Jump to content

ljm

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Kenny, thank you so much. I completed all steps and everything looks good. I really appreciate your excellent help! --Lissa
  2. Hi, Kenny -- OK, I reran with ComboFix with the text file, and then updated and ran MBAM. It seemed to go smoothly -- ComboFix took about 45 minutes in total (same as the first time). MBAM didn't find anything (log attached), but while the scan was running, Avira Antivir found a few things and I am attaching its report at the very end. Things appear to be working fine now -- no more redirected searches! I am very grateful for your help! Lissa COMBOFIX:-------------------------------------------------------------------------------------------------- ComboFix 10-09-14.05 - Lissa MacVean 09/15/2010 17:25:41.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.850 [GMT -7:00] Running from: c:\documents and settings\Lissa MacVean\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Lissa MacVean\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 ))))))))))))))))))))))))))))))) . 2010-09-15 16:13 . 2010-09-15 16:13 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Avira 2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-09-13 03:54 . 2010-09-16 00:17 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Abine . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 21:26 . 2006-02-11 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-09-15 21:26 . 2006-02-11 22:43 60 ----a-w- c:\windows\wpd99.drv 2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\program files\Avira 2010-09-15 16:05 . 2010-09-11 16:58 0 ----a-w- c:\windows\Pwelo.bin 2010-09-15 03:01 . 2010-09-11 16:58 120 ----a-w- c:\windows\Pmegozabocu.dat 2010-09-13 17:15 . 2006-02-03 18:06 -------- d-----w- c:\program files\Google 2010-09-12 07:00 . 2006-01-12 23:43 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-09-08 21:14 . 2010-05-27 19:08 -------- d-----w- c:\program files\Quantum GIS Enceladus 2010-08-21 11:21 . 2010-09-13 03:53 225416 ----a-w- c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll 2010-08-17 13:17 . 2008-08-25 03:04 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-15 18:40 . 2006-01-12 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-15 18:40 . 2010-07-14 06:22 -------- d-----w- c:\program files\NewTech Infosystems 2010-08-04 23:52 . 2006-02-11 20:57 38504 -c--a-w- c:\documents and settings\Lissa MacVean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-04 23:44 . 2010-08-04 23:36 172892 ----a-w- c:\windows\hppins13.dat 2010-08-04 23:44 . 2010-08-04 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-08-04 23:44 . 2010-08-04 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-08-04 23:44 . 2010-08-04 23:38 -------- d-----w- c:\program files\HP 2010-07-22 15:49 . 2008-08-25 03:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-04-16 02:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-11 17:11 . 2006-01-12 23:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-06-30 12:31 . 2008-08-25 03:03 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:15 . 1980-01-01 08:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:15 . 2008-08-25 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:15 . 2008-08-25 03:04 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-23 13:44 . 2008-08-25 03:03 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2008-08-25 03:03 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 17:45 . 2008-08-25 03:03 293376 ----a-w- c:\windows\system32\winsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856] "amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TrackPointSrv"="tp4serv.exe" [2005-07-13 94208] "TpShocks"="TpShocks.exe" [2005-06-23 86016] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208] "TP4EX"="tp4ex.exe" [2005-08-02 40960] "suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152] "masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-10 98304] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568] "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144] "ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896] "amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-15 648488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-07 30264] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-07-12 17:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-08-10 11:08 262144 ------w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 07:45 28672 ------w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-06-17 06:23 24576 ------w- c:\windows\system32\tphklock.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\BioSonics\\Dtx\\VisualAcquisition.exe"= "c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [1/12/2006 4:19 PM 14720] R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [9/29/2003 10:36 AM 62359] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2010 9:09 AM 135336] R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [6/26/2008 5:52 AM 204800] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 9:26 AM 46142] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 6:47 PM 3968] R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 10:37 AM 3328] R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [6/23/2004 2:13 PM 10653] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [1/12/2006 4:19 PM 6400] S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2009 1:59 PM 133104] S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [9/29/2003 10:37 AM 4538] S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [9/29/2003 10:40 AM 5493] S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [9/29/2003 10:57 AM 19670] S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [9/29/2003 10:59 AM 111180] S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [1/29/2008 12:48 PM 165452] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [1/12/2006 4:43 PM 12288] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 1:00 AM 13840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59] 