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
D:\iExplore.exe
D:\iExplore.exe
D:\iExplore.exe
C:\DOCUME~1\ADMINI~1.DAV\LOCALS~1\Temp\RarSFX1\nird\iexplore.exe
C:\DOCUME~1\ADMINI~1.DAV\LOCALS~1\Temp\RarSFX3\nird\iexplore.exe
C:\DOCUME~1\ADMINI~1.DAV\LOCALS~1\Temp\RarSFX2\nird\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.live.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "c:\program files\mediafour\macdrive 7\MacDriveD.exe"
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306138959828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{517A5D47-FBD3-484E-8E61-5BE13F085166} : DhcpNameServer = 172.168.0.1
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.david\application data\mozilla\firefox\profiles\1huu6y6q.default\
.
============= SERVICES / DRIVERS ===============
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-6-23 16384]
S0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-4-18 274048]
S0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2011-7-6 2304912]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-6-23 16400]
S2 MacDriveServiceD;MacDriveServiceD;c:\program files\mediafour\macdrive 7\MacDriveServiceD.exe [2007-4-18 143360]
S2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
S2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257696]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2011-6-23 97808]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2007-9-5 54256]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-6-23 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-6-23 21904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
.
=============== Created Last 30 ================
.
2012-06-09 05:57:21 2127960 ----a-w- C:\hh4h8723hf2243gtf.com.exe
2012-06-08 08:35:10 -------- d-----w- c:\documents and settings\administrator.david\application data\Malwarebytes
2012-06-08 07:47:53 -------- d--h--w- c:\documents and settings\administrator.david\local settings\application data\Mozilla
2012-06-08 07:42:08 250368 ---ha-w- c:\documents and settings\all users\application data\WFk4KX2qMutF9c.exe
.
==================== Find3M ====================
.
2012-06-03 07:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 22:40:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:40:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:50:37.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 12:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 03:04 PM

COMBOFIX LOG
-------------




ComboFix 12-06-10.01 - Administrator 06/10/2012 11:49:31.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1834 [GMT -7:00]
Running from: E:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle
c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\WFk4KX2qMutF9c
c:\documents and settings\All Users\Application Data\WFk4KX2qMutF9c.exe
c:\windows\system32\SET2B0C.tmp
c:\windows\system32\SET2B11.tmp
c:\windows\system32\SET2B18.tmp
c:\windows\system32\SET2B61.tmp
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
E:\Autorun.inf
E:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-09 05:57 . 2012-06-09 06:53 2127960 ----a-w- C:\hh4h8723hf2243gtf.com.exe
2012-06-08 07:43 . 2012-06-08 07:44 -------- d-----w- c:\documents and settings\Administrator.DAVID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 19:31 . 2011-05-23 06:48 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22 . 2006-04-30 05:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 22:40 . 2012-04-12 02:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:40 . 2011-05-23 07:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-04-30 05:10 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-04-30 05:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2012-01-24 03:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 05:16 . 2011-05-23 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-19 23:03 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI2"=diomidi.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 09:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-05 01:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}]
2007-04-18 20:27 159744 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDriveD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [6/23/2011 6:13 PM 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [4/18/2007 4:33 PM 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [7/6/2011 4:30 AM 2304912]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [6/23/2011 6:08 PM 16400]
R2 MacDriveServiceD;MacDriveServiceD;c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe [4/18/2007 11:58 AM 143360]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 7:27 PM 257696]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [6/23/2011 6:08 PM 97808]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [9/5/2007 12:05 PM 54256]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [6/23/2011 6:08 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [6/23/2011 6:08 PM 21904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 10:16 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:40]
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-06-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-05-23 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 172.168.0.1
FF - ProfilePath - c:\documents and settings\Davo\Application Data\Mozilla\Firefox\Profiles\8z6a80xu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
Notify-NavLogon - (no file)
AddRemove-Authorizer_is1 - c:\program files\Propellerhead\Authorizer\Uninstall Authorizer\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\Mediafour\MacDrive 7\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 7\MACDRAPI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\Macromed\Flash\Flash10b.ocx
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\ImgUtil.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\Lenovo\Client Security Solution\css_wizard.exe
.
**************************************************************************
.
Completion time: 2012-06-10 12:52:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 19:52
.
Pre-Run: 25,532,887,040 bytes free
Post-Run: 23,542,558,720 bytes free
.
- - End Of File - - CE898CBCB22A180B687BEC02948F5915










SECURITY CHECK LOG
------------------

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 7 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````







I ran COMBOFIX in SAFE MODE so when it prompted me to update the Recovery Console, I was not connected to the internet because i was in safe mode. So i ran combofix without updating the Recovery Console. My computer is prety much the same, except now i can see all my icons on my desktop. I still have no background wallpaper, the background is blue. My Start button still has limited icons and programs. It does not show all my programs only 6 or 7. I believe i can run combofix again and update the Recovery Console now because i can see all my icons now and i will be able to connect to the internet if needed. PLease let me know what i should do next. Thank you so much!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 03:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 03:51 PM

Hi, neither Tdsskiller or aswmbr worked. I tried them in safe mode as well. Neither one opened up.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 04:00 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 04:27 PM

I ran fixtdss. It said ***Infected MBR detected. I clicked Repair and it said Repair succeeded.

I was able to run tdsskiller. It found no threats. Here is the report:





