Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Removal - 7search


  • This topic is locked This topic is locked
26 replies to this topic

#1 quietkeyp

quietkeyp

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 23 July 2012 - 10:32 AM

This is happening on a family computer running WinXP. The browser has become infected with the redirect to 7search.com for all requests. When trying to remove it, basically any time a program reaches out to try and clean the PC the PC terminates with the blue screen. I'm able to run a quick scan with AntiMalwarebytes which run's to completion with no errors found, but if either AVG (which is the anti virus I was running) tries to clean it up, or Avast which I downloaded to try and see if that would be able to clean it up tries, the scan will run for a while until it must touch a file that the virus doesn't want it to touch and it throws it into the blue screen.

I tried a few different things, such as running AntiMalwarebytes, CCleaner, AVG, Avast, as well as searching the web for options, but there is no way that I can seem to clean this up and to get a complete scan without crashing. Once the PC does crash, it frequently takes two or three reboots to get back up, the first couple of times the restart crashes on the blue screen as well. But, once I can get it up, as long as I don't take any effort to clean it up, but just run regular programs like notepad, outlook express, chrome, IE, they all run fine. Of course, with the redirect, i have to actually type the URL in that I want to go to rather than use search engines, but the PC does function. Just don't try and fix it.....

I was able to download and run DDS.scr, however, when running gmer, that crashes on blue screen as well, so can't provide any feedback on that report.

DDS is below. attach.txt is attached.

Thanks for any help.

Tim

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by admin at 18:57:37 on 2012-07-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3016.2181 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\PlayMemories Home\dfs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=100000348&p=ZSYYYYYYCJUS&a=EfDkksFNpHaTjYSWnKOI0w&n=2012030517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261666304655
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261834055484
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{DB2707A7-F84E-4DD8-8374-2AF4ECB4349C} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\wer7ndt6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-15_5d765a4e1a5947879025b89ee1a3b409_15_15_20120316_US_ff_ab_&query=
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-21 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-21 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-21 21256]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-21 44808]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DeviceFinderService;DeviceFinderService;c:\program files\sony\playmemories home\dfs.exe [2012-4-22 149048]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2010-2-27 135168]
R2 IDriveWebM;IDrive WebManager;c:\program files\idrive\IDriveWebM.exe [2010-2-27 106496]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-2-15 474168]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-24 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-24 62320]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-12-24 2058776]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2012-1-27 203776]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-24 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]
S0 unswj;unswj;c:\windows\system32\drivers\ugfko.sys --> c:\windows\system32\drivers\ugfko.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2010-9-18 34792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-24 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [2010-6-25 95744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-21 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-22 02:42:03 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 02:41:50 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:41:38 -------- d-----w- c:\program files\AVAST Software
2012-07-22 02:41:38 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-06-23 19:25:51 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-06-23 19:25:40 -------- d-----w- c:\windows\Logs
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 18:59:35.01 ===============
Attached File  attach.txt   19.65KB   0 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 28 July 2012 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462072 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 29 July 2012 - 04:29 PM

The issue does continue, and if anything is worse. When going into IE or Chrome, I can't get to www.google.com, while if I go to www.sun.com or www.yahoo.com, or anywhere else, I can get there. And any sort of scan will throw the computer into a blue screen.

As before, the gmer won't run, it goes to blue screen, however the dds is below, and the attach.txt is attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by admin at 16:11:07 on 2012-07-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3016.788 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\PlayMemories Home\dfs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\IDrive\IDriveWebM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Lenovo ThinkVantage Toolbox: {86b9b5dd-fb75-4035-bd52-3c94f7849caf} - c:\program files\pc-doctor\ATLPcdToolbar544928.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\admin\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.mywebsearch.com/one-toolbaredits/menusearch.jhtml?s=100000348&p=ZSYYYYYYCJUS&a=EfDkksFNpHaTjYSWnKOI0w&n=2012030517
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261666304655
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261834055484
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{3860948F-95B7-4637-83D2-5539C5DF1A11} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{DB2707A7-F84E-4DD8-8374-2AF4ECB4349C} : DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\wer7ndt6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-15_5d765a4e1a5947879025b89ee1a3b409_15_15_20120316_US_ff_ab_&query=
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 31952]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-21 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-21 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 301248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-21 21256]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-21 44808]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DeviceFinderService;DeviceFinderService;c:\program files\sony\playmemories home\dfs.exe [2012-4-22 149048]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 IDriveE Service;IDriveE Service;c:\program files\idrive\IDriveE Service.exe [2010-2-27 135168]
R2 IDriveWebM;IDrive WebManager;c:\program files\idrive\IDriveWebM.exe [2010-2-27 106496]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-2-15 474168]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-24 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-24 62320]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-12-24 2058776]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2012-1-27 203776]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-24 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-21 11520]
S0 unswj;unswj;c:\windows\system32\drivers\ugfko.sys --> c:\windows\system32\drivers\ugfko.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [2010-9-18 34792]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-24 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [2010-6-25 95744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-22 02:42:03 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 02:41:50 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:41:38 -------- d-----w- c:\program files\AVAST Software
2012-07-22 02:41:38 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2012-07-27 12:49:20 98304 ----a-w- c:\windows\DUMP6205.tmp
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 16:12:58.43 ===============
Attached File  attach.txt   22.7KB   2 downloads

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 29 July 2012 - 11:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 July 2012 - 10:58 AM

The computer continues to blue screen whenever action is taken to try and remediate issues.

I was able to download and run the security check, and the result is below.

I was able to download and start to run combofix.exe as well. It gets to step 50, writes a message out that a file is infected and trying to restore it, say's that it was restored, then starts to delete some files and then bluescreens. I ran combofix multiple times, one time the file that was infected was c:\windows\system32\samsrv.dll, the second time I ran combofix it said that the file that was infected was c:\windows\system32.services.exe. There is no log produced out of combofix on the desktop, which is where the exe is run from, so can't share any specific info on it other than it get's to step 50 and bluescreens.




checkup.txt

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 18
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 30 July 2012 - 11:44 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 July 2012 - 01:00 PM

Booting into safe mode didn't help. After I booted into safe mode and started combofix, this time combofix did NOT put up any message about corrupted files. However, when it got to the same step 50 it did indicate that it was going to delete files. It logged that it was deleting C:\Program Files\Amazon Browser Bar\AmazonBrowzerBar.3.0.dll and then bluescreened again.

I tried a second time, still in safe mode, and the same result occurred.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 30 July 2012 - 01:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 July 2012 - 02:38 PM

Thanks for your assistance on this. Hope this gives you more information.