2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59] 2010-09-16 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-12 09:10] 2010-09-16 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 05:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll FF - plugin: c:\documents and settings\Lissa MacVean\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-15 17:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(792) c:\program files\ThinkVantage Fingerprint Software\psfus.dll c:\program files\Common Files\Virtual Token\psutil.dll c:\program files\Common Files\Virtual Token\Remote.dll c:\windows\system32\tphklock.dll c:\program files\Common Files\Virtual Token\passport.dll - - - - - - - > 'explorer.exe'(1564) c:\windows\system32\WININET.dll c:\windows\system32\PROCHLP.DLL c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Virtual Token\vtserver.exe c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\java.exe c:\windows\System32\QCONSVC.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\System32\TPHDEXLG.EXE c:\windows\system32\TpKmpSVC.exe c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe c:\windows\system32\TpShocks.exe c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2010-09-15 18:05:01 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-16 01:04 ComboFix2.txt 2010-09-15 18:28 Pre-Run: 5,632,966,656 bytes free Post-Run: 5,603,110,912 bytes free - - End Of File - - 07CE95D4B949F00E413EFFCD6DB8882A MBAM:-------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4624 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 9/15/2010 6:33:47 PM mbam-log-2010-09-15 (18-33-47).txt Scan type: Quick scan Objects scanned: 157176 Time elapsed: 22 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) AVIRA ANTIVIR:-------------------------------------------------------------------------------------------------- Avira AntiVir Personal Report file date: Wednesday, September 15, 2010 18:23 Scanning for 2847256 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : BERKELEYEFM-LM Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 20:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 02:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:36:40 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:36:40 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:36:40 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 00:36:40 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 00:36:42 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 00:36:42 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:36:42 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:36:42 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 00:36:44 VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 00:36:44 VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 00:36:44 VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 00:36:44 VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 00:36:44 VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 00:36:44 VBASE014.VDF : 7.10.11.166 2048 Bytes 9/15/2010 00:36:44 VBASE015.VDF : 7.10.11.167 2048 Bytes 9/15/2010 00:36:44 VBASE016.VDF : 7.10.11.168 2048 Bytes 9/15/2010 00:36:44 VBASE017.VDF : 7.10.11.169 2048 Bytes 9/15/2010 00:36:44 VBASE018.VDF : 7.10.11.170 2048 Bytes 9/15/2010 00:36:44 VBASE019.VDF : 7.10.11.171 2048 Bytes 9/15/2010 00:36:44 VBASE020.VDF : 7.10.11.172 2048 Bytes 9/15/2010 00:36:44 VBASE021.VDF : 7.10.11.173 2048 Bytes 9/15/2010 00:36:44 VBASE022.VDF : 7.10.11.174 2048 Bytes 9/15/2010 00:36:44 VBASE023.VDF : 7.10.11.175 2048 Bytes 9/15/2010 00:36:44 VBASE024.VDF : 7.10.11.176 2048 Bytes 9/15/2010 00:36:44 VBASE025.VDF : 7.10.11.177 2048 Bytes 9/15/2010 00:36:44 VBASE026.VDF : 7.10.11.178 2048 Bytes 9/15/2010 00:36:44 VBASE027.VDF : 7.10.11.179 2048 Bytes 9/15/2010 00:36:44 VBASE028.VDF : 7.10.11.180 2048 Bytes 9/15/2010 00:36:44 VBASE029.VDF : 7.10.11.181 2048 Bytes 9/15/2010 00:36:44 VBASE030.VDF : 7.10.11.182 2048 Bytes 9/15/2010 00:36:44 VBASE031.VDF : 7.10.11.187 48640 Bytes 9/15/2010 00:36:44 Engineversion : 8.2.4.52 AEVDF.DLL : 8.1.2.1 106868 Bytes 9/16/2010 00:36:38 AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 9/16/2010 00:36:38 AESCN.DLL : 8.1.6.1 127347 Bytes 9/16/2010 00:36:38 AESBX.DLL : 8.1.3.1 254324 Bytes 9/16/2010 00:36:38 AERDL.DLL : 8.1.8.2 614772 Bytes 9/16/2010 00:36:38 AEPACK.DLL : 8.2.3.5 471412 Bytes 9/16/2010 00:36:38 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 9/16/2010 00:36:36 AEHEUR.DLL : 8.1.2.21 2883958 Bytes 9/16/2010 00:36:36 AEHELP.DLL : 8.1.13.3 242038 Bytes 9/16/2010 00:36:36 AEGEN.DLL : 8.1.3.21 401780 Bytes 9/16/2010 00:36:36 AEEMU.DLL : 8.1.2.0 393588 Bytes 9/16/2010 00:36:36 AECORE.DLL : 8.1.16.2 192887 Bytes 9/16/2010 00:36:36 AEBB.DLL : 8.1.1.0 53618 Bytes 9/16/2010 00:36:36 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 20:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 20:03:35 AVREP.DLL : 8.0.0.7 159784 Bytes 9/16/2010 00:36:44 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 20:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 20:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 20:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 17:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 20:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 23:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 22:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 22:14:29 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4cd06bb0\guard_slideup.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Start of the scan: Wednesday, September 15, 2010 18:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'mbam.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'pwmgr.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'UI.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'nmctxth.exe' - '1' Module(s) have been scanned Scan process 'ipoint.