Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 kpmna

kpmna

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 August 2012 - 10:18 AM

Hello,

Google search results keep redirecting to random sites, also IE randomly opens with adverts. Below is the gmer log, although I don't think it completed the scan. Gmer did warn about root kit activity at the end of the scan.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-23 07:55:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS723216L9SA60 rev.FC2ZC50B
Running: gmer.exe; Driver: C:\DOCUME~1\MEENAN~1\LOCALS~1\Temp\kgrdqpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat EDF75D20
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1780] 0x02F80000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\AcctConfirmAction.class 29754 bytes
File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\acctConfirmsForm.class 0 bytes
File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\ConfirmAction.class 0 bytes
File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\ConfirmsForm.class 0 bytes
File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\DuplicateRequestAction.class 0 bytes
File C:\RECYCLER\S-1-5-21-4067690018-3825318633-2555967877-1005\Dc7\config\uii\applications\direct\arkansas\WEB-INF\classes\com\uii\web\confirm\DuplicateRequestForm.class 0 bytes

---- EOF - GMER 1.0.15 ----

DDS.log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Meena Nair at 8:00:11 on 2012-08-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.415 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - c:\program files\logia\esnipsdownloader\eSnipsBHO.dll
BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DLD.EXE]
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Nico Mak Computing] Rundll32.exe "c:\documents and settings\meena nair\local settings\application data\nico mak computing\jmquihup.dll",CPPDebug
uRun: [Google Update] "c:\documents and settings\meena nair\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StormCodec_Helper] "c:\program files\ringz studio\storm codec\StormSet.exe" /S /opti
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Apple Computer] rundll32.exe "c:\documents and settings\meena nair\local settings\application data\applicationhistory\apple computer\wqmln.dll",CreateInstance
StartupFolder: c:\docume~1\meenan~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\meenan~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://www.anandabazar.com/wfplayer/tdserver.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A83232F8-989E-477A-BAFD-8C7BC9B6B9DF} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\meena nair\application data\mozilla\firefox\profiles\40mhcsa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\logia\esnipsdownloader\ext\components\eSnipsXPCOM.dll
FF - plugin: c:\documents and settings\meena nair\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-25 256000]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\g data\totalcare\avktuner\avktunerservice.exe --> c:\program files\g data\totalcare\avktuner\AVKTunerService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-22 113120]
S3 Tomcat5;Apache Tomcat;c:\dev\tomcat 5.5\bin\tomcat5.exe [2010-3-29 61440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?]
.
=============== Created Last 30 ================
.
2012-08-23 00:26:49 54016 ----a-w- c:\windows\system32\drivers\bdataui.sys
2012-08-22 02:54:47 54016 ----a-w- c:\windows\system32\drivers\dkfu.sys
2012-08-22 01:09:22 711240 ----a-w- c:\windows\is-HGEEJ.exe
2012-08-22 01:01:40 883616 ----a-w- C:\FixExec.exe
2012-08-21 15:37:18 -------- d-----w- c:\documents and settings\all users\application data\036DFF59C4D20B0002C38BA77B07D287
2012-08-21 15:36:23 52736 ---ha-w- c:\windows\system32\eudctvol.dll
2012-08-21 15:36:05 151040 --sha-w- c:\documents and settings\meena nair\application data\upaubj.dll
2012-08-11 03:19:51 -------- d-sha-r- C:\cmdcons
2012-08-11 03:17:51 98816 ----a-w- c:\windows\sed.exe
2012-08-11 03:17:51 518144 ----a-w- c:\windows\SWREG.exe
2012-08-11 03:17:51 256000 ----a-w- c:\windows\PEV.exe
2012-08-11 03:17:51 208896 ----a-w- c:\windows\MBR.exe
2012-08-11 03:17:43 -------- d-s---w- C:\ComboFix
2012-07-24 16:33:26 -------- d-----w- c:\documents and settings\meena nair\local settings\application data\Nico Mak Computing
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 8:10:34.89 ===============

Appreciate your help. Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 24 August 2012 - 01:43 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 12:48 AM

Thank for the response.

Problem - Google search results redirect to random sites.

Combofix log -

ComboFix 12-08-25.01 - Meena Nair 08/24/2012 22:25:33.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.290 [GMT -7:00]
Running from: c:\documents and settings\Meena Nair\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-23 00:26 . 2012-08-23 00:26 54016 ----a-w- c:\windows\system32\drivers\bdataui.sys
2012-08-22 22:02 . 2012-08-22 22:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-08-22 02:54 . 2012-08-22 02:54 54016 ----a-w- c:\windows\system32\drivers\dkfu.sys
2012-08-22 01:09 . 2012-08-22 01:09 711240 ----a-w- c:\windows\is-HGEEJ.exe
2012-08-22 01:01 . 2012-08-22 01:00 883616 ----a-w- C:\FixExec.exe
2012-08-22 00:51 . 2012-08-22 00:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-21 15:37 . 2012-08-22 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF59C4D20B0002C38BA77B07D287
2012-08-21 15:36 . 2012-08-21 15:36 52736 ---ha-w- c:\windows\system32\eudctvol.dll
2012-07-29 05:09 . 2012-07-29 05:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Nico Mak Computing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2010-07-18 00:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2010-05-02 05:22 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-04-30 06:55 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-04-30 06:55 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-04-30 07:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-04-30 07:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2006-04-30 07:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-04-30 07:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-04-30 06:55 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-04-30 07:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-08-17 00:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-08-17 00:53 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-08-17 00:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 16:09 . 2012-05-22 13:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_05.09.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 05:20 . 2012-08-25 05:20 16384 c:\windows\temp\Perflib_Perfdata_dc4.dat
+ 2012-08-25 05:20 . 2012-08-25 05:20 16384 c:\windows\temp\Perflib_Perfdata_d38.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Meena Nair\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-31 24576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 5:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 8:00 PM 3456]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe --> c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 6:46 AM 113120]
S3 Tomcat5;Apache Tomcat;c:\dev\Tomcat 5.5\bin\tomcat5.exe [3/29/2010 6:48 AM 61440]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005Core.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005UA.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-31 16:13]
.
2012-08-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-24 22:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1332)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'lsass.exe'(1388)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2012-08-24 22:40:02
ComboFix-quarantined-files.txt 2012-08-25 05:39
.
Pre-Run: 14,444,322,816 bytes free
Post-Run: 14,432,677,888 bytes free
.
- - End Of File - - CDF67069B49B5388AEEBBC75BF51DFD9
----------------------------------------------------------------------------------------------

securitycheck log

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Java DB 10.5.3.0
Java™ 6 Update 18
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 19
Java™ SE Development Kit 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Thanks for your time.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 01:43 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 01:09 PM

Hello

Problem - Google search results redirect to random sites.

