Jump to content

fishConservation

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Uninstalling and re-installing MSE has fixed the issue. Thank you so much for all of your time and help! This is a tremendous service.
  2. MSE acts as if it cannot access the internet (and is the only program to act in this manner). The new Combofix log is below. I truly appreciate your continued efforts to help. ComboFix 11-10-13.05 - Nathan 10/13/2011 18:39:38.4.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1161 [GMT -5:00] Running from: c:\users\Nathan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 ))))))))))))))))))))))))))))))) . . 2011-10-13 23:50 . 2011-10-13 23:50 -------- d-----w- c:\users\Nathan\AppData\Local\temp 2011-10-13 23:50 . 2011-10-13 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-13 23:05 . 2011-10-13 23:05 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C78840-2BF5-4ACC-9C26-DCF0DA3DDA95}\MpKslbdb41c2d.sys 2011-10-13 23:05 . 2011-10-13 23:05 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C78840-2BF5-4ACC-9C26-DCF0DA3DDA95}\offreg.dll 2011-10-13 00:07 . 2010-11-30 16:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-10-13 00:07 . 2011-10-04 22:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB3E5B78-6D4D-4DC9-872B-CF0493EA24C8}\gapaengine.dll 2011-10-13 00:05 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C78840-2BF5-4ACC-9C26-DCF0DA3DDA95}\mpengine.dll 2011-10-13 00:02 . 2011-10-13 00:02 -------- d-----w- c:\users\Default\AppData\Local\Trusteer 2011-10-08 17:37 . 2011-10-08 17:37 -------- d-----w- c:\users\Nathan\DoctorWeb 2011-10-01 15:10 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-30 12:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16 . 2011-09-29 20:52 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56 . 2011-09-28 00:57 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6428307D-2137-41B6-BA3D-0767A2EF079B}\mpengine.dll 2011-09-26 23:44 . 2011-09-30 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11 . 2011-09-26 05:12 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-26 00:00 . 2011-09-26 00:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-09-13 23:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-29 20:17 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37 . 2011-08-21 12:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-23 11:04 . 2011-08-10 02:28 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-08-10 02:28 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59 . 2011-08-10 02:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59 . 2011-08-10 02:28 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:59 . 2011-08-10 02:28 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:03 . 2011-08-10 02:28 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27 . 2011-08-10 02:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25 . 2011-08-10 02:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-11 03:23 . 2011-05-08 14:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936] "TpShocks"="TpShocks.exe" [2008-06-07 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-16 435488] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-16 177440] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-6 50688] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-10 6144] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKsl5819222c;MpKsl5819222c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{287047AE-D028-4FE2-9671-6D1500B005F5}\MpKsl5819222c.sys [x] R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-15 1120752] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-09-26 56336] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S1 MpKslbdb41c2d;MpKslbdb41c2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92C78840-2BF5-4ACC-9C26-DCF0DA3DDA95}\MpKslbdb41c2d.sys [2011-10-13 28752] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-07 216912] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-09-26 70416] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-09-26 161936] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 589824] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-14 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-09-25 919352] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592] S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280] S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLBDB41C2D . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54] . 2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\huo5uhcn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-13 18:50 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-10-13 18:52:30 ComboFix-quarantined-files.txt 2011-10-13 23:52 ComboFix2.txt 2011-10-08 17:30 ComboFix3.txt 2011-10-08 00:45 ComboFix4.txt 2011-10-06 00:07 . Pre-Run: 14,427,942,912 bytes free Post-Run: 14,288,027,648 bytes free . - - End Of File - - 591F046996F6CD7EEFE2BE47694C2332
  3. So far, so good! The only issues I am noticing (and not sure if they are related to my previous infection or not) are that my Microsoft Security Essentials is failing to update, and that a new file (rk-proxy.reg) is seen on my desktop (and I don't remember it being there prior to this issue). MBAM found nothing on the quick scan, and the log is posted below. Again, I am having no issues with normal computer use. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7932 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 10/12/2011 7:17:20 PM mbam-log-2011-10-12 (19-17-20).txt Scan type: Quick scan Objects scanned: 187795 Time elapsed: 9 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. The new ComboFix report is given below. The Dr. Cureit program took several hours to run, but did not find any viruses (and therefore would not let me save a report). I have not noticed any new issues with the computer, although FireFox has acted a bit strange (it keeps forgetting that it is the default browser), and there is a file on the desktop that I have not noticed before (rk-proxy.reg). Thank you again for your time, and I will continue to follow your instructions. ComboFix 11-10-06.04 - Nathan 10/08/2011 12:13:36.3.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1046 [GMT -5:00] Running from: c:\users\Nathan\Desktop\ComboFix.exe Command switches used :: c:\users\Nathan\Desktop\CFscript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\hvbjwaqr.sys" "c:\windows\system32\DRIVERS\Lbd.sys" "c:\windows\system32\drivers\ombrmrdh.sys" "c:\windows\system32\drivers\vbstbtau.