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'Amsg.exe' - '1' Module(s) have been scanned Scan process 'cssauth.exe' - '1' Module(s) have been scanned Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned Scan process 'LPMGR.exe' - '1' Module(s) have been scanned Scan process 'pdservice.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned Scan process 'TpScrex.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned Scan process 'TpShocks.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'logmon.exe' - '1' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned Scan process 'UCLauncherService.exe' - '1' Module(s) have been scanned Scan process 'tvtsched.exe' - '1' Module(s) have been scanned Scan process 'rrservice.exe' - '1' Module(s) have been scanned Scan process 'ibmtcsd.exe' - '1' Module(s) have been scanned Scan process 'TpKmpSVC.exe' - '1' Module(s) have been scanned Scan process 'TPHDEXLG.EXE' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'java.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'LinksysUpdater.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'IPSSVC.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned Scan process 'EvtEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned Scan process 'vtserver.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\WINDOWS\system32\TDSSbeat.dat' C:\WINDOWS\system32\TDSSbeat.dat [DETECTION] Is the TR/Agent.439 Trojan [NOTE] The file was moved to the quarantine directory under the name '4eafd3ca.qua'. End of the scan: Wednesday, September 15, 2010 18:27 Used time: 03:07 Minute(s) The scan has been done completely. 0 Scanned directories 76 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 75 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard.
  3. Hi, Kenny94, The following is the log from Combofix. I think it ran successfully (?). Also, in the mean time I was able to install Avira and manually update the virus definitions (I could not do so otherwise), but I haven't run a scan yet. Waiting for further instructions. Thank you very much for all of your help! ComboFix 10-09-14.05 - Lissa MacVean 09/15/2010 10:46:36.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.661 [GMT -7:00] Running from: c:\documents and settings\Lissa MacVean\My Documents\downloads\combofix\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446} c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome.manifest c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome\content\_cfg.js c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\chrome\content\overlay.xul c:\documents and settings\Lissa MacVean\Local Settings\Application Data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446}\install.rdf c:\windows\apaqiqam.dll c:\windows\Downloaded Program Files\ODCTOOLS . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 ))))))))))))))))))))))))))))))) . 2010-09-15 16:13 . 2010-09-15 16:13 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Avira 2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-09-13 03:54 . 2010-09-15 17:20 -------- d-----w- c:\documents and settings\Lissa MacVean\Application Data\Abine . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-15 16:09 . 2010-09-15 16:09 -------- d-----w- c:\program files\Avira 2010-09-15 16:05 . 2010-09-11 16:58 0 ----a-w- c:\windows\Pwelo.bin 2010-09-15 03:01 . 2010-09-11 16:58 120 ----a-w- c:\windows\Pmegozabocu.dat 2010-09-13 17:15 . 2006-02-03 18:06 -------- d-----w- c:\program files\Google 2010-09-12 07:00 . 2006-01-12 23:43 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-09-10 01:05 . 2006-02-11 22:43 60 ----a-w- c:\windows\wpd99.drv 2010-09-10 01:05 . 2006-02-11 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-09-08 21:14 . 2010-05-27 19:08 -------- d-----w- c:\program files\Quantum GIS Enceladus 2010-08-21 11:21 . 2010-09-13 03:53 225416 ----a-w- c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll 2010-08-17 13:17 . 2008-08-25 03:04 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-15 18:40 . 2006-01-12 23:11 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-15 18:40 . 2010-07-14 06:22 -------- d-----w- c:\program files\NewTech Infosystems 2010-08-04 23:52 . 2006-02-11 20:57 38504 -c--a-w- c:\documents and settings\Lissa MacVean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-04 23:44 . 2010-08-04 23:36 172892 ----a-w- c:\windows\hppins13.dat 2010-08-04 23:44 . 2010-08-04 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-08-04 23:44 . 2010-08-04 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-08-04 23:44 . 2010-08-04 23:38 -------- d-----w- c:\program files\HP 2010-07-22 15:49 . 2008-08-25 03:04 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-04-16 02:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-11 17:11 . 2006-01-12 23:18 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-06-30 12:31 . 2008-08-25 03:03 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:15 . 1980-01-01 08:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:15 . 2008-08-25 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:15 . 2008-08-25 03:04 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-23 13:44 . 2008-08-25 03:03 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2008-08-25 03:03 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 17:45 . 