Tdsskiller didn't find any issues on scan, log below-

09:47:40.0250 4736 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:47:41.0078 4736 ============================================================
09:47:41.0078 4736 Current date / time: 2012/08/25 09:47:41.0078
09:47:41.0078 4736 SystemInfo:
09:47:41.0078 4736
09:47:41.0078 4736 OS Version: 5.1.2600 ServicePack: 3.0
09:47:41.0078 4736 Product type: Workstation
09:47:41.0078 4736 ComputerName: NIRVANA
09:47:41.0078 4736 UserName: Meena Nair
09:47:41.0078 4736 Windows directory: C:\WINDOWS
09:47:41.0078 4736 System windows directory: C:\WINDOWS
09:47:41.0078 4736 Processor architecture: Intel x86
09:47:41.0078 4736 Number of processors: 2
09:47:41.0078 4736 Page size: 0x1000
09:47:41.0078 4736 Boot type: Normal boot
09:47:41.0078 4736 ============================================================
09:47:46.0718 4736 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
09:47:46.0765 4736 ============================================================
09:47:46.0765 4736 \Device\Harddisk0\DR0:
09:47:47.0000 4736 MBR partitions:
09:47:47.0000 4736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x121154C1
09:47:47.0000 4736 ============================================================
09:47:47.0203 4736 C: <-> \Device\Harddisk0\DR0\Partition1
09:47:47.0203 4736 ============================================================
09:47:47.0203 4736 Initialize success
09:47:47.0203 4736 ============================================================
09:47:53.0265 0592 ============================================================
09:47:53.0265 0592 Scan started
09:47:53.0265 0592 Mode: Manual;
09:47:53.0265 0592 ============================================================
09:47:58.0968 0592 ================ Scan system memory ========================
09:47:58.0968 0592 System memory - ok
09:47:58.0968 0592 ================ Scan services =============================
09:48:03.0312 0592 Abiosdsk - ok
09:48:03.0375 0592 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:48:03.0406 0592 abp480n5 - ok
09:48:03.0500 0592 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
09:48:03.0531 0592 ac97intc - ok
09:48:03.0671 0592 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:48:03.0703 0592 ACPI - ok
09:48:03.0734 0592 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:48:03.0750 0592 ACPIEC - ok
09:48:04.0203 0592 [ F8C80392FE8E82A6F18A4D9AF8E57F88 ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
09:48:04.0234 0592 AcPrfMgrSvc - ok
09:48:04.0453 0592 [ 9ABA4BA2A83B9E6416F76C60CF636C96 ] ACS C:\WINDOWS\system32\acs.exe
09:48:04.0656 0592 ACS - ok
09:48:05.0140 0592 [ 0A5201CB7E5E65A340EE1348532AA454 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
09:48:05.0171 0592 AcSvc - ok
09:48:05.0296 0592 [ 66614B9FDC7E74AB736A84D89F7B06B6 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:48:05.0328 0592 ADIHdAudAddService - ok
09:48:05.0375 0592 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:48:05.0375 0592 adpu160m - ok
09:48:05.0437 0592 [ 03BE587E90C8B37C7FF1FE2E9C1D1C90 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys
09:48:05.0468 0592 AEAudioService - ok
09:48:05.0531 0592 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:48:05.0578 0592 aec - ok
09:48:05.0937 0592 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:48:06.0046 0592 AFD - ok
09:48:06.0218 0592 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:48:06.0250 0592 agp440 - ok
09:48:06.0343 0592 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:48:06.0375 0592 agpCPQ - ok
09:48:06.0515 0592 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:48:06.0578 0592 Aha154x - ok
09:48:06.0640 0592 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:48:06.0656 0592 aic78u2 - ok
09:48:06.0812 0592 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:48:06.0828 0592 aic78xx - ok
09:48:06.0890 0592 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:48:06.0937 0592 Alerter - ok
09:48:06.0984 0592 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:48:07.0000 0592 ALG - ok
09:48:07.0562 0592 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:48:07.0578 0592 AliIde - ok
09:48:08.0031 0592 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:48:08.0046 0592 alim1541 - ok
09:48:08.0187 0592 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:48:08.0218 0592 amdagp - ok
09:48:08.0328 0592 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:48:08.0359 0592 amsint - ok
09:48:08.0640 0592 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
09:48:08.0671 0592 ANC - ok
09:48:08.0828 0592 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:48:08.0890 0592 AppMgmt - ok
09:48:09.0187 0592 [ 317564A02DC28747BEA2E9043955DD6E ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
09:48:09.0234 0592 AR5211 - ok
09:48:09.0343 0592 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:48:09.0359 0592 asc - ok
09:48:09.0437 0592 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:48:09.0500 0592 asc3350p - ok
09:48:09.0578 0592 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:48:09.0687 0592 asc3550 - ok
09:48:13.0531 0592 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:48:13.0828 0592 aspnet_state - ok
09:48:13.0968 0592 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:48:13.0968 0592 AsyncMac - ok
09:48:14.0031 0592 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:48:14.0125 0592 atapi - ok
09:48:14.0140 0592 Atdisk - ok
09:48:14.0406 0592 [ EEDAC720AC52A12EDBE1D1F9933B59E7 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:48:14.0609 0592 Ati HotKey Poller - ok
09:48:19.0531 0592 [ E150424208C8A91DEED8C45019A6CDD2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:48:20.0921 0592 ati2mtag - ok
09:48:20.0968 0592 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:48:20.0968 0592 Atmarpc - ok
09:48:21.0296 0592 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
09:48:21.0312 0592 atmeltpm - ok
09:48:21.0781 0592 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:48:21.0843 0592 AudioSrv - ok
09:48:21.0968 0592 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:48:22.0031 0592 audstub - ok
09:48:22.0171 0592 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:48:27.0234 0592 Beep - ok
09:48:27.0328 0592 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:48:27.0453 0592 Browser - ok
09:48:29.0343 0592 [ DBD408226B00C20158864F30A5A84451 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:48:30.0468 0592 BTKRNL - ok
09:48:35.0078 0592 [ CB2A3BAE9AAD6B42F7B6473363BBC168 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
09:48:35.0328 0592 btwdins - ok
09:48:36.0812 0592 [ 7CD8E4303FDA5B11DA325340778D99D9 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
09:48:36.0906 0592 BTWUSB - ok
09:48:39.0500 0592 catchme - ok
09:48:39.0906 0592 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:48:39.0937 0592 cbidf - ok
09:48:39.0968 0592 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:48:39.0968 0592 cbidf2k - ok
09:48:40.0000 0592 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:48:40.0000 0592 cd20xrnt - ok
09:48:42.0218 0592 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:48:42.0312 0592 Cdaudio - ok
09:48:43.0078 0592 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:48:43.0109 0592 Cdfs - ok
09:48:43.0171 0592 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:48:43.0187 0592 Cdrom - ok
09:48:43.0187 0592 Changer - ok
09:48:43.0781 0592 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:48:43.0875 0592 CiSvc - ok
09:48:44.0140 0592 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:48:44.0171 0592 ClipSrv - ok
09:48:45.0343 0592 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:48:46.0531 0592 clr_optimization_v2.0.50727_32 - ok
09:49:00.0828 0592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:49:00.0906 0592 clr_optimization_v4.0.30319_32 - ok
09:49:01.0812 0592 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:49:01.0859 0592 CmBatt - ok
09:49:02.0187 0592 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:49:02.0218 0592 CmdIde - ok
09:49:02.0218 0592 COMSysApp - ok
09:49:02.0890 0592 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:49:02.0921 0592 Cpqarray - ok
09:49:03.0687 0592 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:49:03.0734 0592 CryptSvc - ok
09:49:04.0906 0592 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:49:05.0109 0592 dac2w2k - ok
09:49:05.0390 0592 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:49:05.0421 0592 dac960nt - ok
09:49:05.0968 0592 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:49:06.0765 0592 DcomLaunch - ok
09:49:07.0156 0592 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:49:07.0203 0592 Dhcp - ok
09:49:07.0250 0592 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:49:07.0281 0592 Disk - ok
09:49:08.0078 0592 [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
09:49:08.0250 0592 Diskeeper - ok
09:49:09.0171 0592 [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:49:09.0218 0592 DLABOIOM - ok
09:49:09.0421 0592 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:49:09.0468 0592 DLACDBHM - ok
09:49:09.0671 0592 [ 19E3DB16DE2BB3DB81B172A78D140B03 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
09:49:09.0687 0592 DLADResN - ok
09:49:09.0906 0592 [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:49:09.0953 0592 DLAIFS_M - ok
09:49:10.0031 0592 [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:49:10.0046 0592 DLAOPIOM - ok
09:49:10.0093 0592 [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:49:10.0125 0592 DLAPoolM - ok
09:49:10.0390 0592 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:49:10.0421 0592 DLARTL_N - ok
09:49:10.0546 0592 [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:49:10.0609 0592 DLAUDFAM - ok
09:49:10.0640 0592 [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:49:10.0718 0592 DLAUDF_M - ok