14:23:21.0187 1856 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:23:21.0921 1856 ============================================================
14:23:21.0921 1856 Current date / time: 2012/06/10 14:23:21.0921
14:23:21.0921 1856 SystemInfo:
14:23:21.0921 1856
14:23:21.0921 1856 OS Version: 5.1.2600 ServicePack: 3.0
14:23:21.0921 1856 Product type: Workstation
14:23:21.0921 1856 ComputerName: DAVID
14:23:21.0921 1856 UserName: Davo
14:23:21.0921 1856 Windows directory: C:\WINDOWS
14:23:21.0921 1856 System windows directory: C:\WINDOWS
14:23:21.0921 1856 Processor architecture: Intel x86
14:23:21.0921 1856 Number of processors: 2
14:23:21.0921 1856 Page size: 0x1000
14:23:21.0921 1856 Boot type: Normal boot
14:23:21.0921 1856 ============================================================
14:23:22.0406 1856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
14:23:22.0406 1856 ============================================================
14:23:22.0406 1856 \Device\Harddisk0\DR0:
14:23:22.0406 1856 MBR partitions:
14:23:22.0406 1856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11F95641
14:23:22.0406 1856 ============================================================
14:23:22.0500 1856 C: <-> \Device\Harddisk0\DR0\Partition0
14:23:22.0515 1856 ============================================================
14:23:22.0515 1856 Initialize success
14:23:22.0515 1856 ============================================================
14:23:31.0890 2408 ============================================================
14:23:31.0890 2408 Scan started
14:23:31.0890 2408 Mode: Manual;
14:23:31.0890 2408 ============================================================
14:23:32.0671 2408 Abiosdsk - ok
14:23:32.0703 2408 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:23:32.0703 2408 abp480n5 - ok
14:23:32.0750 2408 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:23:32.0765 2408 ACPI - ok
14:23:32.0765 2408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:23:32.0765 2408 ACPIEC - ok
14:23:32.0984 2408 AcPrfMgrSvc (9c71bce0d13cf8eddbd7a49b1bcf89ec) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
14:23:32.0984 2408 AcPrfMgrSvc - ok
14:23:33.0015 2408 AcSvc (799e93c5cd5091fb5c5c2ffb494e6620) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
14:23:33.0015 2408 AcSvc - ok
14:23:33.0093 2408 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:23:33.0093 2408 ADIHdAudAddService - ok
14:23:33.0187 2408 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:23:33.0203 2408 AdobeFlashPlayerUpdateSvc - ok
14:23:33.0218 2408 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:23:33.0218 2408 adpu160m - ok
14:23:33.0234 2408 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
14:23:33.0234 2408 AEAudioService - ok
14:23:33.0281 2408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:23:33.0281 2408 aec - ok
14:23:33.0343 2408 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:23:33.0343 2408 AegisP - ok
14:23:33.0390 2408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:23:33.0390 2408 AFD - ok
14:23:33.0437 2408 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
14:23:33.0437 2408 AFS2K - ok
14:23:33.0484 2408 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:23:33.0484 2408 agp440 - ok
14:23:33.0500 2408 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:23:33.0500 2408 agpCPQ - ok
14:23:33.0531 2408 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:23:33.0546 2408 Aha154x - ok
14:23:33.0546 2408 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:23:33.0546 2408 aic78u2 - ok
14:23:33.0546 2408 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:23:33.0562 2408 aic78xx - ok
14:23:33.0593 2408 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:23:33.0593 2408 Alerter - ok
14:23:33.0609 2408 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:23:33.0609 2408 ALG - ok
14:23:33.0609 2408 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:23:33.0609 2408 AliIde - ok
14:23:33.0609 2408 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:23:33.0625 2408 alim1541 - ok
14:23:33.0625 2408 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:23:33.0625 2408 amdagp - ok
14:23:33.0625 2408 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:23:33.0625 2408 amsint - ok
14:23:33.0671 2408 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
14:23:33.0671 2408 ANC - ok
14:23:33.0890 2408 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:23:33.0890 2408 Apple Mobile Device - ok
14:23:33.0906 2408 AppMgmt - ok
14:23:33.0906 2408 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:23:33.0906 2408 asc - ok
14:23:33.0937 2408 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:23:33.0937 2408 asc3350p - ok
14:23:33.0937 2408 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:23:33.0937 2408 asc3550 - ok
14:23:34.0062 2408 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:23:34.0109 2408 aspnet_state - ok
14:23:34.0156 2408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:23:34.0156 2408 AsyncMac - ok
14:23:34.0171 2408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:23:34.0187 2408 atapi - ok
14:23:34.0187 2408 Atdisk - ok
14:23:34.0203 2408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:23:34.0203 2408 Atmarpc - ok
14:23:34.0250 2408 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
14:23:34.0250 2408 atmeltpm - ok
14:23:34.0296 2408 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:23:34.0312 2408 AudioSrv - ok
14:23:34.0343 2408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:23:34.0359 2408 audstub - ok
14:23:34.0359 2408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:23:34.0359 2408 Beep - ok
14:23:34.0437 2408 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:23:34.0578 2408 BITS - ok
14:23:34.0718 2408 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:23:34.0734 2408 Bonjour Service - ok
14:23:34.0781 2408 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:23:34.0781 2408 Browser - ok
14:23:34.0875 2408 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:23:34.0890 2408 BTKRNL - ok
14:23:35.0046 2408 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
14:23:35.0078 2408 btwdins - ok
14:23:35.0125 2408 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
14:23:35.0140 2408 BTWUSB - ok
14:23:35.0296 2408 catchme - ok
14:23:35.0328 2408 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:23:35.0328 2408 cbidf - ok
14:23:35.0328 2408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:23:35.0328 2408 cbidf2k - ok
14:23:35.0343 2408 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:23:35.0343 2408 cd20xrnt - ok
14:23:35.0375 2408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:23:35.0375 2408 Cdaudio - ok
14:23:35.0437 2408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:23:35.0437 2408 Cdfs - ok
14:23:35.0453 2408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:23:35.0468 2408 Cdrom - ok
14:23:35.0468 2408 Changer - ok
14:23:35.0531 2408 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:23:35.0531 2408 CiSvc - ok
14:23:35.0546 2408 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:23:35.0546 2408 ClipSrv - ok
14:23:35.0671 2408 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:23:35.0781 2408 clr_optimization_v2.0.50727_32 - ok
14:23:35.0812 2408 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:23:35.0812 2408 CmBatt - ok
14:23:35.0843 2408 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:23:35.0843 2408 CmdIde - ok
14:23:36.0156 2408 CodeMeter.exe (1c15404ea8fc42dab8a7b3765ed53e58) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
14:23:36.0359 2408 CodeMeter.exe - ok
14:23:36.0906 2408 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:23:36.0906 2408 Compbatt - ok
14:23:36.0906 2408 COMSysApp - ok
14:23:36.0937 2408 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:23:36.0937 2408 Cpqarray - ok
14:23:36.0968 2408 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:23:36.0984 2408 CryptSvc - ok
14:23:37.0015 2408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:23:37.0031 2408 dac2w2k - ok
14:23:37.0031 2408 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:23:37.0031 2408 dac960nt - ok
14:23:37.0062 2408 dalwdmservice (2bbbfb6baa98437f1e35a99a4ceb7690) C:\WINDOWS\system32\drivers\dalwdm.sys
14:23:37.0062 2408 dalwdmservice - ok
14:23:37.0140 2408 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:23:37.0203 2408 DcomLaunch - ok
14:23:37.0281 2408 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:23:37.0296 2408 Dhcp - ok
14:23:37.0343 2408 DigiFilter (74dd46d49809c5f689f24ccdd0d18a4e) C:\WINDOWS\system32\drivers\DigiFilt.sys
14:23:37.0343 2408 DigiFilter - ok
14:23:37.0390 2408 DigiNet (ca0e55b8570e3f4baf8855c3d78e9cc5) C:\WINDOWS\system32\DRIVERS\diginet.sys
14:23:37.0390 2408 DigiNet - ok
14:23:37.0531 2408 DigiRefresh - ok
14:23:37.0687 2408 digiSPTIService (02983523825aec64b6c50d7afd2f694e) C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
14:23:37.0703 2408 digiSPTIService - ok
14:23:37.0718 2408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:23:37.0718 2408 Disk - ok
14:23:37.0843 2408 Diskeeper (0711d2e0f17b31e537b2770a618da41f) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
14:23:37.0875 2408 Diskeeper - ok
14:23:37.0968 2408 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:23:37.0984 2408 DLABOIOM - ok
14:23:38.0000 2408 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:23:38.0000 2408 DLACDBHM - ok
14:23:38.0015 2408 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:23:38.0031 2408 DLADResN - ok
14:23:38.0031 2408 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:23:38.0031 2408 DLAIFS_M - ok
14:23:38.0046 2408 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:23:38.0046 2408 DLAOPIOM - ok