The logs from tdsskiller and aswmbr are below



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 15:28:54
-----------------------------
15:28:54.531 OS Version: Windows 5.1.2600 Service Pack 3
15:28:54.531 Number of processors: 2 586 0x1706
15:28:54.531 ComputerName: INTELINSIDE UserName: admin
15:28:55.234 Initialize success
15:28:55.296 AVAST engine defs: 12073000
15:29:34.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:29:34.140 Disk 0 Vendor: FUJITSU_ 0084 Size: 152627MB BusType: 3
15:29:34.156 Disk 0 MBR read successfully
15:29:34.156 Disk 0 MBR scan
15:29:34.531 Disk 0 Windows XP default MBR code
15:29:34.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
15:29:34.812 Disk 0 scanning sectors +312560640
15:29:35.093 Disk 0 scanning C:\WINDOWS\system32\drivers
15:29:50.093 Service scanning
15:30:06.609 Modules scanning
15:30:10.968 Disk 0 trace - called modules:
15:30:10.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
15:30:10.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad60030]
15:30:10.984 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000090[0x8acb7b50]
15:30:10.984 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ad27028]
15:30:11.828 AVAST engine scan C:\WINDOWS
15:30:18.093 AVAST engine scan C:\WINDOWS\system32
15:32:16.656 AVAST engine scan C:\WINDOWS\system32\drivers
15:32:31.406 AVAST engine scan C:\Documents and Settings\admin
15:33:13.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin\Desktop\MBR.dat"
15:33:13.687 The log file has been saved successfully to "C:\Documents and Settings\admin\Desktop\aswMBR.txt"