09:49:10.0718 0592 dmadmin - ok
09:49:11.0656 0592 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:49:11.0921 0592 dmboot - ok
09:49:11.0953 0592 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:49:12.0062 0592 dmio - ok
09:49:12.0296 0592 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:49:12.0343 0592 dmload - ok
09:49:12.0437 0592 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:49:12.0468 0592 dmserver - ok
09:49:12.0546 0592 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:49:12.0578 0592 DMusic - ok
09:49:13.0078 0592 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:49:13.0078 0592 Dnscache - ok
09:49:13.0578 0592 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:49:13.0750 0592 Dot3svc - ok
09:49:13.0843 0592 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:49:13.0906 0592 dpti2o - ok
09:49:14.0015 0592 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:49:14.0062 0592 drmkaud - ok
09:49:14.0140 0592 [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:49:14.0234 0592 DRVMCDB - ok
09:49:14.0531 0592 [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:49:14.0562 0592 DRVNDDM - ok
09:49:14.0953 0592 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:49:15.0015 0592 E100B - ok
09:49:15.0281 0592 [ 00560C3FEDF8958FCDC7C68B7906F66F ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:49:15.0359 0592 e1express - ok
09:49:15.0671 0592 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:49:15.0718 0592 EapHost - ok
09:49:15.0906 0592 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:49:15.0953 0592 ERSvc - ok
09:49:16.0609 0592 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:49:16.0640 0592 Eventlog - ok
09:49:16.0875 0592 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:49:16.0921 0592 EventSystem - ok
09:49:16.0968 0592 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:49:16.0984 0592 Fastfat - ok
09:49:17.0046 0592 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:49:17.0062 0592 FastUserSwitchingCompatibility - ok
09:49:17.0125 0592 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:49:17.0140 0592 Fdc - ok
09:49:17.0187 0592 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:49:17.0203 0592 Fips - ok
09:49:17.0234 0592 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:49:17.0234 0592 Flpydisk - ok
09:49:17.0312 0592 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:49:17.0328 0592 FltMgr - ok
09:49:17.0484 0592 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:49:17.0500 0592 FontCache3.0.0.0 - ok
09:49:17.0578 0592 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:49:17.0609 0592 Fs_Rec - ok
09:49:17.0625 0592 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:49:17.0625 0592 Ftdisk - ok
09:49:17.0703 0592 G Data Tuner Service - ok
09:49:17.0750 0592 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
09:49:17.0781 0592 GearAspiWDM - ok
09:49:17.0812 0592 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:49:17.0812 0592 Gpc - ok
09:49:17.0843 0592 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:49:17.0859 0592 HDAudBus - ok
09:49:18.0000 0592 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:49:18.0000 0592 helpsvc - ok
09:49:18.0078 0592 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:49:18.0093 0592 HidServ - ok
09:49:18.0156 0592 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:49:18.0171 0592 HidUsb - ok
09:49:18.0250 0592 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:49:18.0265 0592 hkmsvc - ok
09:49:18.0359 0592 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:49:18.0390 0592 hpn - ok
09:49:18.0640 0592 [ B1FC0B027DF4374F9E5B796CFDF797B3 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
09:49:18.0765 0592 HSF_DPV - ok
09:49:18.0812 0592 [ 3AF45F5B4157C88FFAE24D89BA408302 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
09:49:18.0828 0592 HSXHWAZL - ok
09:49:18.0968 0592 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:49:18.0968 0592 HTTP - ok
09:49:19.0046 0592 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:49:19.0062 0592 HTTPFilter - ok
09:49:19.0125 0592 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:49:19.0125 0592 i2omgmt - ok
09:49:19.0187 0592 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:49:19.0218 0592 i2omp - ok
09:49:19.0265 0592 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:49:19.0265 0592 i8042prt - ok
09:49:19.0515 0592 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:49:19.0593 0592 iaStor - ok
09:49:19.0640 0592 [ 067A88764593B1F46A6CFB00C69C11EB ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
09:49:19.0687 0592 IBMPMDRV - ok
09:49:19.0750 0592 [ 21ABD7E16659602723F984F512C65E02 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
09:49:19.0796 0592 IBMPMSVC - ok
09:49:19.0875 0592 [ BFC9F3ADAAD74E13F9CE16C8BD336F95 ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
09:49:19.0890 0592 IBMTPCHK - ok
09:49:20.0109 0592 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:49:20.0156 0592 IDriverT - ok
09:49:20.0421 0592 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:49:20.0515 0592 idsvc - ok
09:49:20.0546 0592 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:49:20.0546 0592 Imapi - ok
09:49:20.0625 0592 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:49:20.0640 0592 ImapiService - ok
09:49:20.0687 0592 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:49:20.0687 0592 ini910u - ok
09:49:20.0718 0592 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:49:20.0718 0592 IntelIde - ok
09:49:20.0781 0592 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:49:20.0812 0592 intelppm - ok
09:49:21.0046 0592 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:49:21.0062 0592 IntuitUpdateService - ok
09:49:21.0218 0592 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:49:21.0218 0592 IntuitUpdateServiceV4 - ok
09:49:21.0250 0592 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:49:21.0281 0592 Ip6Fw - ok
09:49:21.0359 0592 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:49:21.0375 0592 IpFilterDriver - ok
09:49:21.0406 0592 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:49:21.0421 0592 IpInIp - ok
09:49:21.0500 0592 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:49:21.0531 0592 IpNat - ok
09:49:21.0578 0592 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:49:21.0593 0592 IPSec - ok
09:49:21.0656 0592 [ 4D1D3B3644737746FB98C4D272FB4A86 ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
09:49:21.0671 0592 IPSSVC - ok
09:49:21.0703 0592 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
09:49:21.0734 0592 irda - ok
09:49:21.0781 0592 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:49:21.0781 0592 IRENUM - ok
09:49:21.0859 0592 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
09:49:21.0875 0592 Irmon - ok
09:49:21.0921 0592 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:49:21.0921 0592 isapnp - ok
09:49:21.0968 0592 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
09:49:22.0000 0592 Iviaspi - ok
09:49:22.0203 0592 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:49:22.0203 0592 JavaQuickStarterService - ok
09:49:22.0250 0592 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:49:22.0265 0592 Kbdclass - ok
09:49:22.0296 0592 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:49:22.0296 0592 kbdhid - ok
09:49:22.0375 0592 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:49:22.0375 0592 kmixer - ok
09:49:22.0421 0592 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:49:22.0453 0592 KSecDD - ok
09:49:22.0515 0592 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:49:22.0531 0592 lanmanserver - ok
09:49:22.0578 0592 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:49:22.0625 0592 lanmanworkstation - ok
09:49:22.0640 0592 lbrtfdc - ok
09:49:22.0703 0592 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:49:22.0703 0592 LmHosts - ok
09:49:22.0703 0592 MBAMSwissArmy - ok
09:49:22.0734 0592 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:49:22.0734 0592 mdmxsdk - ok
09:49:22.0796 0592 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:49:22.0843 0592 Messenger - ok
09:49:22.0906 0592 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:49:22.0937 0592 mnmdd - ok
09:49:22.0984 0592 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:49:22.0984 0592 mnmsrvc - ok
09:49:23.0031 0592 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:49:23.0062 0592 Modem - ok
09:49:23.0093 0592 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:49:23.0109 0592 Mouclass - ok
09:49:23.0156 0592 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:49:23.0156 0592 mouhid - ok
09:49:23.0203 0592 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:49:23.0218 0592 MountMgr - ok
09:49:23.0328 0592 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:49:23.0359 0592 MozillaMaintenance - ok
09:49:23.0453 0592 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:49:23.0500 0592 mraid35x - ok
09:49:23.0578 0592 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:49:23.0609 0592 MRxDAV - ok
09:49:23.0687 0592 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:49:23.0718 0592 MRxSmb - ok
09:49:23.0765 0592 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:49:23.0796 0592 MSDTC - ok
09:49:23.0828 0592 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:49:23.0875 0592 Msfs - ok
09:49:23.0875 0592 MSIServer - ok
09:49:23.0921 0592 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:49:23.0921 0592 MSKSSRV - ok
09:49:23.0968 0592 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:49:24.0000 0592 MSPCLOCK - ok
09:49:24.0062 0592 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:49:24.0093 0592 MSPQM - ok
09:49:24.0296 0592 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:49:24.0312 0592 mssmbios - ok
09:49:24.0640 0592 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:49:24.0687 0592 Mup - ok
09:49:25.0125 0592 MySQL - ok