2008-08-25 03:03 293376 ----a-w- c:\windows\system32\winsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856] "amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-05-04 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-05-04 126976] "TrackPointSrv"="tp4serv.exe" [2005-07-13 94208] "TpShocks"="TpShocks.exe" [2005-06-23 86016] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-12 864256] "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208] "TP4EX"="tp4ex.exe" [2005-08-02 40960] "suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-08-10 86016] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-10 139264] "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-07-07 49152] "masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672] "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-08-10 98304] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568] "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-08-03 1988144] "ControlCenter"="c:\program files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2005-07-12 125026] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-10 208896] "amsg"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-08-02 475136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 136600] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-09-15 648488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Medialink Utilty"="c:\program files\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2170904] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-07 30264] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-07-12 17:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-08-10 11:08 262144 ------w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 07:45 28672 ------w- c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-06-17 06:23 24576 ------w- c:\windows\system32\tphklock.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\BioSonics\\Dtx\\VisualAcquisition.exe"= "c:\\Program Files\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppniprint64.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hppnicifs01.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\hpbtpg.exe"= "c:\\HP_P2055_default_install_v6.1_ww\\setup\\LaunchApp.exe"= "c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [1/12/2006 4:19 PM 14720] R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [9/29/2003 10:36 AM 62359] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/15/2010 9:09 AM 135336] R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [6/26/2008 5:52 AM 204800] R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 9:26 AM 46142] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 6:47 PM 3968] R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 10:37 AM 3328] R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [6/23/2004 2:13 PM 10653] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [1/12/2006 4:19 PM 6400] S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/19/2009 1:59 PM 133104] S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [9/29/2003 10:37 AM 4538] S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [9/29/2003 10:40 AM 5493] S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [9/29/2003 10:57 AM 19670] S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [9/29/2003 10:59 AM 111180] S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [1/29/2008 12:48 PM 165452] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [1/12/2006 4:43 PM 12288] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/1/1980 1:00 AM 13840] --- Other Services/Drivers In Memory --- *NewlyCreated* - SSMDRV [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder 2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59] 2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-19 20:59] 2010-09-15 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-01-12 09:10] 2010-09-15 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 05:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6092 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll FF - component: c:\documents and settings\Lissa MacVean\Application Data\Mozilla\Firefox\Profiles\ab2ub1iv.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll FF - plugin: c:\documents and settings\Lissa MacVean\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe HKLM-Run-Hlicehizaji - c:\windows\apaqiqam.dll Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-15 11:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(796) c:\program files\ThinkVantage Fingerprint Software\psfus.dll c:\program files\Common Files\Virtual Token\psutil.dll c:\program files\Common Files\Virtual Token\Remote.dll c:\windows\system32\tphklock.dll c:\program files\Common Files\Virtual Token\passport.dll - - - - - - - > 'explorer.exe'(3860) c:\windows\system32\WININET.dll c:\windows\system32\PROCHLP.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Virtual Token\vtserver.exe c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\java.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\System32\QCONSVC.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\System32\TPHDEXLG.EXE c:\windows\system32\TpKmpSVC.exe c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe c:\windows\system32\TpShocks.exe c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe c:\windows\system32\rundll32.exe c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-09-15 11:28:11 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-15 18:28 Pre-Run: 4,525,805,568 bytes free Post-Run: 5,625,339,904 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - 9F8AE85FF7545E1AB3FB23122FE461EE
  4. Hi, Kenny94, Thank you so much for your help. Here is the report generated by TDSSKiller: 2010/09/15 09:36:33.0375 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/15 09:36:33.0375 ================================================================================ 2010/09/15 09:36:33.0375 SystemInfo: 2010/09/15 09:36:33.0375 2010/09/15 09:36:33.0375 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/15 09:36:33.0375 Product type: Workstation 2010/09/15 09:36:33.0375 ComputerName: BERKELEYEFM-LM 2010/09/15 09:36:33.0375 UserName: Lissa MacVean 2010/09/15 09:36:33.0375 Windows directory: C:\WINDOWS 2010/09/15 09:36:33.0375 System windows directory: C:\WINDOWS 2010/09/15 09:36:33.0375 Processor architecture: Intel x86 2010/09/15 09:36:33.0375 Number of processors: 1 2010/09/15 09:36:33.0375 Page size: 0x1000 2010/09/15 09:36:33.0375 Boot type: Normal boot 2010/09/15 09:36:33.0375 ================================================================================ 2010/09/15 09:36:34.0046 Initialize success 2010/09/15 09:36:39.0546 ================================================================================ 2010/09/15 09:36:39.0546 Scan started 2010/09/15 09:36:39.0546 Mode: Manual; 2010/09/15 09:36:39.0546 ================================================================================ 2010/09/15 09:36:41.0562 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/09/15 09:36:42.0171 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 2010/09/15 09:36:42.