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_LBD -------\Service_hvbjwaqr -------\Service_Lbd -------\Service_ombrmrdh -------\Service_vbstbtau . . ((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 ))))))))))))))))))))))))))))))) . . 2011-10-08 17:26 . 2011-10-08 17:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{287047AE-D028-4FE2-9671-6D1500B005F5}\offreg.dll 2011-10-08 17:23 . 2011-10-08 17:26 -------- d-----w- c:\users\Nathan\AppData\Local\temp 2011-10-08 17:23 . 2011-10-08 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-08 00:47 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{287047AE-D028-4FE2-9671-6D1500B005F5}\mpengine.dll 2011-10-01 15:10 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-30 12:33 . 2010-11-30 16:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F6768F4-F2C4-4734-A010-515F5D051F57}\gapaengine.dll 2011-09-30 12:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16 . 2011-09-29 20:52 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56 . 2011-09-28 00:57 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6428307D-2137-41B6-BA3D-0767A2EF079B}\mpengine.dll 2011-09-26 23:44 . 2011-09-30 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11 . 2011-09-26 05:12 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-13 23:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-29 20:17 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37 . 2011-08-21 12:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00 . 2011-08-21 15:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04 . 2011-08-10 02:28 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-08-10 02:28 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59 . 2011-08-10 02:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59 . 2011-08-10 02:28 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:59 . 2011-08-10 02:28 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:03 . 2011-08-10 02:28 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27 . 2011-08-10 02:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25 . 2011-08-10 02:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25 . 2011-08-23 22:48 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-02 15:00 . 2011-05-08 14:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936] "TpShocks"="TpShocks.exe" [2008-06-07 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-16 435488] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-16 177440] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-6 50688] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-10 6144] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 MpKsl5819222c;MpKsl5819222c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{287047AE-D028-4FE2-9671-6D1500B005F5}\MpKsl5819222c.sys [x] R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-15 1120752] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-07 216912] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 589824] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-14 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592] S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280] S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54] . 2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\huo5uhcn.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-08 12:26 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4424) c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\system32\WUDFHost.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe . ************************************************************************** . Completion time: 2011-10-08 12:30:25 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-08 17:30 ComboFix2.txt 2011-10-08 00:45 ComboFix3.txt 2011-10-06 00:07 . Pre-Run: 17,749,438,464 bytes free Post-Run: 17,533,427,712 bytes free . - - End Of File - - 52A983D2CFE5C105D22A418D8BAC8057
  5. I apologize for the previous issues. I am not sure why, but on the previous use of ComboFix it stated that it was a previous edition and that's why it ran with reduced functionality. By re-downloading ComboFix, however, this issue was resolved. All Javas (I think) were uninstalled. Microsoft Security Essentials found nothing on a full scan. ComboFix was then run. It did state multiple times that a Rootkit virus was found (and once stated it was indeed a ZeroAccess variety). It rebooted the computer twice before providing a log, which is provided below. Please let me know what else can be done; thank you for all of your time (and very much for your patience). ComboFix 11-10-06.04 - Nathan 10/07/2011 19:20:11.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.861 [GMT -5:00] Running from: c:\users\Nathan\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRE7F2.tmp C:\install.exe c:\windows\$NtUninstallKB30660$ c:\windows\$NtUninstallKB30660$\1281546711 c:\windows\$NtUninstallKB30660$\4137123500\@ c:\windows\$NtUninstallKB30660$\4137123500\bckfg.tmp c:\windows\$NtUninstallKB30660$\4137123500\cfg.ini c:\windows\$NtUninstallKB30660$\4137123500\Desktop.ini c:\windows\$NtUninstallKB30660$\4137123500\keywords c:\windows\$NtUninstallKB30660$\4137123500\kwrd.dll c:\windows\$NtUninstallKB30660$\4137123500\L\ogejidap c:\windows\$NtUninstallKB30660$\4137123500\lsflt7.ver c:\windows\$NtUninstallKB30660$\4137123500\U\00000001.@ c:\windows\$NtUninstallKB30660$\4137123500\U\00000002.@ c:\windows\$NtUninstallKB30660$\4137123500\U\80000000.@ c:\windows\$NtUninstallKB30660$\4137123500\U\80000032.@ c:\windows\system32\comct332.ocx c:\windows\system32\Thumbs.db c:\windows\system32\TPAPSLOG.LOG c:\windows\system32\TPHDLOG0.LOG Q:\Autorun.inf S:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_f6977eac . . ((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 ))))))))))))))))))))))))))))))) . . 2011-10-08 00:38 . 2011-10-08 00:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C787F81E-539C-4365-83C2-CC1E84BBB881}\offreg.dll 2011-10-08 00:36 . 2011-10-08 00:41 -------- d-----w- c:\users\Nathan\AppData\Local\temp 2011-10-08 00:36 . 2011-10-08 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-07 03:32 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C787F81E-539C-4365-83C2-CC1E84BBB881}\mpengine.dll 2011-10-01 15:10 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-30 12:33 . 