09:49:25.0500 0592 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:49:25.0531 0592 napagent - ok
09:49:25.0593 0592 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:49:25.0609 0592 NDIS - ok
09:49:25.0656 0592 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:49:25.0656 0592 NdisTapi - ok
09:49:25.0734 0592 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:49:25.0734 0592 Ndisuio - ok
09:49:25.0765 0592 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:49:25.0796 0592 NdisWan - ok
09:49:25.0859 0592 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:49:25.0875 0592 NDProxy - ok
09:49:25.0906 0592 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:49:25.0937 0592 NetBIOS - ok
09:49:25.0984 0592 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:49:26.0015 0592 NetBT - ok
09:49:26.0046 0592 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:49:26.0078 0592 NetDDE - ok
09:49:26.0093 0592 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:49:26.0093 0592 NetDDEdsdm - ok
09:49:26.0140 0592 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:49:26.0140 0592 Netlogon - ok
09:49:26.0203 0592 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:49:26.0218 0592 Netman - ok
09:49:26.0281 0592 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:49:26.0312 0592 NetTcpPortSharing - ok
09:49:26.0343 0592 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:49:26.0375 0592 Nla - ok
09:49:26.0406 0592 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:49:26.0421 0592 Npfs - ok
09:49:26.0484 0592 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
09:49:26.0500 0592 NSCIRDA - ok
09:49:26.0656 0592 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:49:26.0703 0592 Ntfs - ok
09:49:26.0750 0592 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:49:26.0750 0592 NtLmSsp - ok
09:49:26.0843 0592 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:49:26.0875 0592 NtmsSvc - ok
09:49:26.0953 0592 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:49:26.0984 0592 Null - ok
09:49:27.0421 0592 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:49:27.0578 0592 nv - ok
09:49:27.0625 0592 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:49:27.0625 0592 NwlnkFlt - ok
09:49:27.0656 0592 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:49:27.0703 0592 NwlnkFwd - ok
09:49:27.0921 0592 OracleJobSchedulerXE - ok
09:49:27.0921 0592 OracleMTSRecoveryService - ok
09:49:27.0937 0592 OracleServiceXE - ok
09:49:27.0937 0592 OracleXEClrAgent - ok
09:49:28.0046 0592 [ 8AF936CE45788974EFFF7D0F19143583 ] OracleXETNSListener C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
09:49:28.0203 0592 OracleXETNSListener - ok
09:49:28.0281 0592 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:28.0296 0592 ose - ok
09:49:28.0390 0592 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:49:28.0421 0592 Parport - ok
09:49:28.0453 0592 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:49:28.0468 0592 PartMgr - ok
09:49:28.0531 0592 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:49:28.0531 0592 ParVdm - ok
09:49:28.0578 0592 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:49:28.0625 0592 PCI - ok
09:49:28.0625 0592 PCIDump - ok
09:49:28.0656 0592 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:49:28.0671 0592 PCIIde - ok
09:49:28.0703 0592 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:49:28.0734 0592 Pcmcia - ok
09:49:28.0734 0592 PDCOMP - ok
09:49:28.0734 0592 PDFRAME - ok
09:49:28.0750 0592 PDRELI - ok
09:49:28.0750 0592 PDRFRAME - ok
09:49:28.0781 0592 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:49:28.0796 0592 perc2 - ok
09:49:28.0812 0592 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:49:28.0828 0592 perc2hib - ok
09:49:28.0859 0592 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:49:28.0875 0592 PlugPlay - ok
09:49:28.0984 0592 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
09:49:29.0000 0592 pmem - ok
09:49:29.0031 0592 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:49:29.0031 0592 PolicyAgent - ok
09:49:29.0093 0592 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:49:29.0109 0592 PptpMiniport - ok
09:49:29.0343 0592 [ EBE579425CCB8377BFC7C0B50C05EB56 ] PrivateDisk C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
09:49:29.0359 0592 PrivateDisk - ok
09:49:29.0390 0592 [ 6F9E6E874FD74EE6DD0BBECDE9D3F795 ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
09:49:29.0406 0592 PROCDD - ok
09:49:29.0437 0592 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:49:29.0453 0592 Processor - ok
09:49:29.0468 0592 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:49:29.0468 0592 ProtectedStorage - ok
09:49:29.0531 0592 [ FB4C54F3A168B178DABF15EEBAED8276 ] psadd C:\WINDOWS\system32\Drivers\psadd.sys
09:49:29.0546 0592 psadd - ok
09:49:29.0609 0592 [ A39E2901C4A75781D1BE845BD47D1131 ] PsaSrv C:\WINDOWS\system32\PsaSrv.exe
09:49:29.0671 0592 PsaSrv - ok
09:49:29.0703 0592 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:49:29.0734 0592 PSched - ok
09:49:29.0812 0592 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:49:29.0812 0592 Ptilink - ok
09:49:29.0875 0592 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:49:29.0906 0592 PxHelp20 - ok
09:49:29.0921 0592 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:49:29.0921 0592 ql1080 - ok
09:49:29.0953 0592 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:49:29.0968 0592 Ql10wnt - ok
09:49:29.0984 0592 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:49:30.0000 0592 ql12160 - ok
09:49:30.0000 0592 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:49:30.0015 0592 ql1240 - ok
09:49:30.0031 0592 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:49:30.0062 0592 ql1280 - ok
09:49:30.0093 0592 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:49:30.0125 0592 RasAcd - ok
09:49:30.0234 0592 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:49:30.0250 0592 RasAuto - ok
09:49:30.0296 0592 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
09:49:30.0312 0592 Rasirda - ok
09:49:30.0343 0592 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:49:30.0359 0592 Rasl2tp - ok
09:49:30.0453 0592 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:49:30.0500 0592 RasMan - ok
09:49:30.0531 0592 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:49:30.0546 0592 RasPppoe - ok
09:49:30.0703 0592 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:49:30.0718 0592 Raspti - ok
09:49:30.0796 0592 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:49:30.0796 0592 Rdbss - ok
09:49:30.0828 0592 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:49:30.0859 0592 RDPCDD - ok
09:49:30.0953 0592 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:49:30.0968 0592 rdpdr - ok
09:49:31.0062 0592 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:49:31.0078 0592 RDPWD - ok
09:49:31.0156 0592 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:49:31.0171 0592 RDSessMgr - ok
09:49:31.0203 0592 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:49:31.0218 0592 redbook - ok
09:49:31.0281 0592 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:49:31.0296 0592 RemoteAccess - ok
09:49:31.0343 0592 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:49:31.0359 0592 RemoteRegistry - ok
09:49:31.0390 0592 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:49:31.0421 0592 RpcLocator - ok
09:49:31.0546 0592 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:49:31.0562 0592 RpcSs - ok
09:49:31.0609 0592 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:49:31.0625 0592 RSVP - ok
09:49:31.0671 0592 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:49:31.0671 0592 SamSs - ok
09:49:31.0843 0592 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:49:31.0875 0592 SASDIFSV - ok
09:49:31.0906 0592 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:49:31.0921 0592 SASKUTIL - ok
09:49:31.0953 0592 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:49:31.0984 0592 SCardSvr - ok
09:49:32.0062 0592 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:49:32.0078 0592 Schedule - ok
09:49:32.0156 0592 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:49:32.0171 0592 Secdrv - ok
09:49:32.0203 0592 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:49:32.0234 0592 seclogon - ok
09:49:32.0265 0592 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:49:32.0296 0592 SENS - ok
09:49:32.0312 0592 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:49:32.0312 0592 serenum - ok
09:49:32.0359 0592 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:49:32.0390 0592 Serial - ok
09:49:32.0437 0592 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:49:32.0453 0592 Sfloppy - ok
09:49:32.0609 0592 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:49:32.0656 0592 SharedAccess - ok
09:49:32.0703 0592 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:49:32.0703 0592 ShellHWDetection - ok
09:49:32.0734 0592 [ 1A9B76C8E0D77BCACA24FDF36781B59D ] ShockMgr C:\WINDOWS\system32\drivers\ShockMgr.sys
09:49:32.0734 0592 ShockMgr - ok
09:49:32.0828 0592 [ CB0C065AF3AC9AC307408EA021CDD20E ] Shockprf C:\WINDOWS\system32\drivers\Shockprf.sys
09:49:32.0843 0592 Shockprf - ok
09:49:32.0843 0592 Simbad - ok
09:49:33.0140 0592 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:49:33.0140 0592 sisagp - ok
09:49:33.0468 0592 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
09:49:33.0484 0592 Smapint - ok
09:49:33.0578 0592 [ 3BA9D0C8A0FBD9FB4029B6CD87C8CE0B ] smi2 C:\Program Files\SMI2\smi2.sys
09:49:33.0578 0592 smi2 - ok
09:49:33.0781 0592 [ 01A4388E45BA272082BFC35B0C8DBF8A ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
09:49:33.0812 0592 smihlp - ok
09:49:33.0875 0592 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:49:33.0875 0592 Sparrow - ok
09:49:33.0921 0592 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:49:33.0937 0592 splitter - ok