15:22:21.0031 2956 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:22:21.0296 2956 ============================================================
15:22:21.0296 2956 Current date / time: 2012/07/30 15:22:21.0296
15:22:21.0296 2956 SystemInfo:
15:22:21.0296 2956
15:22:21.0296 2956 OS Version: 5.1.2600 ServicePack: 3.0
15:22:21.0296 2956 Product type: Workstation
15:22:21.0296 2956 ComputerName: INTELINSIDE
15:22:21.0296 2956 UserName: admin
15:22:21.0296 2956 Windows directory: C:\WINDOWS
15:22:21.0296 2956 System windows directory: C:\WINDOWS
15:22:21.0296 2956 Processor architecture: Intel x86
15:22:21.0296 2956 Number of processors: 2
15:22:21.0296 2956 Page size: 0x1000
15:22:21.0296 2956 Boot type: Normal boot
15:22:21.0296 2956 ============================================================
15:22:22.0375 2956 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:22:22.0375 2956 Drive \Device\Harddisk1\DR2 - Size: 0x1DE200000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:22:22.0375 2956 Drive \Device\Harddisk2\DR4 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:22:22.0375 2956 ============================================================
15:22:22.0375 2956 \Device\Harddisk0\DR0:
15:22:22.0375 2956 MBR partitions:
15:22:22.0375 2956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
15:22:22.0375 2956 \Device\Harddisk1\DR2:
15:22:22.0375 2956 MBR partitions:
15:22:22.0375 2956 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEF080
15:22:22.0375 2956 \Device\Harddisk2\DR4:
15:22:22.0390 2956 MBR partitions:
15:22:22.0390 2956 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
15:22:22.0390 2956 ============================================================
15:22:22.0421 2956 C: <-> \Device\Harddisk0\DR0\Partition0
15:22:22.0421 2956 G: <-> \Device\Harddisk2\DR4\Partition0
15:22:22.0421 2956 ============================================================
15:22:22.0421 2956 Initialize success
15:22:22.0421 2956 ============================================================
15:22:26.0234 2800 ============================================================
15:22:26.0234 2800 Scan started
15:22:26.0234 2800 Mode: Manual;
15:22:26.0234 2800 ============================================================
15:22:26.0765 2800 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:22:26.0781 2800 Aavmker4 - ok
15:22:26.0781 2800 Abiosdsk - ok
15:22:26.0781 2800 abp480n5 - ok
15:22:26.0843 2800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:22:26.0859 2800 ACPI - ok
15:22:26.0875 2800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:22:26.0875 2800 ACPIEC - ok
15:22:26.0906 2800 ADMonitor (e1b1af64c4977a08e099527de83204d0) C:\WINDOWS\system32\ADMonitor.exe
15:22:26.0906 2800 ADMonitor - ok
15:22:26.0906 2800 adpu160m - ok
15:22:26.0968 2800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:22:26.0968 2800 aec - ok
15:22:27.0031 2800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:22:27.0046 2800 AFD - ok
15:22:27.0046 2800 Aha154x - ok
15:22:27.0046 2800 aic78u2 - ok
15:22:27.0062 2800 aic78xx - ok
15:22:27.0093 2800 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:22:27.0109 2800 Alerter - ok
15:22:27.0125 2800 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:22:27.0125 2800 ALG - ok
15:22:27.0125 2800 AliIde - ok
15:22:27.0125 2800 amsint - ok
15:22:27.0625 2800 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:22:27.0625 2800 Apple Mobile Device - ok
15:22:27.0671 2800 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:22:27.0687 2800 AppMgmt - ok
15:22:27.0718 2800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:22:27.0718 2800 Arp1394 - ok
15:22:27.0718 2800 asc - ok
15:22:27.0718 2800 asc3350p - ok
15:22:27.0734 2800 asc3550 - ok
15:22:27.0812 2800 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:22:27.0859 2800 aspnet_state - ok
15:22:27.0890 2800 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:22:27.0890 2800 aswFsBlk - ok
15:22:27.0921 2800 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
15:22:27.0921 2800 aswMon2 - ok
15:22:27.0937 2800 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
15:22:27.0937 2800 AswRdr - ok
15:22:27.0984 2800 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
15:22:27.0984 2800 aswSnx - ok
15:22:28.0015 2800 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
15:22:28.0015 2800 aswSP - ok
15:22:28.0031 2800 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
15:22:28.0031 2800 aswTdi - ok
15:22:28.0031 2800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:22:28.0031 2800 AsyncMac - ok
15:22:28.0078 2800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:22:28.0078 2800 atapi - ok
15:22:28.0078 2800 Atdisk - ok
15:22:28.0109 2800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:22:28.0109 2800 Atmarpc - ok
15:22:28.0250 2800 ATService (9b86567a73931608023a7642a173a095) C:\WINDOWS\system32\AtService.exe
15:22:28.0250 2800 ATService - ok
15:22:28.0390 2800 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
15:22:28.0406 2800 ATSwpWDF - ok
15:22:28.0437 2800 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:22:28.0437 2800 AudioSrv - ok
15:22:28.0484 2800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:22:28.0484 2800 audstub - ok
15:22:28.0546 2800 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:22:28.0546 2800 avast! Antivirus - ok
15:22:28.0937 2800 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:22:28.0968 2800 AVGIDSAgent - ok
15:22:29.0062 2800 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
15:22:29.0078 2800 AVGIDSDriver - ok
15:22:29.0078 2800 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
15:22:29.0078 2800 AVGIDSFilter - ok
15:22:29.0093 2800 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
15:22:29.0093 2800 AVGIDSHX - ok
15:22:29.0125 2800 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
15:22:29.0125 2800 AVGIDSShim - ok
15:22:29.0187 2800 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:22:29.0187 2800 Avgldx86 - ok
15:22:29.0187 2800 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:22:29.0187 2800 Avgmfx86 - ok
15:22:29.0203 2800 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:22:29.0203 2800 Avgrkx86 - ok
15:22:29.0296 2800 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:22:29.0296 2800 Avgtdix - ok
15:22:29.0437 2800 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:22:29.0437 2800 avgwd - ok
15:22:29.0468 2800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:22:29.0484 2800 Beep - ok
15:22:29.0531 2800 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:22:29.0593 2800 BITS - ok
15:22:29.0656 2800 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:22:29.0656 2800 Bonjour Service - ok
15:22:29.0687 2800 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:22:29.0687 2800 Browser - ok
15:22:29.0703 2800 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
15:22:29.0703 2800 BTDriver - ok
15:22:29.0796 2800 BTKRNL (cbe422be7a6a34557fae9e5734d577e2) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
15:22:29.0812 2800 BTKRNL - ok
15:22:29.0906 2800 btwdins (5e1bf3b9b5a7fc477f08776c61bdd422) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
15:22:29.0906 2800 btwdins - ok
15:22:29.0953 2800 BTWUSB (90078a07da643317d9de386d87cd7604) C:\WINDOWS\system32\Drivers\btwusb.sys
15:22:29.0953 2800 BTWUSB - ok
15:22:30.0046 2800 catchme - ok
15:22:30.0078 2800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:22:30.0078 2800 cbidf2k - ok
15:22:30.0109 2800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:22:30.0109 2800 CCDECODE - ok
15:22:30.0109 2800 cd20xrnt - ok
15:22:30.0140 2800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:22:30.0140 2800 Cdaudio - ok
15:22:30.0171 2800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:22:30.0171 2800 Cdfs - ok
15:22:30.0187 2800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:22:30.0187 2800 Cdrom - ok
15:22:30.0187 2800 Changer - ok
15:22:30.0218 2800 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:22:30.0218 2800 CiSvc - ok
15:22:30.0234 2800 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:22:30.0234 2800 ClipSrv - ok
15:22:30.0312 2800 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:30.0328 2800 clr_optimization_v2.0.50727_32 - ok
15:22:30.0421 2800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:30.0421 2800 clr_optimization_v4.0.30319_32 - ok
15:22:30.0421 2800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:22:30.0437 2800 CmBatt - ok
15:22:30.0437 2800 CmdIde - ok
15:22:30.0515 2800 CnxtHdAudService (6f499b03af3d523990adb1566d6805bd) C:\WINDOWS\system32\drivers\CHDAU32.sys
15:22:30.0515 2800 CnxtHdAudService - ok
15:22:30.0515 2800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:22:30.0531 2800 Compbatt - ok
15:22:30.0531 2800 COMSysApp - ok
15:22:30.0531 2800 Cpqarray - ok
15:22:30.0562 2800 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:22:30.0578 2800 CryptSvc - ok
15:22:30.0578 2800 dac2w2k - ok
15:22:30.0578 2800 dac960nt - ok
15:22:30.0625 2800 DCamUSBUVT (109b8cdb404729f82477ec2c668123ea) C:\WINDOWS\system32\Drivers\usbuvt.sys
15:22:30.0625 2800 DCamUSBUVT - ok
15:22:30.0703 2800 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:22:30.0718 2800 DcomLaunch - ok
15:22:30.0828 2800 DeviceFinderService (ec4718a0ff97252f99fc651cd06cade3) C:\Program Files\Sony\PlayMemories Home\dfs.exe
15:22:30.0843 2800 DeviceFinderService - ok
15:22:30.0890 2800 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:22:30.0890 2800 Dhcp - ok
15:22:30.0906 2800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:22:30.0906 2800 Disk - ok
15:22:30.0906 2800 dmadmin - ok
15:22:30.0968 2800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:22:30.0984 2800 dmboot - ok
15:22:30.0984 2800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:22:31.0000 2800 dmio - ok
15:22:31.0015 2800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:22:31.0015 2800 dmload - ok
15:22:31.0031 2800 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:22:31.0031 2800 dmserver - ok
15:22:31.0062 2800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:22:31.0062 2800 DMusic - ok
15:22:31.0109 2800 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:22:31.0109 2800 Dnscache - ok