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/15 09:36:43.0203 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/09/15 09:36:43.0781 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/09/15 09:36:44.0296 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys 2010/09/15 09:36:44.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/15 09:36:45.0421 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/09/15 09:36:45.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/15 09:36:46.0546 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/09/15 09:36:47.0140 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/09/15 09:36:47.0562 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/09/15 09:36:48.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/09/15 09:36:48.0312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/09/15 09:36:48.0906 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/09/15 09:36:49.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/09/15 09:36:49.0640 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/09/15 09:36:49.0843 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/09/15 09:36:50.0421 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS 2010/09/15 09:36:51.0093 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/09/15 09:36:51.0406 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/09/15 09:36:52.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/09/15 09:36:52.0312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/15 09:36:52.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/15 09:36:53.0343 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/15 09:36:53.0875 atmeltpm (78a6db2682cd5ca28395423ccf0ccfae) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 2010/09/15 09:36:54.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/15 09:36:54.0671 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/09/15 09:36:55.0046 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/09/15 09:36:55.0765 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/09/15 09:36:56.0265 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2010/09/15 09:36:56.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/15 09:36:57.0140 bpfinder (502ada90bf0090557004328a11ea2085) C:\WINDOWS\system32\DRIVERS\bpfinder.sys 2010/09/15 09:36:57.0687 bpflt (cf99a29db455b6b0e414a83de372967d) C:\WINDOWS\system32\DRIVERS\bpflt.sys 2010/09/15 09:36:58.0078 bppccard (8f583f9746eb5486e8d4035165668864) C:\WINDOWS\system32\DRIVERS\bppccard.sys 2010/09/15 09:36:58.0421 bppnpdrv (f210675acdb3071ab62d1938430c1012) C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys 2010/09/15 09:36:59.0031 bpusbdrv (323f4e31b02eac5d7a2bde43443b14be) C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys 2010/09/15 09:36:59.0343 bpusbflt (387cfde2c29571c729eb639a079b2153) C:\WINDOWS\system32\DRIVERS\bpusbflt.sys 2010/09/15 09:36:59.0656 btaudio (f9b7bf50bb2111019f00bcf168754b50) C:\WINDOWS\system32\drivers\btaudio.sys 2010/09/15 09:36:59.0937 BTDriver (2ec53b652b8a425930611163c226788e) C:\WINDOWS\system32\DRIVERS\btport.sys 2010/09/15 09:37:00.0656 BTKRNL (9eb1a41f33f834dee770777a4f507eff) C:\WINDOWS\system32\drivers\btkrnl.sys 2010/09/15 09:37:01.0140 BTWDNDIS (12bd8fa13f7bb232121402e543a8441b) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2010/09/15 09:37:01.0468 BTWUSB (2b53ddcc571948ddf0fd89b2589da435) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/09/15 09:37:01.0718 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/09/15 09:37:02.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/15 09:37:02.0468 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/09/15 09:37:02.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/15 09:37:03.0265 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/15 09:37:03.0843 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys 2010/09/15 09:37:04.0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/15 09:37:04.0734 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/09/15 09:37:05.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/09/15 09:37:05.0546 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/09/15 09:37:06.0125 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/09/15 09:37:06.0500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/09/15 09:37:06.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/09/15 09:37:07.0359 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/15 09:37:08.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/15 09:37:08.0468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/15 09:37:08.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/15 09:37:09.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/15 09:37:09.0578 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/09/15 09:37:09.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/15 09:37:10.0453 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/09/15 09:37:10.0687 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 2010/09/15 09:37:11.0281 Eplpdx02 (f9472131367d39435d750f5fa3d23582) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS 2010/09/15 09:37:11.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/15 09:37:11.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/15 09:37:12.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/15 09:37:12.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/15 09:37:13.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/15 09:37:13.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/15 09:37:14.0296 FTDIBUS (782f67cfc6c362257916bbb50bc55de9) C:\WINDOWS\system32\drivers\ftdibus.sys 2010/09/15 09:37:14.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/15 09:37:14.0906 FTSER2K (4a995111f44cd6f35775865903f4f41e) C:\WINDOWS\system32\drivers\ftser2k.sys 2010/09/15 09:37:15.0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/09/15 09:37:15.