09:49:33.0984 0592 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:49:34.0015 0592 Spooler - ok
09:49:34.0093 0592 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:49:34.0125 0592 sr - ok
09:49:34.0218 0592 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:49:34.0218 0592 srservice - ok
09:49:34.0281 0592 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:49:34.0328 0592 Srv - ok
09:49:34.0375 0592 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:49:34.0390 0592 SSDPSRV - ok
09:49:34.0468 0592 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
09:49:34.0484 0592 StillCam - ok
09:49:34.0562 0592 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:49:34.0671 0592 stisvc - ok
09:49:34.0781 0592 [ 1B1EE7DAA523E8CA72BBDC6DB155DC26 ] SUService c:\program files\lenovo\system update\suservice.exe
09:49:34.0781 0592 SUService - ok
09:49:34.0828 0592 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:49:34.0843 0592 swenum - ok
09:49:34.0921 0592 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:49:34.0937 0592 swmidi - ok
09:49:34.0937 0592 SwPrv - ok
09:49:35.0015 0592 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:49:35.0062 0592 symc810 - ok
09:49:35.0562 0592 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:49:35.0578 0592 symc8xx - ok
09:49:35.0890 0592 SYMIDSCO - ok
09:49:36.0328 0592 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:49:36.0359 0592 sym_hi - ok
09:49:36.0406 0592 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:49:36.0468 0592 sym_u3 - ok
09:49:36.0515 0592 [ 7C02DB7416D52C02B131D0E3A8D2337C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:49:36.0562 0592 SynTP - ok
09:49:36.0578 0592 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:49:36.0609 0592 sysaudio - ok
09:49:37.0062 0592 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:49:37.0125 0592 SysmonLog - ok
09:49:37.0468 0592 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:49:37.0562 0592 TapiSrv - ok
09:49:38.0750 0592 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:49:39.0031 0592 Tcpip - ok
09:49:39.0687 0592 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
09:49:39.0718 0592 TcUsb - ok
09:49:39.0812 0592 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:49:39.0843 0592 TDPIPE - ok
09:49:39.0906 0592 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
09:49:39.0937 0592 TDSMAPI - ok
09:49:39.0984 0592 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:49:39.0984 0592 TDTCP - ok
09:49:40.0015 0592 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:49:40.0015 0592 TermDD - ok
09:49:40.0484 0592 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:49:40.0640 0592 TermService - ok
09:49:40.0734 0592 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:49:40.0734 0592 Themes - ok
09:49:41.0265 0592 [ BEC875CAF94E9FD6BC95B84BD07C1E99 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:49:41.0343 0592 ThinkVantage Registry Monitor Service - ok
09:49:41.0406 0592 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:49:41.0437 0592 TlntSvr - ok
09:49:41.0781 0592 [ FAB13554E86325F5CC1041E7537DC8F2 ] Tomcat5 C:\dev\Tomcat 5.5\bin\tomcat5.exe
09:49:41.0812 0592 Tomcat5 - ok
09:49:41.0906 0592 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:49:41.0937 0592 TosIde - ok
09:49:42.0046 0592 [ A3552782E8D402F3AA513765D93C852D ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.EXE
09:49:42.0078 0592 TPHDEXLGSVC - ok
09:49:42.0234 0592 [ 29F3601D4233A53F819010FEE8C04A60 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
09:49:42.0265 0592 TPHKDRV - ok
09:49:42.0296 0592 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
09:49:42.0312 0592 TpKmpSVC - ok
09:49:42.0390 0592 [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
09:49:42.0406 0592 TPPWRIF - ok
09:49:42.0484 0592 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:49:42.0484 0592 TrkWks - ok
09:49:42.0562 0592 [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
09:49:42.0578 0592 TSMAPIP - ok
09:49:42.0984 0592 [ CF3BC148A6979BCF5AF8591E687C1390 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
09:49:43.0046 0592 TSSCoreService - ok
09:49:44.0140 0592 [ EC38192F2F5361B48BC387C2DB337264 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
09:49:44.0968 0592 TVT Backup Service - ok
09:49:45.0468 0592 [ FE1D3EF5CAA8EE28A8B66FA1F180681B ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
09:49:45.0625 0592 TVT Scheduler - ok
09:49:45.0687 0592 [ DD957007DF98AECFFAAA2656D4B981E4 ] tvtfilter C:\WINDOWS\system32\drivers\tvtfilter.sys
09:49:45.0718 0592 tvtfilter - ok
09:49:45.0843 0592 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
09:49:45.0843 0592 tvtnetwk - ok
09:49:45.0937 0592 [ 0727CCE3FF1A4446F4A1D507361567AB ] TVTPktFilter C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
09:49:45.0984 0592 TVTPktFilter - ok
09:49:46.0062 0592 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:49:46.0078 0592 Udfs - ok
09:49:46.0281 0592 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:49:46.0296 0592 ultra - ok
09:49:46.0390 0592 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:49:46.0421 0592 UMWdf - ok
09:49:47.0171 0592 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:49:47.0218 0592 Update - ok
09:49:47.0312 0592 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:49:47.0343 0592 upnphost - ok
09:49:47.0375 0592 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:49:47.0390 0592 UPS - ok
09:49:47.0421 0592 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
09:49:47.0468 0592 usbaudio - ok
09:49:47.0500 0592 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:49:47.0515 0592 usbccgp - ok
09:49:47.0546 0592 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:49:47.0562 0592 usbehci - ok
09:49:47.0671 0592 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:49:47.0687 0592 usbhub - ok
09:49:47.0718 0592 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:49:47.0734 0592 usbprint - ok
09:49:47.0781 0592 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:49:47.0796 0592 usbscan - ok
09:49:47.0843 0592 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:49:47.0859 0592 USBSTOR - ok
09:49:47.0890 0592 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:49:47.0906 0592 usbuhci - ok
09:49:47.0937 0592 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:49:47.0953 0592 VgaSave - ok
09:49:48.0015 0592 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:49:48.0062 0592 viaagp - ok
09:49:48.0093 0592 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:49:48.0109 0592 ViaIde - ok
09:49:48.0140 0592 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:49:48.0140 0592 VolSnap - ok
09:49:48.0296 0592 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:49:48.0328 0592 VSS - ok
09:49:48.0390 0592 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:49:48.0406 0592 W32Time - ok
09:49:48.0453 0592 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:49:48.0468 0592 Wanarp - ok
09:49:48.0484 0592 WDICA - ok
09:49:48.0515 0592 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:49:48.0546 0592 wdmaud - ok
09:49:48.0578 0592 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:49:48.0609 0592 WebClient - ok
09:49:48.0828 0592 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsf C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
09:49:48.0875 0592 winachsf - ok
09:49:49.0046 0592 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:49:49.0062 0592 winmgmt - ok
09:49:49.0343 0592 [ CD99C9FEAE87C1963273F6B150251E33 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
09:49:49.0453 0592 WMConnectCDS - ok
09:49:49.0515 0592 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:49:49.0546 0592 WmdmPmSN - ok
09:49:49.0687 0592 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:49:49.0750 0592 Wmi - ok
09:49:49.0828 0592 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:49:49.0843 0592 WmiApSrv - ok
09:49:50.0187 0592 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:49:50.0265 0592 WPFFontCache_v0400 - ok
09:49:50.0343 0592 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:49:50.0359 0592 WS2IFSL - ok
09:49:50.0421 0592 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:49:50.0453 0592 wscsvc - ok
09:49:50.0484 0592 [ 33BCFD50929AA6876C54C3768818E685 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
09:49:50.0500 0592 WSIMD - ok
09:49:50.0531 0592 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:49:50.0578 0592 wuauserv - ok
09:49:50.0656 0592 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:49:50.0968 0592 WZCSVC - ok
09:49:51.0015 0592 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:49:51.0093 0592 xmlprov - ok
09:49:51.0390 0592 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:49:51.0453 0592 YahooAUService - ok
09:49:51.0468 0592 ================ Scan global ===============================
09:49:51.0515 0592 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:49:51.0640 0592 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:51.0703 0592 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:49:51.0734 0592 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:49:51.0750 0592 [Global] - ok
09:49:51.0750 0592 ================ Scan MBR ==================================
09:49:51.0828 0592 [ 0FCCD8DBED6025519473ABD25C7E631B ] \Device\Harddisk0\DR0
09:49:52.0546 0592 \Device\Harddisk0\DR0 - ok
09:49:52.0562 0592 ================ Scan VBR ==================================
09:49:52.0562 0592 [ 4B4CEF6990CA1E84002488593AFF7E1A ] \Device\Harddisk0\DR0\Partition1
09:49:52.0562 0592 \Device\Harddisk0\DR0\Partition1 - ok
09:49:52.0578 0592 ============================================================
09:49:52.0578 0592 Scan finished
09:49:52.0578 0592 ============================================================
09:49:52.0593 0232 Detected object count: 0
09:49:52.0593 0232 Actual detected object count: 0
09:51:37.0062 4588 Deinitialize success