15:22:31.0156 2800 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:22:31.0171 2800 Dot3svc - ok
15:22:31.0171 2800 dpti2o - ok
15:22:31.0187 2800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:22:31.0187 2800 drmkaud - ok
15:22:31.0234 2800 dtsvc (a001463cecd4858c789559f3ae47e453) C:\WINDOWS\system32\DTS.exe
15:22:31.0234 2800 dtsvc - ok
15:22:31.0265 2800 DVR2INS (21af611eed87354aebfde8f34e201a35) C:\WINDOWS\system32\Drivers\dvr2ins.sys
15:22:31.0265 2800 DVR2INS - ok
15:22:31.0312 2800 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
15:22:31.0312 2800 e1yexpress - ok
15:22:31.0343 2800 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:22:31.0343 2800 EapHost - ok
15:22:31.0359 2800 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:22:31.0359 2800 ERSvc - ok
15:22:31.0375 2800 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
15:22:31.0390 2800 Eventlog - ok
15:22:31.0421 2800 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:22:31.0437 2800 EventSystem - ok
15:22:31.0562 2800 EvtEng (a57be3307ada2fc086b5b43135735283) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:22:31.0562 2800 EvtEng - ok
15:22:31.0625 2800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:22:31.0640 2800 Fastfat - ok
15:22:31.0671 2800 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:22:31.0687 2800 FastUserSwitchingCompatibility - ok
15:22:31.0703 2800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:22:31.0703 2800 Fdc - ok
15:22:31.0750 2800 FingerprintServer (675d84dd327145ddefc0c90403835796) C:\WINDOWS\system32\FpLogonServ.exe
15:22:31.0750 2800 FingerprintServer - ok
15:22:31.0765 2800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:22:31.0765 2800 Fips - ok
15:22:31.0859 2800 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
15:22:31.0875 2800 FlipShare Service - ok
15:22:31.0937 2800 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
15:22:31.0953 2800 FlipShareServer - ok
15:22:32.0031 2800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:22:32.0031 2800 Flpydisk - ok
15:22:32.0078 2800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:22:32.0078 2800 FltMgr - ok
15:22:32.0171 2800 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:22:32.0171 2800 FontCache3.0.0.0 - ok
15:22:32.0187 2800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:22:32.0203 2800 Fs_Rec - ok
15:22:32.0203 2800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:22:32.0203 2800 Ftdisk - ok
15:22:32.0250 2800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:22:32.0250 2800 GEARAspiWDM - ok
15:22:32.0250 2800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:22:32.0250 2800 Gpc - ok
15:22:32.0343 2800 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:22:32.0343 2800 gupdate - ok
15:22:32.0343 2800 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:22:32.0343 2800 gupdatem - ok
15:22:32.0406 2800 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:32.0421 2800 gusvc - ok
15:22:32.0437 2800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:22:32.0437 2800 HDAudBus - ok
15:22:32.0500 2800 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:22:32.0500 2800 HECI - ok
15:22:32.0546 2800 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:22:32.0546 2800 helpsvc - ok
15:22:32.0578 2800 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:22:32.0578 2800 HidServ - ok
15:22:32.0593 2800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:22:32.0609 2800 HidUsb - ok
15:22:32.0640 2800 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:22:32.0640 2800 hkmsvc - ok
15:22:32.0640 2800 hpn - ok
15:22:32.0718 2800 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:22:32.0734 2800 hpqcxs08 - ok
15:22:32.0750 2800 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:22:32.0750 2800 hpqddsvc - ok
15:22:32.0765 2800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:22:32.0765 2800 HPZid412 - ok
15:22:32.0781 2800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:22:32.0781 2800 HPZipr12 - ok
15:22:32.0781 2800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:22:32.0781 2800 HPZius12 - ok
15:22:32.0812 2800 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:22:32.0828 2800 HSFHWAZL - ok
15:22:32.0890 2800 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:22:32.0906 2800 HSF_DPV - ok
15:22:32.0953 2800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:22:32.0968 2800 HTTP - ok
15:22:32.0984 2800 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:22:33.0000 2800 HTTPFilter - ok
15:22:33.0000 2800 i2omgmt - ok
15:22:33.0000 2800 i2omp - ok
15:22:33.0031 2800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:22:33.0031 2800 i8042prt - ok
15:22:33.0484 2800 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:22:33.0593 2800 ialm - ok
15:22:33.0750 2800 iastor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\Drivers\iaStor.sys
15:22:33.0750 2800 iastor - ok
15:22:33.0765 2800 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:22:33.0765 2800 IBMPMDRV - ok
15:22:33.0781 2800 IBMPMSVC (ec25c26c4733ca16adbbbec53b991976) C:\WINDOWS\system32\ibmpmsvc.exe
15:22:33.0781 2800 IBMPMSVC - ok
15:22:33.0890 2800 IDriveE Service (8a0df65ef0e3067b2cab0f05e1e3fb8a) C:\Program Files\IDrive\IDriveE Service.exe
15:22:33.0890 2800 IDriveE Service - ok
15:22:33.0906 2800 IDriveWebM (50ceb425c7d468b5c234049c21dbbccf) C:\Program Files\IDrive\IDriveWebM.exe
15:22:33.0906 2800 IDriveWebM - ok
15:22:34.0062 2800 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:22:34.0078 2800 idsvc - ok
15:22:34.0109 2800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:22:34.0109 2800 Imapi - ok
15:22:34.0156 2800 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:22:34.0187 2800 ImapiService - ok
15:22:34.0187 2800 ini910u - ok
15:22:34.0187 2800 IntelIde - ok
15:22:34.0218 2800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:22:34.0218 2800 intelppm - ok
15:22:34.0234 2800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:22:34.0234 2800 Ip6Fw - ok
15:22:34.0265 2800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:22:34.0265 2800 IpFilterDriver - ok
15:22:34.0265 2800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:22:34.0265 2800 IpInIp - ok
15:22:34.0296 2800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:22:34.0312 2800 IpNat - ok
15:22:34.0406 2800 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
15:22:34.0437 2800 iPod Service - ok
15:22:34.0453 2800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:22:34.0453 2800 IPSec - ok
15:22:34.0468 2800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:22:34.0468 2800 IRENUM - ok
15:22:34.0500 2800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:22:34.0500 2800 isapnp - ok
15:22:34.0562 2800 JavaQuickStarterService (77ac10db097dfd0cd3071465b644d0ab) C:\Program Files\Java\jre6\bin\jqs.exe
15:22:34.0562 2800 JavaQuickStarterService - ok
15:22:34.0593 2800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:22:34.0593 2800 Kbdclass - ok
15:22:34.0640 2800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:22:34.0640 2800 kbdhid - ok
15:22:34.0687 2800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:22:34.0687 2800 kmixer - ok
15:22:34.0718 2800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:22:34.0718 2800 KSecDD - ok
15:22:34.0750 2800 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:22:34.0765 2800 lanmanserver - ok
15:22:34.0796 2800 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:22:34.0812 2800 lanmanworkstation - ok
15:22:34.0828 2800 lbrtfdc - ok
15:22:34.0890 2800 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:22:34.0890 2800 LENOVO.MICMUTE - ok
15:22:34.0906 2800 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:22:34.0906 2800 LHidFilt - ok
15:22:34.0953 2800 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:22:34.0968 2800 LmHosts - ok
15:22:34.0968 2800 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:22:34.0968 2800 LMouFilt - ok
15:22:35.0031 2800 LMS (6a38bf67bba38e8087f2a0f05fab6de7) C:\Program Files\Intel\AMT\LMS.exe
15:22:35.0031 2800 LMS - ok
15:22:35.0031 2800 MBAMSwissArmy - ok
15:22:35.0078 2800 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:22:35.0078 2800 mdmxsdk - ok
15:22:35.0093 2800 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:22:35.0093 2800 Messenger - ok
15:22:35.0171 2800 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:22:35.0171 2800 Microsoft Office Groove Audit Service - ok
15:22:35.0218 2800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:22:35.0218 2800 mnmdd - ok
15:22:35.0250 2800 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:22:35.0250 2800 mnmsrvc - ok
15:22:35.0265 2800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:22:35.0265 2800 Modem - ok
15:22:35.0281 2800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:22:35.0281 2800 Mouclass - ok
15:22:35.0312 2800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:22:35.0312 2800 mouhid - ok
15:22:35.0328 2800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:22:35.0328 2800 MountMgr - ok
15:22:35.0328 2800 mraid35x - ok
15:22:35.0343 2800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:22:35.0343 2800 MRxDAV - ok
15:22:35.0421 2800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:22:35.0421 2800 MRxSmb - ok
15:22:35.0453 2800 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:22:35.0453 2800 MSDTC - ok
15:22:35.0468 2800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:22:35.0468 2800 Msfs - ok
15:22:35.0468 2800 MSIServer - ok
15:22:35.0484 2800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:22:35.0484 2800 MSKSSRV - ok
15:22:35.0500 2800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:22:35.0500 2800 MSPCLOCK - ok
15:22:35.0515 2800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:22:35.0515 2800 MSPQM - ok
15:22:35.0515 2800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:22:35.0515 2800 mssmbios - ok
15:22:35.0546 2800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:22:35.0546 2800 MSTEE - ok
15:22:35.0562 2800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:22:35.0562 2800 Mup - ok
15:22:35.0593 2800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:22:35.0609 2800 NABTSFEC - ok