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/15 09:37:16.0281 grmnusb (cd007d03a9284bfe67d49c01213132bf) C:\WINDOWS\system32\drivers\grmnusb.sys 2010/09/15 09:37:16.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/15 09:37:17.0187 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/09/15 09:37:17.0656 HSFHWICH (7b555ff6647069bd1d68b4f9556a7b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 2010/09/15 09:37:18.0343 HSF_DP (43b60f94718841e13b9dd8905366bdbd) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2010/09/15 09:37:18.0750 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/15 09:37:19.0046 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/09/15 09:37:19.0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/09/15 09:37:19.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/15 09:37:19.0968 ialm (4d27afcd58ac7db4c005c72d7634bc3f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/09/15 09:37:20.0296 ibmfilter (d4193760493da47d4d4580589e27f0ca) C:\WINDOWS\system32\drivers\ibmfilter.sys 2010/09/15 09:37:20.0937 IBMPMDRV (6f2dfa1b97463161b331a677f1a8d570) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 2010/09/15 09:37:21.0375 IBMTPCHK (927dd405f7aec212ffdec4f7f4ab2731) C:\WINDOWS\system32\drivers\IBMBLDID.SYS 2010/09/15 09:37:21.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/15 09:37:22.0234 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/09/15 09:37:22.0515 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/15 09:37:23.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/15 09:37:23.0390 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/15 09:37:23.0640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/15 09:37:24.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/15 09:37:24.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/15 09:37:24.0859 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/15 09:37:25.0171 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2010/09/15 09:37:25.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/15 09:37:26.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/15 09:37:26.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/15 09:37:27.0093 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/09/15 09:37:27.0421 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/15 09:37:27.0703 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/15 09:37:28.0296 lsusb (7a1d32fa7c074cdb643bd828b5effe08) C:\WINDOWS\system32\drivers\lsusb.sys 2010/09/15 09:37:28.0593 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/09/15 09:37:29.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/15 09:37:29.0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/15 09:37:29.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/15 09:37:30.0125 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/15 09:37:30.0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/15 09:37:31.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/09/15 09:37:31.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/15 09:37:31.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/15 09:37:32.0421 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/15 09:37:32.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/15 09:37:33.0296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/15 09:37:33.0578 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/15 09:37:34.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/15 09:37:34.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/15 09:37:34.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/15 09:37:35.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/15 09:37:35.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/15 09:37:35.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/15 09:37:36.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/15 09:37:36.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/15 09:37:37.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/15 09:37:37.0437 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/15 09:37:37.0718 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys 2010/09/15 09:37:38.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/15 09:37:38.0625 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/15 09:37:39.0312 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/15 09:37:39.0718 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/15 09:37:40.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/15 09:37:41.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/15 09:37:42.0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/15 09:37:43.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/15 09:37:43.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/15 09:37:44.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/15 09:37:45.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/09/15 09:37:47.0125 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/09/15 09:37:47.0703 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/09/15 09:37:48.0312 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys 2010/09/15 09:37:48.0593 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys 2010/09/15 09:37:49.0062 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys 2010/09/15 09:37:49.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/15 09:37:49.0640 PrivateDisk (c120b205614de6bd2a85c51cc77d69f0) C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys 2010/09/15 09:37:49.0968 PROCDD (884228979a63a63799b48a2926481ea1) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 2010/09/15 09:37:50.0281 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/09/15 09:37:50.0609 psadd (045f099f312492f8c0a2dfe10df69d52) C:\WINDOWS\system32\Drivers\psadd.sys 2010/09/15 09:37:51.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/15 09:37:51.