14:23:38.0046 2408 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:23:38.0046 2408 DLAPoolM - ok
14:23:38.0046 2408 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:23:38.0062 2408 DLARTL_N - ok
14:23:38.0062 2408 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:23:38.0078 2408 DLAUDFAM - ok
14:23:38.0093 2408 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:23:38.0093 2408 DLAUDF_M - ok
14:23:38.0093 2408 dmadmin - ok
14:23:38.0203 2408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:23:38.0234 2408 dmboot - ok
14:23:38.0281 2408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:23:38.0296 2408 dmio - ok
14:23:38.0328 2408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:23:38.0328 2408 dmload - ok
14:23:38.0375 2408 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:23:38.0375 2408 dmserver - ok
14:23:38.0390 2408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:23:38.0390 2408 DMusic - ok
14:23:38.0437 2408 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:23:38.0437 2408 Dnscache - ok
14:23:38.0484 2408 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:23:38.0500 2408 Dot3svc - ok
14:23:38.0500 2408 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:23:38.0500 2408 dpti2o - ok
14:23:38.0531 2408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:23:38.0531 2408 drmkaud - ok
14:23:38.0578 2408 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:23:38.0593 2408 DRVMCDB - ok
14:23:38.0593 2408 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:23:38.0609 2408 DRVNDDM - ok
14:23:38.0625 2408 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:23:38.0640 2408 E100B - ok
14:23:38.0687 2408 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:23:38.0703 2408 e1express - ok
14:23:38.0718 2408 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:23:38.0718 2408 EapHost - ok
14:23:38.0750 2408 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
14:23:38.0750 2408 EGATHDRV - ok
14:23:38.0796 2408 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:23:38.0796 2408 ERSvc - ok
14:23:38.0843 2408 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:23:38.0859 2408 Eventlog - ok
14:23:38.0906 2408 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:23:38.0937 2408 EventSystem - ok
14:23:39.0125 2408 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
14:23:39.0156 2408 EvtEng - ok
14:23:39.0203 2408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:23:39.0218 2408 Fastfat - ok
14:23:39.0281 2408 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:23:39.0296 2408 FastUserSwitchingCompatibility - ok
14:23:39.0312 2408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:23:39.0312 2408 Fdc - ok
14:23:39.0328 2408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:23:39.0328 2408 Fips - ok
14:23:39.0328 2408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:23:39.0328 2408 Flpydisk - ok
14:23:39.0359 2408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:23:39.0375 2408 FltMgr - ok
14:23:39.0515 2408 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:23:39.0515 2408 FontCache3.0.0.0 - ok
14:23:39.0562 2408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:23:39.0562 2408 Fs_Rec - ok
14:23:39.0593 2408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:23:39.0593 2408 Ftdisk - ok
14:23:39.0640 2408 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys
14:23:39.0656 2408 G400 - ok
14:23:39.0703 2408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:23:39.0703 2408 GEARAspiWDM - ok
14:23:39.0750 2408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:23:39.0750 2408 Gpc - ok
14:23:39.0796 2408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:23:39.0796 2408 HDAudBus - ok
14:23:39.0875 2408 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:23:39.0875 2408 helpsvc - ok
14:23:39.0906 2408 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:23:39.0921 2408 HidServ - ok
14:23:39.0953 2408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:23:39.0953 2408 HidUsb - ok
14:23:40.0000 2408 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:23:40.0000 2408 hkmsvc - ok
14:23:40.0031 2408 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:23:40.0031 2408 hpn - ok
14:23:40.0062 2408 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:23:40.0062 2408 HPZid412 - ok
14:23:40.0078 2408 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:23:40.0078 2408 HPZipr12 - ok
14:23:40.0109 2408 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:23:40.0109 2408 HPZius12 - ok
14:23:40.0218 2408 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
14:23:40.0218 2408 HSF_DPV - ok
14:23:40.0250 2408 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
14:23:40.0250 2408 HSXHWAZL - ok
14:23:40.0312 2408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:23:40.0328 2408 HTTP - ok
14:23:40.0375 2408 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:23:40.0375 2408 HTTPFilter - ok
14:23:40.0406 2408 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:23:40.0406 2408 i2omgmt - ok
14:23:40.0406 2408 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:23:40.0406 2408 i2omp - ok
14:23:40.0437 2408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:23:40.0437 2408 i8042prt - ok
14:23:40.0546 2408 ialm (1b1601e00d2b8c30888ccc1cdf7cf173) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:23:40.0625 2408 ialm - ok
14:23:40.0734 2408 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:23:40.0750 2408 iaStor - ok
14:23:40.0796 2408 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:23:40.0812 2408 IBMPMDRV - ok
14:23:40.0812 2408 IBMPMSVC (21abd7e16659602723f984f512c65e02) C:\WINDOWS\system32\ibmpmsvc.exe
14:23:40.0828 2408 IBMPMSVC - ok
14:23:40.0859 2408 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
14:23:40.0859 2408 IBMTPCHK - ok
14:23:41.0093 2408 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:23:41.0093 2408 IDriverT - ok
14:23:41.0296 2408 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:23:41.0343 2408 idsvc - ok
14:23:41.0375 2408 iLokDrvr (6ab0d1cddf4cdff2ee190a609db669f8) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
14:23:41.0375 2408 iLokDrvr - ok
14:23:41.0421 2408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:23:41.0421 2408 Imapi - ok
14:23:41.0468 2408 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:23:41.0468 2408 ImapiService - ok
14:23:41.0515 2408 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:23:41.0515 2408 ini910u - ok
14:23:41.0546 2408 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:23:41.0546 2408 IntelIde - ok
14:23:41.0593 2408 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:23:41.0593 2408 intelppm - ok
14:23:41.0593 2408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:23:41.0593 2408 Ip6Fw - ok
14:23:41.0609 2408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:23:41.0609 2408 IpFilterDriver - ok
14:23:41.0609 2408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:23:41.0609 2408 IpInIp - ok
14:23:41.0625 2408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:23:41.0625 2408 IpNat - ok
14:23:41.0812 2408 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:23:41.0875 2408 iPod Service - ok
14:23:41.0906 2408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:23:41.0906 2408 IPSec - ok
14:23:41.0968 2408 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
14:23:41.0968 2408 IPSSVC - ok
14:23:41.0984 2408 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:23:42.0000 2408 irda - ok
14:23:42.0000 2408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:23:42.0000 2408 IRENUM - ok
14:23:42.0046 2408 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
14:23:42.0046 2408 Irmon - ok
14:23:42.0093 2408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:23:42.0093 2408 isapnp - ok
14:23:42.0140 2408 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
14:23:42.0140 2408 Iviaspi - ok
14:23:42.0296 2408 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
14:23:42.0296 2408 JavaQuickStarterService - ok
14:23:42.0312 2408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:23:42.0312 2408 Kbdclass - ok
14:23:42.0359 2408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:23:42.0359 2408 kbdhid - ok
14:23:42.0375 2408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:23:42.0375 2408 kmixer - ok
14:23:42.0421 2408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:23:42.0437 2408 KSecDD - ok
14:23:42.0484 2408 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:23:42.0500 2408 lanmanserver - ok
14:23:42.0546 2408 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:23:42.0562 2408 lanmanworkstation - ok
14:23:42.0578 2408 lbrtfdc - ok
14:23:42.0640 2408 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:23:42.0640 2408 LmHosts - ok
14:23:42.0750 2408 MacDriveServiceD (fc0fa10db4f246d9e9400092613eb90c) C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
14:23:42.0750 2408 MacDriveServiceD - ok
14:23:42.0796 2408 MBX2DFU (d4b52fca374c1bef0a4e3e12deedd7ea) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
14:23:42.0796 2408 MBX2DFU - ok
14:23:42.0828 2408 MBX2MIDK (09343fa1c029a553cbaf5ffa3292e873) C:\WINDOWS\system32\drivers\mbx2midk.sys
14:23:42.0828 2408 MBX2MIDK - ok
14:23:42.0875 2408 MDFSYSNT (1004cb6294dd4af7a7ef2590a1d5d3fb) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
14:23:42.0890 2408 MDFSYSNT - ok
14:23:42.0937 2408 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:23:42.0937 2408 mdmxsdk - ok
14:23:42.0937 2408 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
14:23:42.0937 2408 MDPMGRNT - ok
14:23:42.0953 2408 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:23:42.0953 2408 Messenger - ok
14:23:43.0000 2408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:23:43.0000 2408 mnmdd - ok