15:22:35.0656 2800 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:22:35.0671 2800 napagent - ok
15:22:35.0687 2800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:22:35.0703 2800 NDIS - ok
15:22:35.0718 2800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:22:35.0718 2800 NdisIP - ok
15:22:35.0765 2800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:22:35.0765 2800 NdisTapi - ok
15:22:35.0765 2800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:22:35.0781 2800 Ndisuio - ok
15:22:35.0796 2800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:22:35.0796 2800 NdisWan - ok
15:22:35.0796 2800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:22:35.0812 2800 NDProxy - ok
15:22:35.0828 2800 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
15:22:35.0843 2800 Net Driver HPZ12 - ok
15:22:35.0875 2800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:22:35.0890 2800 NetBIOS - ok
15:22:35.0921 2800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:22:35.0937 2800 NetBT - ok
15:22:35.0984 2800 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:22:36.0000 2800 NetDDE - ok
15:22:36.0015 2800 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:22:36.0015 2800 NetDDEdsdm - ok
15:22:36.0015 2800 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:22:36.0015 2800 Netlogon - ok
15:22:36.0078 2800 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:22:36.0093 2800 Netman - ok
15:22:36.0312 2800 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:36.0328 2800 NetTcpPortSharing - ok
15:22:37.0781 2800 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
15:22:37.0953 2800 NETw5x32 - ok
15:22:38.0140 2800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:22:38.0140 2800 NIC1394 - ok
15:22:38.0203 2800 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:22:38.0218 2800 Nla - ok
15:22:38.0234 2800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:22:38.0234 2800 Npfs - ok
15:22:38.0265 2800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:22:38.0296 2800 Ntfs - ok
15:22:38.0328 2800 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:22:38.0328 2800 NtLmSsp - ok
15:22:38.0390 2800 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:22:38.0437 2800 NtmsSvc - ok
15:22:38.0468 2800 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:22:38.0468 2800 NuidFltr - ok
15:22:38.0484 2800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:22:38.0484 2800 Null - ok
15:22:38.0515 2800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:22:38.0515 2800 NwlnkFlt - ok
15:22:38.0531 2800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:22:38.0531 2800 NwlnkFwd - ok
15:22:38.0703 2800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:22:38.0718 2800 odserv - ok
15:22:38.0765 2800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:22:38.0765 2800 ohci1394 - ok
15:22:38.0796 2800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:38.0796 2800 ose - ok
15:22:38.0828 2800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:22:38.0828 2800 Parport - ok
15:22:38.0828 2800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:22:38.0828 2800 PartMgr - ok
15:22:38.0859 2800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:22:38.0875 2800 ParVdm - ok
15:22:38.0890 2800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:22:38.0890 2800 PCI - ok
15:22:38.0890 2800 PCIDump - ok
15:22:38.0921 2800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:22:38.0921 2800 PCIIde - ok
15:22:38.0937 2800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:22:38.0937 2800 Pcmcia - ok
15:22:38.0937 2800 PDCOMP - ok
15:22:38.0953 2800 PDFRAME - ok
15:22:38.0953 2800 PDRELI - ok
15:22:38.0953 2800 PDRFRAME - ok
15:22:38.0953 2800 perc2 - ok
15:22:38.0968 2800 perc2hib - ok
15:22:39.0250 2800 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
15:22:39.0265 2800 PEVSystemStart - ok
15:22:39.0296 2800 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
15:22:39.0296 2800 PlugPlay - ok
15:22:39.0390 2800 PMBDeviceInfoProvider (3072137896bfccf4b190d248f583b48e) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
15:22:39.0421 2800 PMBDeviceInfoProvider - ok
15:22:39.0453 2800 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
15:22:39.0453 2800 Pml Driver HPZ12 - ok
15:22:39.0484 2800 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:22:39.0484 2800 PolicyAgent - ok
15:22:39.0531 2800 Power Manager DBC Service (f69196d9b14e5e867380ad297bd2145a) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
15:22:39.0531 2800 Power Manager DBC Service - ok
15:22:39.0562 2800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:22:39.0562 2800 PptpMiniport - ok
15:22:39.0562 2800 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:22:39.0578 2800 ProtectedStorage - ok
15:22:39.0593 2800 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
15:22:39.0593 2800 psadd - ok
15:22:39.0593 2800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:22:39.0609 2800 PSched - ok
15:22:39.0625 2800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:22:39.0625 2800 Ptilink - ok
15:22:39.0625 2800 ql1080 - ok
15:22:39.0625 2800 Ql10wnt - ok
15:22:39.0625 2800 ql12160 - ok
15:22:39.0640 2800 ql1240 - ok
15:22:39.0640 2800 ql1280 - ok
15:22:39.0656 2800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:22:39.0656 2800 RasAcd - ok
15:22:39.0671 2800 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:22:39.0687 2800 RasAuto - ok
15:22:39.0703 2800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:22:39.0703 2800 Rasl2tp - ok
15:22:39.0734 2800 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:22:39.0765 2800 RasMan - ok
15:22:39.0781 2800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:22:39.0781 2800 RasPppoe - ok
15:22:39.0781 2800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:22:39.0781 2800 Raspti - ok
15:22:39.0796 2800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:22:39.0812 2800 Rdbss - ok
15:22:39.0812 2800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:22:39.0812 2800 RDPCDD - ok
15:22:39.0828 2800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:22:39.0843 2800 rdpdr - ok
15:22:39.0890 2800 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:22:39.0890 2800 RDPWD - ok
15:22:39.0921 2800 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:22:39.0937 2800 RDSessMgr - ok
15:22:39.0968 2800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:22:39.0984 2800 redbook - ok
15:22:40.0062 2800 RegSrvc (a171029d6b6c2d93c22861a347f43c2a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:22:40.0078 2800 RegSrvc - ok
15:22:40.0109 2800 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:22:40.0125 2800 RemoteAccess - ok
15:22:40.0140 2800 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:22:40.0156 2800 RemoteRegistry - ok
15:22:40.0187 2800 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:22:40.0187 2800 rimmptsk - ok
15:22:40.0203 2800 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:22:40.0203 2800 rimsptsk - ok
15:22:40.0203 2800 RimUsb - ok
15:22:40.0203 2800 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:22:40.0203 2800 rismxdp - ok
15:22:40.0250 2800 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:22:40.0265 2800 RpcLocator - ok
15:22:40.0328 2800 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:22:40.0328 2800 RpcSs - ok
15:22:40.0375 2800 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:22:40.0390 2800 RSVP - ok
15:22:40.0484 2800 S24EventMonitor (87955061fd3789ca7a5c4c72a05a1a9f) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
15:22:40.0500 2800 S24EventMonitor - ok
15:22:40.0546 2800 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:22:40.0546 2800 s24trans - ok
15:22:40.0562 2800 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:22:40.0562 2800 SamSs - ok
15:22:40.0593 2800 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:22:40.0609 2800 SCardSvr - ok
15:22:40.0656 2800 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:22:40.0671 2800 Schedule - ok
15:22:40.0718 2800 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:22:40.0718 2800 sdbus - ok
15:22:40.0750 2800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:22:40.0750 2800 Secdrv - ok
15:22:40.0765 2800 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:22:40.0781 2800 seclogon - ok
15:22:40.0796 2800 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:22:40.0812 2800 SENS - ok
15:22:40.0812 2800 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:22:40.0812 2800 Serenum - ok
15:22:40.0828 2800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:22:40.0828 2800 Serial - ok
15:22:40.0859 2800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:22:40.0859 2800 sffdisk - ok
15:22:40.0859 2800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:22:40.0859 2800 sffp_sd - ok
15:22:40.0875 2800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:22:40.0875 2800 Sfloppy - ok
15:22:40.0921 2800 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:22:40.0937 2800 SharedAccess - ok
15:22:40.0984 2800 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:22:40.0984 2800 ShellHWDetection - ok
15:22:41.0031 2800 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
15:22:41.0031 2800 Shockprf - ok
15:22:41.0031 2800 Simbad - ok
15:22:41.0109 2800 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
15:22:41.0109 2800 SkypeUpdate - ok
15:22:41.0156 2800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:22:41.0156 2800 SLIP - ok
15:22:41.0171 2800 Sparrow - ok
15:22:41.0187 2800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:22:41.0203 2800 splitter - ok
15:22:41.0234 2800 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:22:41.0250 2800 Spooler - ok
15:22:41.0265 2800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:22:41.0265 2800 sr - ok
15:22:41.0296 2800 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:22:41.0312 2800 srservice - ok
15:22:41.0375 2800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:22:41.0375 2800 Srv - ok
15:22:41.0406 2800 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:22:41.0421 2800 SSDPSRV - ok
15:22:41.0468 2800 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:22:41.0515 2800 stisvc - ok