2010-11-30 16:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F6768F4-F2C4-4734-A010-515F5D051F57}\gapaengine.dll 2011-09-30 12:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16 . 2011-09-29 20:52 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56 . 2011-09-28 00:57 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6428307D-2137-41B6-BA3D-0767A2EF079B}\mpengine.dll 2011-09-26 23:44 . 2011-09-30 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11 . 2011-09-26 05:12 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-13 23:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-29 20:17 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37 . 2011-08-21 12:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00 . 2011-08-21 15:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04 . 2011-08-10 02:28 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-08-10 02:28 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59 . 2011-08-10 02:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59 . 2011-08-10 02:28 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:59 . 2011-08-10 02:28 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:03 . 2011-08-10 02:28 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27 . 2011-08-10 02:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25 . 2011-08-10 02:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25 . 2011-08-23 22:48 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-02 15:00 . 2011-05-08 14:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936] "TpShocks"="TpShocks.exe" [2008-06-07 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-16 435488] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-16 177440] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-6 50688] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-10 6144] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 hvbjwaqr;hvbjwaqr;c:\windows\system32\drivers\hvbjwaqr.sys [x] R1 ombrmrdh;ombrmrdh;c:\windows\system32\drivers\ombrmrdh.sys [x] R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] R1 vbstbtau;vbstbtau;c:\windows\system32\drivers\vbstbtau.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-15 1120752] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-07 216912] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 589824] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-14 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592] S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280] S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54] . 2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-07 19:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,20,68,78,4b,66,7d,46,99,e4,ff,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,20,68,78,4b,66,7d,46,99,e4,ff,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5252) c:\program files\FileZilla FTP Client\fzshellext.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\system32\WUDFHost.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe . ************************************************************************** . Completion time: 2011-10-07 19:45:10 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-08 00:45 ComboFix2.txt 2011-10-06 00:07 . Pre-Run: 14,392,684,544 bytes free Post-Run: 14,722,039,808 bytes free . - - End Of File - - E7B2C97E69C3131AD350212AD4FAD037
  6. Thank you so much for your continued help. The DDS and ComboFix text files are posted below. I did not post the "attach.txt", but let me know if you need this as well. DDS txt. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26 Run by Nathan at 20:45:16 on 2011-10-04 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.929 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Windows\system32\lxdncoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\vsnpstd3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\tsnpstd3.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{B5BDE8C5-7E39-438A-ACFA-2CB78DEDEBB7} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000011.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKslb3c1bb9e;MpKslb3c1bb9e;c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\MpKslb3c1bb9e.sys [2011-10-4 28752] R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-7 216912] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 66848] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592] R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048] R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-6-6 3881472] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-6-6 54784] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-3-27 221824] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-6-6 2381312] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280] R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-9 3715072] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-6-6 48192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-2-11 204800] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-10-05 01:30:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-05 01:26:54 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\MpKslb3c1bb9e.sys 2011-10-05 01:26:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\offreg.dll 2011-10-01 15:10:01 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-10-01 15:09:27 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\mpengine.dll 2011-09-30 12:33:50 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f6768f4-f2c4-4734-a010-515f5d051f57}\gapaengine.dll 2011-09-30 12:10:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16:58 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56:03 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\mpengine.dll 2011-09-27 02:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2011-09-27 00:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-09-26 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11:19 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-13 23:59:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-09-29 20:17:51 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 20:46:32.72 =============== Combo Fix log ComboFix 11-09-29.06 - Nathan 10/05/2011 19:02:01.