14:23:43.0046 2408 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:23:43.0046 2408 mnmsrvc - ok
14:23:43.0062 2408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:23:43.0062 2408 Modem - ok
14:23:43.0078 2408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:23:43.0078 2408 Mouclass - ok
14:23:43.0109 2408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:23:43.0109 2408 mouhid - ok
14:23:43.0125 2408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:23:43.0125 2408 MountMgr - ok
14:23:43.0171 2408 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:23:43.0187 2408 MozillaMaintenance - ok
14:23:43.0203 2408 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:23:43.0203 2408 mraid35x - ok
14:23:43.0234 2408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:23:43.0265 2408 MRxDAV - ok
14:23:43.0343 2408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:23:43.0359 2408 MRxSmb - ok
14:23:43.0421 2408 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:23:43.0421 2408 MSDTC - ok
14:23:43.0421 2408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:23:43.0421 2408 Msfs - ok
14:23:43.0437 2408 MSIServer - ok
14:23:43.0468 2408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:23:43.0468 2408 MSKSSRV - ok
14:23:43.0484 2408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:23:43.0484 2408 MSPCLOCK - ok
14:23:43.0500 2408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:23:43.0500 2408 MSPQM - ok
14:23:43.0546 2408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:23:43.0546 2408 mssmbios - ok
14:23:43.0578 2408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:23:43.0578 2408 Mup - ok
14:23:43.0640 2408 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:23:43.0656 2408 napagent - ok
14:23:43.0687 2408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:23:43.0703 2408 NDIS - ok
14:23:43.0750 2408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:23:43.0750 2408 NdisTapi - ok
14:23:43.0765 2408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:23:43.0765 2408 Ndisuio - ok
14:23:43.0781 2408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:23:43.0796 2408 NdisWan - ok
14:23:43.0828 2408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:23:43.0828 2408 NDProxy - ok
14:23:43.0875 2408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:23:43.0875 2408 NetBIOS - ok
14:23:43.0906 2408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:23:43.0906 2408 NetBT - ok
14:23:43.0953 2408 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:23:43.0968 2408 NetDDE - ok
14:23:43.0968 2408 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:23:43.0984 2408 NetDDEdsdm - ok
14:23:44.0015 2408 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:44.0015 2408 Netlogon - ok
14:23:44.0046 2408 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:23:44.0062 2408 Netman - ok
14:23:44.0234 2408 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:23:44.0250 2408 NetTcpPortSharing - ok
14:23:44.0390 2408 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
14:23:44.0500 2408 NETw3x32 - ok
14:23:44.0984 2408 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:23:45.0000 2408 Nla - ok
14:23:45.0125 2408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:23:45.0125 2408 Npfs - ok
14:23:45.0140 2408 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:23:45.0140 2408 NSCIRDA - ok
14:23:45.0187 2408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:23:45.0218 2408 Ntfs - ok
14:23:45.0265 2408 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:45.0265 2408 NtLmSsp - ok
14:23:45.0328 2408 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:23:45.0359 2408 NtmsSvc - ok
14:23:45.0406 2408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:23:45.0406 2408 Null - ok
14:23:45.0421 2408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:23:45.0421 2408 NwlnkFlt - ok
14:23:45.0437 2408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:23:45.0437 2408 NwlnkFwd - ok
14:23:45.0468 2408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:23:45.0468 2408 Parport - ok
14:23:45.0468 2408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:23:45.0484 2408 PartMgr - ok
14:23:45.0484 2408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:23:45.0484 2408 ParVdm - ok
14:23:45.0484 2408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:23:45.0500 2408 PCI - ok
14:23:45.0500 2408 PCIDump - ok
14:23:45.0500 2408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:23:45.0500 2408 PCIIde - ok
14:23:45.0515 2408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:23:45.0531 2408 Pcmcia - ok
14:23:45.0531 2408 PDCOMP - ok
14:23:45.0531 2408 PDFRAME - ok
14:23:45.0531 2408 PDRELI - ok
14:23:45.0546 2408 PDRFRAME - ok
14:23:45.0578 2408 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:23:45.0578 2408 perc2 - ok
14:23:45.0578 2408 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:23:45.0578 2408 perc2hib - ok
14:23:45.0640 2408 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:23:45.0640 2408 PlugPlay - ok
14:23:45.0703 2408 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
14:23:45.0703 2408 pmem - ok
14:23:45.0750 2408 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
14:23:45.0750 2408 Pml Driver HPZ12 - ok
14:23:45.0750 2408 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:45.0750 2408 PolicyAgent - ok
14:23:45.0812 2408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:23:45.0812 2408 PptpMiniport - ok
14:23:46.0031 2408 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
14:23:46.0031 2408 PrivateDisk - ok
14:23:46.0078 2408 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
14:23:46.0078 2408 PROCDD - ok
14:23:46.0093 2408 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:23:46.0093 2408 Processor - ok
14:23:46.0093 2408 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:46.0093 2408 ProtectedStorage - ok
14:23:46.0125 2408 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
14:23:46.0140 2408 psadd - ok
14:23:46.0156 2408 PsaSrv (a39e2901c4a75781d1be845bd47d1131) C:\WINDOWS\system32\PsaSrv.exe
14:23:46.0171 2408 PsaSrv - ok
14:23:46.0203 2408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:23:46.0203 2408 PSched - ok
14:23:46.0250 2408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:23:46.0250 2408 Ptilink - ok
14:23:46.0296 2408 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:23:46.0296 2408 PxHelp20 - ok
14:23:46.0328 2408 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:23:46.0328 2408 ql1080 - ok
14:23:46.0328 2408 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:23:46.0328 2408 Ql10wnt - ok
14:23:46.0343 2408 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:23:46.0343 2408 ql12160 - ok
14:23:46.0343 2408 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:23:46.0343 2408 ql1240 - ok
14:23:46.0359 2408 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:23:46.0359 2408 ql1280 - ok
14:23:46.0390 2408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:23:46.0390 2408 RasAcd - ok
14:23:46.0453 2408 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:23:46.0453 2408 RasAuto - ok
14:23:46.0515 2408 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:23:46.0515 2408 Rasirda - ok
14:23:46.0531 2408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:23:46.0531 2408 Rasl2tp - ok
14:23:46.0593 2408 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:23:46.0609 2408 RasMan - ok
14:23:46.0625 2408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:23:46.0625 2408 RasPppoe - ok
14:23:46.0671 2408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:23:46.0671 2408 Raspti - ok
14:23:46.0687 2408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:23:46.0703 2408 Rdbss - ok
14:23:46.0718 2408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:23:46.0718 2408 RDPCDD - ok
14:23:46.0750 2408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:23:46.0765 2408 rdpdr - ok
14:23:46.0812 2408 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:23:46.0812 2408 RDPWD - ok
14:23:46.0859 2408 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:23:46.0875 2408 RDSessMgr - ok
14:23:46.0921 2408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:23:46.0921 2408 redbook - ok
14:23:47.0109 2408 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
14:23:47.0125 2408 RegSrvc - ok
14:23:47.0171 2408 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:23:47.0171 2408 RemoteAccess - ok
14:23:47.0187 2408 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:23:47.0203 2408 RpcLocator - ok
14:23:47.0281 2408 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:23:47.0281 2408 RpcSs - ok
14:23:47.0328 2408 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:23:47.0343 2408 RSVP - ok
14:23:47.0421 2408 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
14:23:47.0453 2408 S24EventMonitor - ok
14:23:47.0546 2408 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:23:47.0546 2408 s24trans - ok
14:23:47.0593 2408 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:23:47.0593 2408 SamSs - ok
14:23:47.0640 2408 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:23:47.0640 2408 SCardSvr - ok
14:23:47.0703 2408 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:23:47.0718 2408 Schedule - ok
14:23:47.0765 2408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:23:47.0765 2408 Secdrv - ok
14:23:47.0781 2408 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:23:47.0781 2408 seclogon - ok
14:23:47.0796 2408 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:23:47.0796 2408 SENS - ok
14:23:47.0828 2408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:23:47.0828 2408 serenum - ok
14:23:47.0859 2408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:23:47.0859 2408 Serial - ok