15:22:41.0546 2800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:22:41.0546 2800 streamip - ok
15:22:41.0609 2800 SUService (f1262146970c5b73159e3727acde8278) C:\Program Files\Lenovo\System Update\SUService.exe
15:22:41.0609 2800 SUService - ok
15:22:41.0609 2800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:22:41.0609 2800 swenum - ok
15:22:41.0656 2800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:22:41.0656 2800 swmidi - ok
15:22:41.0656 2800 SwPrv - ok
15:22:41.0656 2800 symc810 - ok
15:22:41.0671 2800 symc8xx - ok
15:22:41.0671 2800 sym_hi - ok
15:22:41.0671 2800 sym_u3 - ok
15:22:41.0718 2800 SynTP (31801b16a0da62afa55e49f1e4c16045) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:22:41.0734 2800 SynTP - ok
15:22:41.0750 2800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:22:41.0750 2800 sysaudio - ok
15:22:41.0796 2800 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:22:41.0812 2800 SysmonLog - ok
15:22:41.0843 2800 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:22:41.0859 2800 TapiSrv - ok
15:22:41.0906 2800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:22:41.0906 2800 Tcpip - ok
15:22:41.0937 2800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:22:41.0937 2800 TDPIPE - ok
15:22:41.0953 2800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:22:41.0953 2800 TDTCP - ok
15:22:41.0984 2800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:22:41.0984 2800 TermDD - ok
15:22:42.0015 2800 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:22:42.0031 2800 TermService - ok
15:22:42.0078 2800 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:22:42.0093 2800 Themes - ok
15:22:42.0203 2800 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:22:42.0203 2800 ThinkVantage Registry Monitor Service - ok
15:22:42.0250 2800 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:22:42.0250 2800 TlntSvr - ok
15:22:42.0265 2800 TosIde - ok
15:22:42.0296 2800 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
15:22:42.0296 2800 TPDIGIMN - ok
15:22:42.0312 2800 TPHDEXLGSVC (199d786169749b1a5473b7799c1e6a89) C:\WINDOWS\system32\TPHDEXLG.exe
15:22:42.0328 2800 TPHDEXLGSVC - ok
15:22:42.0343 2800 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
15:22:42.0343 2800 TPHKDRV - ok
15:22:42.0390 2800 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:22:42.0390 2800 TPHKSVC - ok
15:22:42.0421 2800 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
15:22:42.0421 2800 tpm - ok
15:22:42.0453 2800 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
15:22:42.0453 2800 TPPWRIF - ok
15:22:42.0484 2800 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:22:42.0500 2800 TrkWks - ok
15:22:42.0593 2800 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
15:22:42.0609 2800 TVT Scheduler - ok
15:22:42.0640 2800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:22:42.0640 2800 Udfs - ok
15:22:42.0640 2800 ultra - ok
15:22:42.0843 2800 UNS (69975db5aff9918a4138f3781e9ca009) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
15:22:42.0859 2800 UNS - ok
15:22:42.0953 2800 unswj - ok
15:22:43.0015 2800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:22:43.0031 2800 Update - ok
15:22:43.0156 2800 Updater Service for AMZN (b19880d991ab53278da091b4b974b780) C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
15:22:43.0156 2800 Updater Service for AMZN - ok
15:22:43.0218 2800 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:22:43.0234 2800 upnphost - ok
15:22:43.0234 2800 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:22:43.0250 2800 UPS - ok
15:22:43.0296 2800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:22:43.0296 2800 USBAAPL - ok
15:22:43.0328 2800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:22:43.0328 2800 usbccgp - ok
15:22:43.0375 2800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:22:43.0375 2800 usbehci - ok
15:22:43.0375 2800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:22:43.0390 2800 usbhub - ok
15:22:43.0406 2800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:22:43.0406 2800 usbprint - ok
15:22:43.0406 2800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:22:43.0406 2800 usbscan - ok
15:22:43.0421 2800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:22:43.0421 2800 USBSTOR - ok
15:22:43.0437 2800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:22:43.0437 2800 usbuhci - ok
15:22:43.0484 2800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:22:43.0484 2800 VgaSave - ok
15:22:43.0484 2800 ViaIde - ok
15:22:43.0500 2800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:22:43.0500 2800 VolSnap - ok
15:22:43.0531 2800 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:22:43.0546 2800 VSS - ok
15:22:43.0578 2800 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:22:43.0593 2800 W32Time - ok
15:22:43.0593 2800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:22:43.0609 2800 Wanarp - ok
15:22:43.0640 2800 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:22:43.0640 2800 WDC_SAM - ok
15:22:43.0687 2800 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:22:43.0687 2800 WDDMService - ok
15:22:43.0750 2800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:22:43.0765 2800 Wdf01000 - ok
15:22:43.0765 2800 WDICA - ok
15:22:43.0796 2800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:22:43.0796 2800 wdmaud - ok
15:22:43.0828 2800 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
15:22:43.0828 2800 WDSmartWareBackgroundService - ok
15:22:43.0875 2800 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:22:43.0890 2800 WebClient - ok
15:22:43.0968 2800 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:22:43.0984 2800 winachsf - ok
15:22:44.0046 2800 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
15:22:44.0046 2800 WinDriver6 - ok
15:22:44.0125 2800 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:22:44.0125 2800 winmgmt - ok
15:22:44.0156 2800 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:22:44.0156 2800 WmdmPmSN - ok
15:22:44.0234 2800 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:22:44.0250 2800 Wmi - ok
15:22:44.0281 2800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:22:44.0281 2800 WmiAcpi - ok
15:22:44.0312 2800 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:22:44.0312 2800 WmiApSrv - ok
15:22:44.0453 2800 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:22:44.0500 2800 WMPNetworkSvc - ok
15:22:44.0515 2800 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:22:44.0515 2800 WpdUsb - ok
15:22:44.0703 2800 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:22:44.0734 2800 WPFFontCache_v0400 - ok
15:22:44.0765 2800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:22:44.0765 2800 WS2IFSL - ok
15:22:44.0796 2800 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:22:44.0812 2800 wscsvc - ok
15:22:44.0859 2800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:22:44.0859 2800 WSTCODEC - ok
15:22:44.0875 2800 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:22:44.0906 2800 wuauserv - ok
15:22:44.0953 2800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:22:44.0953 2800 WudfPf - ok
15:22:44.0984 2800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:22:44.0984 2800 WudfRd - ok
15:22:45.0000 2800 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:22:45.0015 2800 WudfSvc - ok
15:22:45.0078 2800 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:22:45.0093 2800 WZCSVC - ok
15:22:45.0125 2800 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:22:45.0140 2800 xmlprov - ok
15:22:45.0171 2800 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:22:45.0187 2800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:22:45.0187 2800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:22:45.0187 2800 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
15:22:45.0625 2800 \Device\Harddisk1\DR2 - ok
15:22:45.0625 2800 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
15:22:45.0640 2800 \Device\Harddisk2\DR4 - ok
15:22:45.0640 2800 Boot (0x1200) (20e19da74959c6f58f4cd7c5634d3f4f) \Device\Harddisk0\DR0\Partition0
15:22:45.0640 2800 \Device\Harddisk0\DR0\Partition0 - ok
15:22:45.0640 2800 Boot (0x1200) (5c6ae73ee8afb57108cc30a8966304d5) \Device\Harddisk1\DR2\Partition0
15:22:45.0640 2800 \Device\Harddisk1\DR2\Partition0 - ok
15:22:45.0640 2800 Boot (0x1200) (12465cb012d0ff36e8a8e89b655ef92a) \Device\Harddisk2\DR4\Partition0
15:22:45.0640 2800 \Device\Harddisk2\DR4\Partition0 - ok
15:22:45.0640 2800 ============================================================
15:22:45.0640 2800 Scan finished
15:22:45.0640 2800 ============================================================
15:22:45.0656 2768 Detected object count: 1
15:22:45.0656 2768 Actual detected object count: 1
15:22:51.0437 2768 \Device\Harddisk0\DR0\# - copied to quarantine
15:22:51.0437 2768 \Device\Harddisk0\DR0 - copied to quarantine
15:22:51.0500 2768 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:22:51.0515 2768 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:22:51.0531 2768 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:22:51.0531 2768 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:22:51.0546 2768 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:22:51.0562 2768 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:22:51.0578 2768 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:22:51.0578 2768 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:22:51.0578 2768 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:22:51.0578 2768 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:22:51.0593 2768 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:22:51.0593 2768 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:22:51.0593 2768 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:22:51.0609 2768 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:22:51.0625 2768 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:22:51.0625 2768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:22:51.0625 2768 \Device\Harddisk0\DR0 - ok
15:22:51.0625 2768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:22:55.0515 2928 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 30 July 2012 - 09:08 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 31 July 2012 - 06:27 AM