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/15 09:37:51.0734 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys 2010/09/15 09:37:52.0250 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/09/15 09:37:52.0531 QCNDISIF (d1666121638bb0d23081dcc41ecb21f0) C:\WINDOWS\system32\drivers\qcndisif.SYS 2010/09/15 09:37:53.0062 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/09/15 09:37:53.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/09/15 09:37:53.0578 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/09/15 09:37:54.0187 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/09/15 09:37:54.0453 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/09/15 09:37:54.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/15 09:37:55.0500 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2010/09/15 09:37:56.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/15 09:37:56.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/15 09:37:56.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/15 09:37:57.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/15 09:37:57.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/15 09:37:58.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/15 09:37:58.0390 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/15 09:37:58.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/15 09:37:59.0343 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2010/09/15 09:37:59.0656 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2010/09/15 09:38:00.0234 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/09/15 09:38:00.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/15 09:38:01.0031 Ser2pl (b72e991d35d9ebe17e485497ab8cf002) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 2010/09/15 09:38:01.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/15 09:38:01.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/15 09:38:02.0265 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys 2010/09/15 09:38:02.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/09/15 09:38:03.0171 ShockMgr (a50f0e56ec9cd5fefcfa328a56e0e059) C:\WINDOWS\system32\drivers\ShockMgr.sys 2010/09/15 09:38:03.0531 Shockprf (621ff0dc997978a1289c55fa9058e18d) C:\WINDOWS\system32\drivers\Shockprf.sys 2010/09/15 09:38:04.0359 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/09/15 09:38:04.0578 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys 2010/09/15 09:38:04.0750 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys 2010/09/15 09:38:05.0031 SmiHlp (1d47b56f3da50248f167d15cc1d03a03) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 2010/09/15 09:38:05.0343 smwdm (b09f23bf6e451b7a492b4a3d5eacfb24) C:\WINDOWS\system32\drivers\smwdm.sys 2010/09/15 09:38:05.0625 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/09/15 09:38:05.0906 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/15 09:38:06.0406 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/15 09:38:06.0734 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/15 09:38:07.0312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/09/15 09:38:07.0593 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/15 09:38:08.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/15 09:38:08.0484 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/09/15 09:38:08.0734 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/09/15 09:38:09.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/09/15 09:38:09.0453 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/09/15 09:38:10.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/15 09:38:10.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/15 09:38:10.0718 TcUsb (63e7729e6ebc6f136f648d293b2ffaac) C:\WINDOWS\system32\Drivers\tcusb.sys 2010/09/15 09:38:11.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/15 09:38:11.0515 TDSMAPI (e9512ac82fff83808549267078b38fe5) C:\WINDOWS\system32\drivers\TDSMAPI.SYS 2010/09/15 09:38:12.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/15 09:38:12.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/15 09:38:12.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/09/15 09:38:13.0250 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys 2010/09/15 09:38:13.0546 TPDiskPM (1b4978f20dd8da3e51e3f8da85c59904) C:\WINDOWS\system32\drivers\TPDiskPM.sys 2010/09/15 09:38:14.0078 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys 2010/09/15 09:38:14.0406 TPInput (f17762cced1fef672b376fb302d356b2) C:\WINDOWS\system32\DRIVERS\TPInput.sys 2010/09/15 09:38:14.0718 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys 2010/09/15 09:38:15.0218 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS 2010/09/15 09:38:15.0562 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys 2010/09/15 09:38:15.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/15 09:38:16.0375 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/09/15 09:38:16.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/15 09:38:16.0984 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/09/15 09:38:17.0281 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/15 09:38:17.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/15 09:38:18.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/15 09:38:18.0406 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/09/15 09:38:18.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/15 09:38:19.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/15 09:38:19.0515 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/15 09:38:20.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/15 09:38:20.0312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/15 09:38:20.0625 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/09/15 09:38:20.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/09/15 09:38:21.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/15 09:38:22.0515 w29n51 (39ac581f5b57e3074e3e5cdab9e7dff1) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2010/09/15 09:38:23.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/15 09:38:23.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/15 09:38:24.0437 winachsf (c3d9c524cd25e19d212cacbfb925ee1f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/09/15 09:38:24.0875 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/15 09:38:25.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/15 09:38:25.0328 ================================================================================ 2010/09/15 09:38:25.0328 Scan finished 2010/09/15 09:38:25.0328 ================================================================================