14:23:47.0906 2408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:23:47.0906 2408 Sfloppy - ok
14:23:47.0984 2408 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:23:48.0000 2408 SharedAccess - ok
14:23:48.0046 2408 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:23:48.0046 2408 ShellHWDetection - ok
14:23:48.0093 2408 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
14:23:48.0093 2408 ShockMgr - ok
14:23:48.0109 2408 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
14:23:48.0125 2408 Shockprf - ok
14:23:48.0125 2408 Simbad - ok
14:23:48.0187 2408 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:23:48.0187 2408 sisagp - ok
14:23:48.0234 2408 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
14:23:48.0234 2408 Smapint - ok
14:23:48.0359 2408 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
14:23:48.0359 2408 smi2 - ok
14:23:48.0390 2408 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:23:48.0390 2408 Sparrow - ok
14:23:48.0421 2408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:23:48.0421 2408 splitter - ok
14:23:48.0468 2408 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:23:48.0468 2408 Spooler - ok
14:23:48.0546 2408 SQLWriter (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:23:48.0546 2408 SQLWriter - ok
14:23:48.0578 2408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:23:48.0578 2408 sr - ok
14:23:48.0625 2408 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:23:48.0640 2408 srservice - ok
14:23:48.0703 2408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:23:48.0718 2408 Srv - ok
14:23:48.0750 2408 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:23:48.0750 2408 SSDPSRV - ok
14:23:48.0796 2408 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:23:48.0812 2408 stisvc - ok
14:23:48.0937 2408 SUService (d7e9ce1b498a316067a11f9000d5dee3) c:\program files\lenovo\system update\suservice.exe
14:23:48.0937 2408 SUService - ok
14:23:48.0984 2408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:23:48.0984 2408 swenum - ok
14:23:48.0984 2408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:23:48.0984 2408 swmidi - ok
14:23:49.0000 2408 SwPrv - ok
14:23:49.0031 2408 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:23:49.0031 2408 symc810 - ok
14:23:49.0046 2408 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:23:49.0046 2408 symc8xx - ok
14:23:49.0140 2408 SYMIDSCO - ok
14:23:49.0140 2408 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:23:49.0140 2408 sym_hi - ok
14:23:49.0156 2408 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:23:49.0156 2408 sym_u3 - ok
14:23:49.0203 2408 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:23:49.0234 2408 SynTP - ok
14:23:49.0281 2408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:23:49.0281 2408 sysaudio - ok
14:23:49.0328 2408 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:23:49.0343 2408 SysmonLog - ok
14:23:49.0375 2408 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:23:49.0390 2408 TapiSrv - ok
14:23:49.0453 2408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:23:49.0468 2408 Tcpip - ok
14:23:49.0500 2408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:23:49.0500 2408 TDPIPE - ok
14:23:49.0531 2408 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
14:23:49.0531 2408 TDSMAPI - ok
14:23:49.0546 2408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:23:49.0546 2408 TDTCP - ok
14:23:49.0562 2408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:23:49.0562 2408 TermDD - ok
14:23:49.0593 2408 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:23:49.0609 2408 TermService - ok
14:23:49.0671 2408 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:23:49.0671 2408 Themes - ok
14:23:49.0906 2408 ThinkVantage Registry Monitor Service (bec875caf94e9fd6bc95b84bd07c1e99) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:23:49.0937 2408 ThinkVantage Registry Monitor Service - ok
14:23:49.0968 2408 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:23:49.0968 2408 TosIde - ok
14:23:50.0000 2408 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
14:23:50.0000 2408 TPHDEXLGSVC - ok
14:23:50.0031 2408 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:23:50.0031 2408 TPHKDRV - ok
14:23:50.0078 2408 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys
14:23:50.0078 2408 TPkd - ok
14:23:50.0093 2408 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
14:23:50.0109 2408 TpKmpSVC - ok
14:23:50.0140 2408 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
14:23:50.0140 2408 TPPWRIF - ok
14:23:50.0203 2408 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:23:50.0218 2408 TrkWks - ok
14:23:50.0218 2408 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:23:50.0218 2408 TSMAPIP - ok
14:23:50.0359 2408 TSSCoreService (cf3bc148a6979bcf5af8591e687c1390) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
14:23:50.0437 2408 TSSCoreService - ok
14:23:50.0609 2408 TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:23:50.0718 2408 TVT Backup Service - ok
14:23:50.0890 2408 TVT Scheduler (fe1d3ef5caa8ee28a8b66fa1f180681b) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
14:23:50.0968 2408 TVT Scheduler - ok
14:23:51.0515 2408 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
14:23:51.0515 2408 tvtfilter - ok
14:23:51.0593 2408 tvtnetwk (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
14:23:51.0593 2408 tvtnetwk - ok
14:23:51.0625 2408 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
14:23:51.0625 2408 TVTPktFilter - ok
14:23:51.0687 2408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:23:51.0687 2408 Udfs - ok
14:23:51.0718 2408 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:23:51.0718 2408 ultra - ok
14:23:51.0781 2408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:23:51.0812 2408 Update - ok
14:23:51.0859 2408 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:23:51.0890 2408 upnphost - ok
14:23:51.0890 2408 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:23:51.0906 2408 UPS - ok
14:23:51.0937 2408 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:23:51.0937 2408 USBAAPL - ok
14:23:51.0984 2408 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:23:51.0984 2408 usbaudio - ok
14:23:52.0031 2408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:23:52.0031 2408 usbccgp - ok
14:23:52.0046 2408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:23:52.0046 2408 usbehci - ok
14:23:52.0062 2408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:23:52.0078 2408 usbhub - ok
14:23:52.0093 2408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:23:52.0093 2408 usbprint - ok
14:23:52.0093 2408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:23:52.0093 2408 usbscan - ok
14:23:52.0109 2408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:23:52.0109 2408 USBSTOR - ok
14:23:52.0109 2408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:23:52.0109 2408 usbuhci - ok
14:23:52.0140 2408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:23:52.0140 2408 VgaSave - ok
14:23:52.0156 2408 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:23:52.0156 2408 viaagp - ok
14:23:52.0171 2408 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:23:52.0171 2408 ViaIde - ok
14:23:52.0187 2408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:23:52.0187 2408 VolSnap - ok
14:23:52.0250 2408 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:23:52.0265 2408 VSS - ok
14:23:52.0281 2408 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:23:52.0312 2408 W32Time - ok
14:23:52.0328 2408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:23:52.0328 2408 Wanarp - ok
14:23:52.0328 2408 WDICA - ok
14:23:52.0343 2408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:23:52.0343 2408 wdmaud - ok
14:23:52.0359 2408 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:23:52.0359 2408 WebClient - ok
14:23:52.0453 2408 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
14:23:52.0468 2408 winachsf - ok
14:23:52.0562 2408 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:23:52.0578 2408 winmgmt - ok
14:23:52.0625 2408 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:23:52.0625 2408 WmdmPmSN - ok
14:23:52.0671 2408 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:23:52.0687 2408 WmiApSrv - ok
14:23:52.0890 2408 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:23:52.0937 2408 WMPNetworkSvc - ok
14:23:53.0046 2408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:23:53.0046 2408 WS2IFSL - ok
14:23:53.0078 2408 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:23:53.0093 2408 wscsvc - ok
14:23:53.0125 2408 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:23:53.0125 2408 wuauserv - ok
14:23:53.0171 2408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:23:53.0171 2408 WudfPf - ok
14:23:53.0187 2408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:23:53.0203 2408 WudfRd - ok
14:23:53.0234 2408 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:23:53.0234 2408 WudfSvc - ok
14:23:53.0296 2408 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:23:53.0328 2408 WZCSVC - ok
14:23:53.0375 2408 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:23:53.0390 2408 xmlprov - ok
14:23:53.0421 2408 MBR (0x1B8) (16fd4d8518979b9b9439c260461fc18f) \Device\Harddisk0\DR0
14:23:53.0906 2408 \Device\Harddisk0\DR0 - ok
14:23:53.0968 2408 Boot (0x1200) (0eab035ae39894ed722cbfab2af386a4) \Device\Harddisk0\DR0\Partition0
14:23:53.0968 2408 \Device\Harddisk0\DR0\Partition0 - ok
14:23:53.0968 2408 ============================================================
14:23:53.0968 2408 Scan finished
14:23:53.0968 2408 ============================================================
14:23:53.0968 3288 Detected object count: 0
14:23:53.0968 3288 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 04:39 PM