Thanks for your continued assistance.

I downloaded the new combofix from link 2. When I ran it it stated that there was a new version available and did I want to download it. Figuring that the link was already updated with the version you wanted run, I did not select to get the new version. This time through the program ran through stage 50, deleted files, and was able to successfully reboot the machine and create the log.

While running the computer through it's normal activities, browsing, email, etc, it does seem to be better. While in the past in IE there were times that I couldn't even get to www.google.com even though I could get to other sites (www.sun.com, etc), that isn't the case anymore. As well, when at google, instant search wasn't working, as well as all redirects were going through www.7search.com, now instant search is working and I'm not being redirected. I will continue to test out various pieces to see if other things fail/work.

The log from combofix is below



ComboFix 12-07-30.01 - admin 07/31/2012 7:07.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3016.2163 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
--------
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\samsrv.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
--------
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\samsrv.dll
.
--------
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-30 19:22 . 2012-07-30 19:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 02:42 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-22 02:42 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-22 02:42 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-22 02:42 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-22 02:42 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-22 02:42 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 02:42 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-22 02:42 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-22 02:41 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:41 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-22 02:41 . 2012-07-22 02:41 -------- d-----w- c:\program files\AVAST Software
2012-07-22 02:41 . 2012-07-22 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-17 12:01 . 2012-07-17 12:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 22:23 . 2009-12-24 03:27 98304 ----a-w- c:\windows\DUMP75cc.tmp
2012-07-27 12:49 . 2009-12-24 03:27 98304 ----a-w- c:\windows\DUMP6205.tmp
2012-07-03 17:46 . 2010-12-25 18:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-12-24 14:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-12-24 14:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-12-24 09:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-12-24 09:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-12-24 09:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-12-24 14:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-12-24 14:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2009-12-24 09:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-12-24 09:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-12-24 14:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-12-24 08:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-12-24 09:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-01-28 02:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-01-28 02:32 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-08-07 00:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-12-24 08:58 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-08 14:00 . 2012-02-10 23:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-11 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-23 421888]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\documents and settings\admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\admin\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 09:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\MiscNB\\Download\\Meebo\\meebo repeater.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 31952]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/29/2009 2:51 PM 20520]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/21/2012 10:42 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/21/2012 10:42 PM 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 301248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/21/2012 10:42 PM 21256]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 5:48 AM 1680632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 DeviceFinderService;DeviceFinderService;c:\program files\Sony\PlayMemories Home\dfs.exe [4/22/2012 10:07 AM 149048]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 5:53 AM 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 5:55 AM 118784]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [2/27/2010 1:46 AM 135168]
R2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [2/27/2010 1:46 AM 106496]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2/15/2012 8:11 PM 474168]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [12/24/2009 12:21 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [12/24/2009 12:20 PM 62320]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [12/24/2009 12:24 PM 2058776]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [1/27/2012 12:39 PM 203776]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 12:28 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/24/2009 12:48 PM 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/19/2008 5:29 PM 243856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/21/2010 6:46 AM 11520]
S0 unswj;unswj;c:\windows\system32\drivers\ugfko.sys --> c:\windows\system32\drivers\ugfko.sys [?]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [9/18/2010 11:26 AM 34792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:44 AM 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [12/24/2009 12:20 PM 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 5:52 AM 106496]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [6/25/2010 4:15 PM 95744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:44 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 16:21]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:44]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:44]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1229272821-839522115-1003Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:14]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1229272821-839522115-1003UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:14]
.
2012-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2009-12-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-24 06:04]
.
2012-07-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wer7ndt6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-15_5d765a4e1a5947879025b89ee1a3b409_15_15_20120316_US_ff_ab_&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-31 07:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
.
- - - - - - - > 'explorer.exe'(5900)
c:\windows\system32\WININET.dll
c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2012-07-31 07:21:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 11:21
.
Pre-Run: 67,794,579,456 bytes free
Post-Run: 67,988,086,784 bytes free
.
- - End Of File - - C3AAFC6F9E846297E23BFC3585AF07D5