----------------------------------------------------------------------------------------------------

aswMBR log
(found one suspicious and one infected)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 09:56:59
-----------------------------
09:56:59.156 OS Version: Windows 5.1.2600 Service Pack 3
09:56:59.156 Number of processors: 2 586 0xF06
09:56:59.156 ComputerName: NIRVANA UserName:
09:57:00.046 Initialize success
10:16:45.000 AVAST engine defs: 12082500
10:26:32.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:26:32.281 Disk 0 Vendor: HITACHI_HTS723216L9SA60 FC2ZC50B Size: 152627MB BusType: 3
10:26:32.296 Disk 0 MBR read successfully
10:26:32.312 Disk 0 MBR scan
10:26:32.343 Disk 0 unknown MBR code
10:26:32.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 148010 MB offset 63
10:26:32.375 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4614 MB offset 303125760
10:26:32.375 Disk 0 scanning sectors +312575760
10:26:32.437 Disk 0 scanning C:\WINDOWS\system32\drivers
10:26:46.296 Service scanning
10:27:15.687 Modules scanning
10:27:32.312 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:27:33.250 Disk 0 trace - called modules:
10:27:33.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:27:33.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87137ab8]
10:27:33.281 3 CLASSPNP.SYS[f75d1fd7] -> nt!IofCallDriver -> \Device\00000092[0x8713d030]
10:27:33.281 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x870f9d98]
10:27:34.093 AVAST engine scan C:\WINDOWS
10:27:55.640 AVAST engine scan C:\WINDOWS\system32
10:28:35.500 File: C:\WINDOWS\system32\eudctvol.dll **INFECTED** Win32:Downloader-QFH [Trj]
10:31:54.578 AVAST engine scan C:\WINDOWS\system32\drivers
10:32:21.000 AVAST engine scan C:\Documents and Settings\Meena Nair
10:55:22.468 AVAST engine scan C:\Documents and Settings\All Users
10:56:51.234 Scan finished successfully
11:00:54.171 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
11:00:54.218 The log file has been saved successfully to "E:\aswMBR.txt"

Thanks again for your time.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 01:49 PM

Greetings kpmna

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com
c:\program files (x86)\Freecorder 6

File::
C:\WINDOWS\system32\eudctvol.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 02:54 PM

Hello

Ran combofix with the script. Problem still persists - search results redirect to random sites. Please see combofix log below. Thanks.