Greetings

Run in normal mode this time please

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\hh4h8723hf2243gtf.com.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 05:10 PM

ComboFix 12-06-10.01 - Davo 06/10/2012 14:55:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1647 [GMT -7:00]
Running from: c:\documents and settings\Davo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Davo\Desktop\CFScript.txt
.
FILE ::
"C:\hh4h8723hf2243gtf.com.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Davo\Application Data\Propellerhead Software\ReCycle
c:\documents and settings\Davo\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\documents and settings\Davo\Desktop\Data_Recovery.lnk
C:\hh4h8723hf2243gtf.com.exe
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-08 07:43 . 2012-06-08 07:44 -------- d-----w- c:\documents and settings\Administrator.DAVID
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 19:31 . 2011-05-23 06:48 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22 . 2006-04-30 05:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 22:40 . 2012-04-12 02:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:40 . 2011-05-23 07:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-04-30 05:10 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-04-30 05:10 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2012-01-24 03:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-28 05:16 . 2011-05-23 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-10_19.35.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-10 21:17 . 2012-06-10 21:17 16384 c:\windows\temp\Perflib_Perfdata_3c0.dat
+ 2012-06-10 21:17 . 2012-06-10 21:17 16384 c:\windows\temp\Perflib_Perfdata_360.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="c:\program files\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 159744]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-5-22 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=Digi32.dll
"MIDI2"=diomidi.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 09:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-05 01:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 22:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}]
2007-04-18 20:27 159744 ----a-w- c:\program files\Mediafour\MacDrive 7\MacDriveD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [6/23/2011 6:13 PM 16384]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [4/18/2007 4:33 PM 274048]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [7/6/2011 4:30 AM 2304912]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [6/23/2011 6:08 PM 16400]
R2 MacDriveServiceD;MacDriveServiceD;c:\program files\Mediafour\MacDrive 7\MacDriveServiceD.exe [4/18/2007 11:58 AM 143360]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 7:27 PM 257696]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [6/23/2011 6:08 PM 97808]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [9/5/2007 12:05 PM 54256]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [6/23/2011 6:08 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [6/23/2011 6:08 PM 21904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 10:16 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12069279
*Deregistered* - 12069279
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:40]
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-06-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-05-23 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 172.168.0.1
FF - ProfilePath - c:\documents and settings\Davo\Application Data\Mozilla\Firefox\Profiles\8z6a80xu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 15:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1276)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
Completion time: 2012-06-10 15:01:42
ComboFix-quarantined-files.txt 2012-06-10 22:01
ComboFix2.txt 2012-06-10 19:52
.
Pre-Run: 23,433,752,576 bytes free
Post-Run: 23,631,794,176 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7A089F00224EFCB1F7D32D9A2729B41D