#12 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 31 July 2012 - 06:48 AM

In doing some addintional poking around, instant search in goggle, while turned on, isn't working, where it has in the past. As well, when going to google news and selecting some articles, so on the Sacremento Bee website for example, all of a sudden IE will pop up the same article in 3 - 10 new tabs, as well as start up multiple new IE windows. By going into task manager and ending the task I can kill them, but a new one starts up, until I kill what must be the original spawning one, and then they all shut down.

I normally had AVG on the system, and had downloaded Avast as well earlier to try and remedy the situation. The running of either of those in the past was the key to blue screen's, however per previous instructions I haven't run either, so don't know what the result would be if they ran.

So, no redirects, at least directly, to 7search, but, unexpected results are still happening in the browser.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:13 AM

Posted 01 August 2012 - 06:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 01 August 2012 - 06:37 AM

Greetings.

The script ran to completion successfully, without needing to reboot the computer. In testing various app's, the computer is much better. We will use it for the day and see if those results continue.

The log from combofix is:

ComboFix 12-07-30.01 - admin 08/01/2012 7:21.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3016.2146 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-07-30 19:22 . 2012-07-30 19:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 02:42 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-22 02:42 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-22 02:42 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-22 02:42 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-22 02:42 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-22 02:42 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 02:42 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-22 02:42 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-22 02:41 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 02:41 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-22 02:41 . 2012-07-22 02:41 -------- d-----w- c:\program files\AVAST Software
2012-07-22 02:41 . 2012-07-22 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-17 12:01 . 2012-07-17 12:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 22:23 . 2009-12-24 03:27 98304 ----a-w- c:\windows\DUMP75cc.tmp
2012-07-27 12:49 . 2009-12-24 03:27 98304 ----a-w- c:\windows\DUMP6205.tmp
2012-07-03 17:46 . 2010-12-25 18:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-12-24 14:52 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2009-12-24 14:52 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2009-12-24 09:00 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2009-12-24 09:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-12-24 09:00 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-12-24 14:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-12-24 14:52 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2009-12-24 09:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-12-24 09:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-12-24 14:52 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2009-12-24 08:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2009-12-24 09:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-01-28 02:32 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-01-28 02:32 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-08-07 00:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-08 14:00 . 2012-02-10 23:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_11.16.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-31 11:31 . 2012-07-31 11:31 16384 c:\windows\temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-23 421888]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\documents and settings\admin\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\admin\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 09:55 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 21:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\MiscNB\\Download\\Meebo\\meebo repeater.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\admin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"24726:TCP"= 24726:TCP:FlipShareServer
"24727:TCP"= 24727:TCP:FlipShareServer
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 31952]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/29/2009 2:51 PM 20520]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/21/2012 10:42 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/21/2012 10:42 PM 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 301248]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/21/2012 10:42 PM 21256]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 5:48 AM 1680632]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 DeviceFinderService;DeviceFinderService;c:\program files\Sony\PlayMemories Home\dfs.exe [4/22/2012 10:07 AM 149048]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 5:53 AM 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 5:55 AM 118784]
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 2:22 PM 1085440]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [2/27/2010 1:46 AM 135168]
R2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [2/27/2010 1:46 AM 106496]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2/15/2012 8:11 PM 474168]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [12/24/2009 12:21 PM 53248]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [12/24/2009 12:20 PM 62320]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [12/24/2009 12:24 PM 2058776]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 12:28 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12/24/2009 12:48 PM 482176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [9/19/2008 5:29 PM 243856]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/21/2010 6:46 AM 11520]
S0 unswj;unswj;c:\windows\system32\drivers\ugfko.sys --> c:\windows\system32\drivers\ugfko.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S2 DVR2INS;ADS Instant DVD 2.0;c:\windows\system32\drivers\dvr2ins.sys [9/18/2010 11:26 AM 34792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:44 AM 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [12/24/2009 12:20 PM 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/31/2012 4:09 PM 158856]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [1/27/2012 12:39 PM 203776]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 5:52 AM 106496]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [6/25/2010 4:15 PM 95744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 1:44 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 16:21]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:44]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 05:44]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1229272821-839522115-1003Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:14]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1229272821-839522115-1003UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:14]
.
2012-07-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
2009-12-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-07-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-24 06:04]
.
2012-07-31 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wer7ndt6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-15_5d765a4e1a5947879025b89ee1a3b409_15_15_20120316_US_ff_ab_&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 07:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
.
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\documents and settings\admin\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-01 07:31:29
ComboFix-quarantined-files.txt 2012-08-01 11:31
ComboFix2.txt 2012-07-31 11:21
.
Pre-Run: 67,759,185,920 bytes free
Post-Run: 67,794,505,728 bytes free
.
- - End Of File - - A5D57E49611CC4A253863F501C2B368B

#15 quietkeyp

quietkeyp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 05 August 2012 - 10:16 PM

Hello there. I havent heard back on any additional steps that might be necessary.

I can say that most things seem to be working. I however have kept AVG and Avast from running, so not sure if they run if they would touch a file that might then cause the blue screen, so can't be sure that it's cleared up.

The only significant issue that is currently occurring is that the ability to click on links in emails (outlook express) has been removed. So now while an email might be recieved with a link, clicking on it just starts a blank IE window.

Otherwise I haven't had any additional re-occurences of the redirect, or the blue screen, at least under normal load.

Thanks for taking the time with this issue so far.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users