ComboFix 12-08-25.04 - Meena Nair 08/25/2012 12:29:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.375 [GMT -7:00]
Running from: c:\documents and settings\Meena Nair\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Meena Nair\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\eudctvol.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-23 00:26 . 2012-08-23 00:26 54016 ----a-w- c:\windows\system32\drivers\bdataui.sys
2012-08-22 22:02 . 2012-08-22 22:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-08-22 02:54 . 2012-08-22 02:54 54016 ----a-w- c:\windows\system32\drivers\dkfu.sys
2012-08-22 01:09 . 2012-08-22 01:09 711240 ----a-w- c:\windows\is-HGEEJ.exe
2012-08-22 01:01 . 2012-08-22 01:00 883616 ----a-w- C:\FixExec.exe
2012-08-22 00:51 . 2012-08-22 00:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-21 15:37 . 2012-08-22 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF59C4D20B0002C38BA77B07D287
2012-08-21 15:36 . 2012-08-21 15:36 52736 ---ha-w- c:\windows\system32\eudctvol.dll
2012-07-29 05:09 . 2012-07-29 05:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Nico Mak Computing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2010-07-18 00:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2010-05-02 05:22 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-04-30 06:55 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-04-30 06:55 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-04-30 07:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-04-30 07:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2006-04-30 07:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-04-30 07:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-04-30 06:55 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-04-30 07:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-08-17 00:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-08-17 00:53 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-08-17 00:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 16:09 . 2012-05-22 13:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_05.09.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 16:44 . 2012-08-25 16:44 16384 c:\windows\temp\Perflib_Perfdata_e88.dat
+ 2012-08-25 16:44 . 2012-08-25 16:44 16384 c:\windows\temp\Perflib_Perfdata_e08.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Meena Nair\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-31 24576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 5:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 8:00 PM 3456]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe --> c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 6:46 AM 113120]
S3 Tomcat5;Apache Tomcat;c:\dev\Tomcat 5.5\bin\tomcat5.exe [3/29/2010 6:48 AM 61440]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 79006358
*NewlyCreated* - ASWMBR
*Deregistered* - 79006358
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005Core.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005UA.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-31 16:13]
.
2012-08-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 12:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1332)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'lsass.exe'(1388)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2012-08-25 12:44:07
ComboFix-quarantined-files.txt 2012-08-25 19:44
ComboFix2.txt 2012-08-25 05:40
.
Pre-Run: 14,282,555,392 bytes free
Post-Run: 14,393,253,888 bytes free
.
- - End Of File - - 4CAA7F77095CD4058AF0DB63FCFB06AB

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 03:19 PM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\eudctvol.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 04:21 PM

Hello

Blitzblank report below. Google search results still redirect to random sites occasionally. Thanks

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\eudctvol.dll", destinationFile = "(null)", replaceWithDummy = 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 04:34 PM

I want you to rerun combofix for me now please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 05:16 PM

Hello

Please see combofix log below. Thanks

ComboFix 12-08-25.04 - Meena Nair 08/25/2012 14:58:56.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.433 [GMT -7:00]
Running from: c:\documents and settings\Meena Nair\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-23 00:26 . 2012-08-23 00:26 54016 ----a-w- c:\windows\system32\drivers\bdataui.sys
2012-08-22 22:02 . 2012-08-22 22:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-08-22 02:54 . 2012-08-22 02:54 54016 ----a-w- c:\windows\system32\drivers\dkfu.sys
2012-08-22 01:09 . 2012-08-22 01:09 711240 ----a-w- c:\windows\is-HGEEJ.exe
2012-08-22 01:01 . 2012-08-22 01:00 883616 ----a-w- C:\FixExec.exe
2012-08-22 00:51 . 2012-08-22 00:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-21 15:37 . 2012-08-22 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF59C4D20B0002C38BA77B07D287
2012-07-29 05:09 . 2012-07-29 05:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Nico Mak Computing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 13:58 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2010-07-18 00:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2010-05-02 05:22 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2006-04-30 06:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2009-08-20 00:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-04-30 06:55 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-04-30 06:55 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-04-30 07:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-04-30 07:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2006-04-30 07:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-04-30 07:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-04-30 06:55 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-04-30 07:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-04-30 07:11 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-08-17 00:53 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-08-17 00:53 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-08-17 00:53 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 16:09 . 2012-05-22 13:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-25_05.09.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-25 21:14 . 2012-08-25 21:14 16384 c:\windows\temp\Perflib_Perfdata_f7c.dat
+ 2012-08-25 21:13 . 2012-08-25 21:13 16384 c:\windows\temp\Perflib_Perfdata_eb4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-08-26 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-08-26 110592]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Meena Nair\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-31 24576]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 5:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 4:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/25/2006 8:00 PM 3456]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe --> c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/22/2012 6:46 AM 113120]
S3 Tomcat5;Apache Tomcat;c:\dev\Tomcat 5.5\bin\tomcat5.exe [3/29/2010 6:48 AM 61440]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005Core.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005UA.job
- c:\documents and settings\Meena Nair\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-18 20:53]
.
2012-08-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-03-31 16:13]
.
2012-08-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 15:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'lsass.exe'(1404)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
Completion time: 2012-08-25 15:14:02
ComboFix-quarantined-files.txt 2012-08-25 22:13
ComboFix2.txt 2012-08-25 19:44
ComboFix3.txt 2012-08-25 05:40
.
Pre-Run: 14,193,221,632 bytes free
Post-Run: 14,368,075,776 bytes free
.
- - End Of File - - F05013A86DC83CCF8CC2C9627449DFC6

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 05:37 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 05:51 PM

Hello

OTL log -

OTL logfile created on: 8/25/2012 3:39:52 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Meena Nair\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.36 Mb Total Physical Memory | 452.32 Mb Available Physical Memory | 44.24% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.54 Gb Total Space | 13.41 Gb Free Space | 9.28% Space Free | Partition Type: NTFS

Computer Name: NIRVANA | User Name: Meena Nair | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Meena Nair\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe (Oracle Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_7e8b01a0\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f4d93372\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_eb5bb82e\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_faa4ce23\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2d1f73cd\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAtherosV2.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthV2MSVC6.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACAthV2ExtDLL.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
MOD - C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\oraclexe\app\oracle\product\10.2.0\server\BIN\orajox10.dll ()
MOD - C:\WINDOWS\system32\tphklock.dll ()
MOD - C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll ()
MOD - C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll ()


========== Win32 Services (SafeList) ==========

SRV - (G Data Tuner Service) -- C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Tomcat5) -- C:\dev\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ()
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe ()
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe ()
SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE ()
SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation)
SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe ()
SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\MEENAN~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (PrivateDisk) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\SearchScopes,DefaultScope = {25477387-2310-45df-933D-E9416D3D0303}
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\SearchScopes\{25477387-2310-45df-933D-E9416D3D0303}: "URL" = http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q={searchTerms}
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "eSnips Search"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: esnipsxpi@logia.esnips:1.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.100006
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ad0d925d-88f8-47f1-85ea-8463569e756e}:1.3.4
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.1
FF - prefs.js..keyword.URL: "http://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\esnipsxpi@logia.esnips: C:\Program Files\Logia\eSnipsDownloader\ext [2010/04/10 14:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 09:09:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 06:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/07/03 18:42:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012/02/29 16:55:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4DB25CC3-3EAE-4bb5-92F0-09757350CE75}: C:\Program Files\Download Direct\Plugins\DLDFireFox [2010/07/18 17:56:42 | 000,000,000 | ---D | M]