Ok so after running that script it seems like everything is still the same except now i can see more programs under my Start menu. I can see more programs but not everything. For example i know i have Jasc Photoshop installed but its not listed in my Start menu under programs as well as other programs i have installed. But i do see some of them showing up that werent there before running that script. I also still see under the Programs in the Start menu a folder named "Data Recovery". I think that was the folder that the S.M.A.R.T. HDD virus was at. In that folder there is an exe named Data Recovery, and an Uninstall Data Recovery icon.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 05:25 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 05:40 PM

OTL.TXT
-------


OTL logfile created on: 6/10/2012 3:30:58 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Davo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 78.10% Memory free
3.94 Gb Paging File | 3.55 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 22.04 Gb Free Space | 15.33% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: Davo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Davo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe (Mediafour Corporation)
PRC - C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe (Mediafour Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_26d4367d\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e45bcd74\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
MOD - C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL ()
MOD - C:\WINDOWS\system32\tphklock.dll ()
MOD - C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll ()
MOD - C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll ()
MOD - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
MOD - C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (CodeMeter.exe) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (DigiRefresh) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (MacDriveServiceD) -- C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe (Mediafour Corporation)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Davo\LOCALS~1\Temp\catchme.sys File not found
DRV - (iLokDrvr) -- C:\WINDOWS\system32\drivers\iLokDrvr.sys (PACE Anti-Piracy, Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo)
DRV - (MBX2MIDK) -- C:\WINDOWS\system32\drivers\mbx2midk.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (MBX2DFU) -- C:\WINDOWS\system32\drivers\mbx2dfu.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (DigiNet) -- C:\WINDOWS\system32\drivers\diginet.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (dalwdmservice) -- C:\WINDOWS\system32\drivers\Dalwdm.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (MDFSYSNT) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (MDPMGRNT) -- C:\WINDOWS\System32\drivers\MDPMGRNT.sys (Mediafour Corporation)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (PrivateDisk) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/27 22:16:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/23 00:36:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Davo\Application Data\Mozilla\Extensions
[2012/05/03 00:23:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Davo\Application Data\Mozilla\Firefox\Profiles\8z6a80xu.default\extensions
[2011/06/23 16:36:18 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Davo\Application Data\Mozilla\Firefox\Profiles\8z6a80xu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/20 00:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/27 22:16:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/15 19:02:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/15 19:02:12 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/10 15:00:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe (Mediafour Corporation)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-921225796-2580783240-1167831359-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306138959828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{517A5D47-FBD3-484E-8E61-5BE13F085166}: DhcpNameServer = 172.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Davo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Davo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/29 22:36:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 15:29:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Davo\Desktop\OTL.exe
[2012/06/10 14:50:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/10 14:46:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Davo\Start Menu\Programs\Administrative Tools
[2012/06/10 14:46:12 | 004,540,367 | R--- | C] (Swearware) -- C:\Documents and Settings\Davo\Desktop\ComboFix.exe
[2012/06/10 14:16:10 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Davo\Desktop\tdsskiller.exe
[2012/06/10 14:09:10 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Davo\Desktop\FixTDSS.exe
[2012/06/10 12:24:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/10 11:39:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/10 11:39:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/10 11:39:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/10 11:39:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/10 11:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/10 11:37:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/08 01:29:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Davo\Recent
[2012/06/08 00:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Davo\Start Menu\Programs\Data Recovery
[2012/05/28 14:53:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 15:29:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Davo\Desktop\OTL.exe
[2012/06/10 15:05:03 | 000,000,474 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2012/06/10 15:04:50 | 000,009,930 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/06/10 15:04:47 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/06/10 15:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/10 15:04:20 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/10 15:00:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/10 14:50:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/10 14:46:12 | 004,540,367 | R--- | M] (Swearware) -- C:\Documents and Settings\Davo\Desktop\ComboFix.exe
[2012/06/10 14:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/10 14:05:14 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Davo\Desktop\FixTDSS.exe
[2012/06/10 13:41:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Davo\Desktop\tdsskiller.exe
[2012/06/08 01:29:54 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9cr
[2012/06/08 01:29:54 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9c
[2012/06/08 01:29:52 | 000,000,862 | -H-- | M] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/07 22:29:08 | 000,315,324 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\ggf3g32 123bpm.rns
[2012/06/07 22:02:18 | 000,145,698 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\All Phil 230 Notes.zip
[2012/06/06 01:29:25 | 000,169,888 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\k3k9k93k.rns
[2012/06/05 23:49:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/05 15:23:59 | 000,376,354 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\backwardsPiano.rns
[2012/05/31 21:20:56 | 000,326,920 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\4if4oifeelsogood.rns
[2012/05/31 20:36:19 | 000,012,176 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 21.sfk
[2012/05/31 20:35:37 | 001,550,218 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 21.wav
[2012/05/31 17:17:49 | 003,364,749 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\301-Ch12-Business-Intelligence.pdf
[2012/05/31 17:17:35 | 002,909,013 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\301-Ch12-Data-Mining.pdf
[2012/05/31 15:32:44 | 000,298,220 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\3gg5hgg543.rns
[2012/05/31 06:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/28 21:17:34 | 000,176,532 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\jngiu839865.rns
[2012/05/28 19:07:52 | 000,192,080 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\g45g7yw3.rns
[2012/05/28 14:49:20 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/28 12:32:37 | 000,128,560 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 19.sfk
[2012/05/28 12:32:37 | 000,018,608 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 20.sfk
[2012/05/28 12:25:53 | 002,373,378 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 20.wav
[2012/05/28 12:25:24 | 016,447,450 | ---- | M] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 19.wav
[2012/05/26 15:07:40 | 000,731,672 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\f4hgg4573.rns
[2012/05/22 15:43:33 | 000,318,766 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\huhoihorch78.rns
[2012/05/22 04:03:09 | 000,254,970 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\gggg526fg 32.rns
[2012/05/20 02:37:27 | 000,258,778 | ---- | M] () -- C:\Documents and Settings\Davo\Desktop\h4ki3ushuff.rns
[2012/05/11 23:43:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 14:57:02 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
[2012/06/10 14:57:02 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/10 14:56:54 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/06/10 14:56:54 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/06/10 14:56:54 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/06/10 14:56:54 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/06/10 14:56:54 | 000,002,030 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/06/10 14:56:54 | 000,001,987 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/06/10 14:56:54 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/06/10 14:56:54 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pro Tools LE.lnk
[2012/06/10 14:56:54 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2012/06/10 14:56:54 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/06/10 14:56:54 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/10 14:56:54 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/06/10 14:56:54 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2012/06/10 14:56:53 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Pro Tools LE.lnk
[2012/06/10 14:56:53 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/10 14:56:53 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/06/10 14:56:53 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/10 14:56:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/06/10 14:50:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/10 14:50:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/10 14:06:55 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/10 11:39:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/10 11:39:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/10 11:39:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/10 11:39:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/10 11:39:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/08 01:29:51 | 000,000,862 | -H-- | C] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/08 00:42:31 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9cr
[2012/06/08 00:42:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9c
[2012/06/07 22:02:17 | 000,145,698 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\All Phil 230 Notes.zip
[2012/06/07 03:20:00 | 000,315,324 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\ggf3g32 123bpm.rns
[2012/06/05 15:26:27 | 000,169,888 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\k3k9k93k.rns
[2012/06/05 14:15:45 | 000,376,354 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\backwardsPiano.rns
[2012/05/31 20:49:42 | 000,326,920 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\4if4oifeelsogood.rns
[2012/05/31 20:35:37 | 000,012,176 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 21.sfk
[2012/05/31 20:35:27 | 001,550,218 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 21.wav
[2012/05/31 17:16:28 | 002,909,013 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\301-Ch12-Data-Mining.pdf
[2012/05/31 17:16:19 | 003,364,749 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\301-Ch12-Business-Intelligence.pdf
[2012/05/31 15:32:43 | 000,298,220 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\3gg5hgg543.rns
[2012/05/28 21:15:17 | 000,176,532 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\jngiu839865.rns
[2012/05/28 19:07:51 | 000,192,080 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\g45g7yw3.rns
[2012/05/28 12:25:53 | 000,018,608 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 20.sfk
[2012/05/28 12:25:24 | 002,373,378 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 20.wav
[2012/05/28 12:25:24 | 000,128,560 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 19.sfk
[2012/05/28 12:23:49 | 016,447,450 | ---- | C] () -- C:\Documents and Settings\Davo\My Documents\Track 1 Recording 19.wav
[2012/05/26 01:13:02 | 000,731,672 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\f4hgg4573.rns
[2012/05/22 15:33:31 | 000,318,766 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\huhoihorch78.rns
[2012/05/20 02:37:23 | 000,258,778 | ---- | C] () -- C:\Documents and Settings\Davo\Desktop\h4ki3ushuff.rns
[2012/02/14 23:32:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/29 00:55:54 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/25 19:20:51 | 000,000,127 | RHS- | C] () -- C:\WINDOWS\Regbak.dat
[2011/06/23 18:08:17 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/06/23 18:08:00 | 001,362,460 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2011/05/30 14:34:52 | 000,056,044 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/29 19:23:50 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Davo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/23 19:32:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/23 00:36:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/23 00:03:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/05/22 23:53:35 | 000,000,474 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2011/05/22 23:48:11 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2011/05/22 23:47:43 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011/05/22 23:47:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2011/05/22 23:43:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2011/05/22 23:40:44 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/22 23:39:13 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/05/22 23:39:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/05/22 23:39:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/05/22 23:39:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/05/22 23:39:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/05/22 23:39:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/05/22 23:33:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2011/05/22 23:31:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2011/05/22 23:31:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/05/22 23:31:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2011/05/22 23:31:40 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2011/05/22 23:31:31 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2011/05/22 23:28:12 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2011/05/22 23:23:11 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1086 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Lv7DEBKHBXm2ajTQwnfKk
@Alternate Data Stream - 1080 bytes -> C:\Program Files\Outlook Express:hs4bnTlGAhLU2YVSF
@Alternate Data Stream - 1073 bytes -> C:\Program Files\Outlook Express:SNaFXrek0rXQkSxjZ9ELwqVhGe
@Alternate Data Stream - 1047 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zHqHsEqFwSrzyAACVa24Ut