  5. Hello. When I search for something using google, about 50% of the time, the first time I click on a link, it is redirected to an advertising site. This has been happening since I was infected with the "Antivir Solution Pro" on Saturday (9/11/2010). I was able to use Malwarebytes to get rid of that virus, but this redirecting problem is still happening. I noticed that my proxy settings in Internet Explorer were changed at this time as well (I use firefox). I have updated/scanned using mbam and nothing was detected. I was unable to install Avira Antivirus. I used DeFogger successfully to disable my CD Emulation drivers. I then downloaded and ran DDS (with DDS.txt copied into this post, and Attach.txt attached). Finally, I downloaded GMER but it crashed my computer when I tried to use it to scan. Any help you can provide would be most appreciated. Thanks so much. DDS (Ver_10-03-17.01) - NTFSx86 Run by ___ at 20:03:43.54 on Tue 09/14/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.526 [GMT -7:00] ============== Running Processes =============== C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\java.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Medialink\MWN-USB150N\UI.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\MATLAB\R2007b\bin\win32\MATLAB.exe C:\Documents and Settings\Lissa MacVean\My Documents\downloads\dds\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:6092 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart uRun: [amsg] c:\program files\thinkvantage\amsg\Amsg.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [TrackPointSrv] tp4serv.exe mRun: [TpShocks] TpShocks.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe mRun: [TP4EX] tp4ex.exe mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe" mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [amsg] c:\program files\thinkvantage\amsg\Amsg.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Medialink Utilty] c:\program files\medialink\mwn-usb150n\UI.exe -s mRun: [<NO NAME>] mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\" mRun: [Hlicehizaji] rundll32.exe "c:\windows\apaqiqam.dll",Startup mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: igfxcui - igfxsrvc.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll Notify: QConGina - QConGina.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = csspwntfy scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\lissam~1\applic~1\mozilla\firefox\profiles\ab2ub1iv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\documents and settings\lissa macvean\application data\mozilla\firefox\profiles\ab2ub1iv.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll FF - component: c:\documents and settings\lissa macvean\application data\mozilla\firefox\profiles\ab2ub1iv.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll FF - plugin: c:\documents and settings\lissa macvean\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {EF8BC3DA-2AE1-414B-A97C-56DD3E611446} - c:\documents and settings\lissa macvean\local settings\application data\{EF8BC3DA-2AE1-414B-A97C-56DD3E611446} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-1-12 14720] R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [2003-9-29 62359] R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-6-26 204800] R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-6-28 46142] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968] R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328] R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [2004-6-23 10653] R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-1-12 6400] S2 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;"c:\osgeo4w\apache\bin\httpd.exe" -k runservice --> c:\osgeo4w\apache\bin\httpd.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104] S3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [2003-9-29 4538] S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [2003-9-29 5493] S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [2003-9-29 19670] S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [2003-9-29 111180] S3 lsusb;lsusb;c:\windows\system32\drivers\lsusb.sys [2008-1-29 165452] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-1-12 12288] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-7-11 709248] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 13840] =============== Created Last 30 ================ 2010-09-15 03:01:56 0 ----a-w- c:\documents and settings\lissa macvean\defogger_reenable 2010-09-13 03:54:00 0 d-----w- c:\docume~1\lissam~1\applic~1\Abine 2010-09-11 16:58:08 120 ----a-w- c:\windows\Pmegozabocu.dat 2010-09-11 16:58:08 0 ----a-w- c:\windows\Pwelo.bin 2010-09-10 01:15:36 4260 ----a-w- c:\documents and settings\lissa macvean\.recently-used.xbel 2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe ==================== Find3M ==================== 2010-09-12 07:00:00 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-04 23:44:56 172892 ----a-w- c:\windows\hppins13.dat 2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll 2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys 2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys 2010-06-18 17:45:17 293376 ----a-w- c:\windows\system32\winsrv.dll 2010-06-18 17:45:17 293376 ------w- c:\windows\system32\dllcache\winsrv.dll 2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe 2010-06-17 15:11:25 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2008-08-25 20:38:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat ============= FINISH: 20:04:21.06 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.