[2010/04/14 12:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Extensions
[2010/04/14 12:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/07/31 06:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\extensions
[2012/05/22 06:47:29 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/07 11:51:43 | 000,000,000 | ---D | M] ("PandoraTV Toolbar") -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\extensions\toolbar@ask.com
[2010/08/29 12:07:04 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\extensions\vshareus@toolbar
[2010/04/14 12:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Sunbird\Profiles\gwq0fx3i.default\extensions
[2012/05/22 06:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/02 07:46:54 | 000,261,871 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MEENA NAIR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\40MHCSA4.DEFAULT\EXTENSIONS\{AD0D925D-88F8-47F1-85EA-8463569E756E}.XPI
[2004/08/04 05:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MEENA NAIR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\40MHCSA4.DEFAULT\EXTENSIONS\KPDSHZLSLE@KPDSHZLSLE.ORG.XPI
[2012/07/18 09:09:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:59:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/08 07:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/04/10 14:04:58 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2012/06/08 07:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Ringz Studio\Storm Codec\Plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Ringz Studio\Storm Codec\Plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Meena Nair\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/25 15:10:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (eSnipsBHO Class) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files\Logia\eSnipsDownloader\eSnipsBHO.dll (Logia Media)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe ()
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Meena Nair\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Meena Nair\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O15 - HKU\S-1-5-21-4067690018-3825318633-2555967877-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.anandabazar.com/wfplayer/tdserver.cab (TDServer Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A83232F8-989E-477A-BAFD-8C7BC9B6B9DF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 00:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/24 22:03:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/08/24 21:28:27 | 004,737,458 | ---- | C] (Swearware) -- C:\Documents and Settings\Meena Nair\Desktop\ComboFix.exe
[2012/08/22 15:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/08/22 14:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/08/21 18:01:40 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\FixExec.exe
[2012/08/21 17:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/21 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/08/21 17:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2012/08/21 17:45:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/21 08:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF59C4D20B0002C38BA77B07D287
[2012/08/18 13:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Meena Nair\Start Menu\Programs\Google Chrome
[2012/08/10 20:19:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/10 20:17:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/10 20:17:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/10 20:17:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/10 20:17:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/10 20:17:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/10 20:17:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/10 20:11:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Meena Nair\Start Menu\Programs\Administrative Tools
[2012/07/28 22:09:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Nico Mak Computing
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 15:10:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/25 14:15:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/08/25 14:14:25 | 000,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/08/25 14:13:43 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/08/25 14:13:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/25 14:13:34 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/25 14:03:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005UA.job
[2012/08/25 14:03:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005Core.job
[2012/08/24 21:28:54 | 004,737,458 | ---- | M] (Swearware) -- C:\Documents and Settings\Meena Nair\Desktop\ComboFix.exe
[2012/08/24 21:13:08 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/23 17:46:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/22 17:26:49 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\bdataui.sys
[2012/08/21 21:08:18 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Meena Nair\Desktop\Google Chrome.lnk
[2012/08/21 21:08:18 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Meena Nair\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 19:54:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dkfu.sys
[2012/08/21 18:09:22 | 000,711,240 | ---- | M] () -- C:\WINDOWS\is-HGEEJ.exe
[2012/08/21 18:09:22 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-HGEEJ.msg
[2012/08/21 18:09:22 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 18:09:22 | 000,000,479 | ---- | M] () -- C:\WINDOWS\is-HGEEJ.lst
[2012/08/21 18:00:20 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\FixExec.exe
[2012/08/21 07:47:25 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Meena Nair\Desktop\Activate the security chip now..lnk
[2012/08/19 14:47:17 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Meena Nair\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/16 07:53:29 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/16 05:47:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/10 20:19:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/02 07:01:13 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\Meena Nair\Desktop\cb0abbbd71054359f88fb546c074734a.gif
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/24 22:08:06 | 1072,091,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/22 17:26:49 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bdataui.sys
[2012/08/21 19:54:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dkfu.sys
[2012/08/21 18:09:22 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-HGEEJ.exe
[2012/08/21 18:09:22 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-HGEEJ.msg
[2012/08/21 18:09:22 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 18:09:22 | 000,000,479 | ---- | C] () -- C:\WINDOWS\is-HGEEJ.lst
[2012/08/21 07:47:25 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Desktop\Activate the security chip now..lnk
[2012/08/18 13:55:18 | 000,002,330 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Desktop\Google Chrome.lnk
[2012/08/18 13:55:18 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/18 13:53:13 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005UA.job
[2012/08/18 13:53:12 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4067690018-3825318633-2555967877-1005Core.job
[2012/08/10 20:19:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/10 20:19:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/10 20:17:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/10 20:17:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/10 20:17:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/10 20:17:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/10 20:17:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/02 07:01:13 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Desktop\cb0abbbd71054359f88fb546c074734a.gif
[2012/04/16 12:24:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/15 22:56:45 | 000,247,534 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/15 09:06:37 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2010/06/12 17:03:46 | 000,158,720 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 22:16:52 | 000,002,577 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak
[2010/04/01 22:16:52 | 000,001,688 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak
[2010/04/01 22:16:52 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hosts.bak
[2010/04/01 12:00:07 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Meena Nair\Local Settings\Application Data\fusioncache.dat
[2006/04/29 23:55:50 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Meena Nair\Local Settings\Application Data\{938e3355-4fb5-61b9-5dcd-b93443c13ee1}\@

< End of report >

Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 25 August 2012 - 06:03 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Reg Error: Key error.)
    [2004/08/04 05:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MEENA NAIR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\40MHCSA4.DEFAULT\EXTENSIONS\KPDSHZLSLE@KPDSHZLSLE.ORG.XPI
    :Files
    C:\Documents and Settings\Meena Nair\Local Settings\Application Data\{938e3355-4fb5-61b9-5dcd-b93443c13ee1}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kpmna

kpmna
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 August 2012 - 06:47 PM

Hello

Here is the OTL log. I haven't seen any issues with redirects since the last OTL run. Sincerely appreciate your help. Thanks again.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StormCodec_Helper deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Meena Nair\Application Data\Mozilla\Firefox\Profiles\40mhcsa4.default\extensions\kpdshzlsle@kpdshzlsle.org.xpi moved successfully.
========== FILES ==========
C:\Documents and Settings\Meena Nair\Local Settings\Application Data\{938e3355-4fb5-61b9-5dcd-b93443c13ee1}\U folder moved successfully.
C:\Documents and Settings\Meena Nair\Local Settings\Application Data\{938e3355-4fb5-61b9-5dcd-b93443c13ee1}\L folder moved successfully.
C:\Documents and Settings\Meena Nair\Local Settings\Application Data\{938e3355-4fb5-61b9-5dcd-b93443c13ee1} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Meena Nair\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Meena Nair\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Meena Nair
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: LocalService

User: Meena Nair
->Flash cache emptied: 3304 bytes

User: NetworkService
->Flash cache emptied: 64331 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08252012_163447




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users