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 05:56 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 1086 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:Lv7DEBKHBXm2ajTQwnfKk
    @Alternate Data Stream - 1080 bytes -> C:\Program Files\Outlook Express:hs4bnTlGAhLU2YVSF
    @Alternate Data Stream - 1073 bytes -> C:\Program Files\Outlook Express:SNaFXrek0rXQkSxjZ9ELwqVhGe
    @Alternate Data Stream - 1047 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zHqHsEqFwSrzyAACVa24Ut    
    [2012/06/08 00:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Davo\Start Menu\Programs\Data Recovery
    [2012/06/08 01:29:54 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9cr
    [2012/06/08 01:29:54 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9c
    [2012/06/08 01:29:52 | 000,000,862 | -H-- | M] () -- C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 06:14 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Lv7DEBKHBXm2ajTQwnfKk deleted successfully.
ADS C:\Program Files\Outlook Express:hs4bnTlGAhLU2YVSF deleted successfully.
ADS C:\Program Files\Outlook Express:SNaFXrek0rXQkSxjZ9ELwqVhGe deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:zHqHsEqFwSrzyAACVa24Ut deleted successfully.
C:\Documents and Settings\Davo\Start Menu\Programs\Data Recovery folder moved successfully.
C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9cr moved successfully.
C:\Documents and Settings\All Users\Application Data\-WFk4KX2qMutF9c moved successfully.
C:\Documents and Settings\Davo\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Davo\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Davo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.DAVID

User: All Users

User: Davo
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.DAVID
->Flash cache emptied: 56468 bytes

User: All Users

User: Davo
->Flash cache emptied: 73404 bytes

User: Default User
->Flash cache emptied: 56468 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06102012_160326






After I ran OTL for the first time, when it finished, I could see some icons back on my desktop. I saw my Mozilla icon, and a few other program shortcut icons that i had on my desktop. But they were grayed out. Kind of like when you hide files in a folder they look grayed out, thats how they looked on my desktop. But now they are gone again. The computer is still the same, except that the Data Recovery file in the Programs start menu is gone.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:29 PM

Posted 10 June 2012 - 06:47 PM

Hello


I would like you to run this first to see if they are hidden - http://download.bleepingcomputer.com/grinler/unhide.exe



Now I would like you to run this next to replace the defualt folders in the start menu

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe - XP


If running unhide did not work then the shortcuts are going to have to be remade

Using Avast as an example it can be done this way

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast

Edited by gringo_pr, 10 June 2012 - 06:47 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 davo09

davo09
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 10 June 2012 - 07:15 PM

Ok the Unhide worked i can now see my icons on the desktop. I can also see all my start menu programs showing up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users