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1205 [GMT -5:00] Running from: D:\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 ))))))))))))))))))))))))))))))) . . 2011-10-05 23:48 . 2011-10-05 23:48 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96C971DE-3BE4-4889-96FF-1254B987BF46}\MpKsl6659ffd5.sys 2011-10-05 23:48 . 2011-10-05 23:48 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96C971DE-3BE4-4889-96FF-1254B987BF46}\offreg.dll 2011-10-01 15:10 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-01 15:09 . 2011-09-21 14:00 7269712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96C971DE-3BE4-4889-96FF-1254B987BF46}\mpengine.dll 2011-09-30 12:33 . 2010-11-30 16:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F6768F4-F2C4-4734-A010-515F5D051F57}\gapaengine.dll 2011-09-30 12:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16 . 2011-09-29 20:52 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56 . 2011-09-28 00:57 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6428307D-2137-41B6-BA3D-0767A2EF079B}\mpengine.dll 2011-09-26 23:44 . 2011-09-30 12:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11 . 2011-09-26 05:12 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-13 23:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-29 20:17 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37 . 2011-08-21 12:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00 . 2011-08-21 15:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04 . 2011-08-10 02:28 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00 . 2011-08-10 02:28 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59 . 2011-08-10 02:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59 . 2011-08-10 02:28 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:59 . 2011-08-10 02:28 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:03 . 2011-08-10 02:28 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27 . 2011-08-10 02:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25 . 2011-08-10 02:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25 . 2011-08-23 22:48 2048 ----a-w- c:\windows\system32\tzres.dll 2011-10-02 15:00 . 2011-05-08 14:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-15 61728] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-02-11 1191936] "TpShocks"="TpShocks.exe" [2008-06-07 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 145944] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-14 644384] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-14 214576] "CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-04-13 40960] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-16 435488] "ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-16 177440] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . c:\users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-6-6 50688] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-9-10 6144] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-5-10 4456448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 hvbjwaqr;hvbjwaqr;c:\windows\system32\drivers\hvbjwaqr.sys [x] R1 ombrmrdh;ombrmrdh;c:\windows\system32\drivers\ombrmrdh.sys [x] R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192] R1 vbstbtau;vbstbtau;c:\windows\system32\drivers\vbstbtau.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-03-30 45424] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 136176] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-15 1120752] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-05-14 19496] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S1 MpKsl6659ffd5;MpKsl6659ffd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96C971DE-3BE4-4889-96FF-1254B987BF46}\MpKsl6659ffd5.sys [2011-10-05 28752] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-07 216912] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 589824] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-14 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-04-02 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-05-10 110592] S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-05-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-05-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-09-19 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-09-19 54784] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-03-27 221824] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2007-06-08 81280] S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232] S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL6659FFD5 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2534508a-1293-11e0-b3b8-806e6f6e6963}] \shell\AutoRun\command - G:\unlock.exe autoplay=true . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef0defe-63f8-11de-bde5-0022faf1f43a}] \shell\AutoRun\command - G:\LaunchU3.exe -a . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd84724-531a-11de-a90f-806e6f6e6963}] \shell\AutoRun\command - Q:\LenovoQDrive.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef2f4f57-5314-11de-a413-00247e687222}] \shell\AutoRun\command - S:\LenovoSDrive.exe . Contents of the 'Scheduled Tasks' folder . 2011-10-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 19:54] . 2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2011-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:53] . 2009-06-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . SafeBoot-76230674.sys AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Nathan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-05 19:03 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . c:\windows\$NtUninstallKB30660$:SummaryInformation 0 bytes hidden from API . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f6977eac] "ImagePath"="\systemroot\2893977590:157843795.exe" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,20,68,78,4b,66,7d,46,99,e4,ff,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,20,68,78,4b,66,7d,46,99,e4,ff,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-10-05 19:07:34 ComboFix-quarantined-files.txt 2011-10-06 00:07 . Pre-Run: 13,626,580,992 bytes free Post-Run: 14,993,387,520 bytes free . - - End Of File - - A515996FAB86386E2EE38B2D9D619415
  7. Hi, I have posted the MBAM quick scan results as well as the DDS.txt file. In addition, I have attached the "attach.txt" file from DDS. I currently don't seem to be having any issues, but I understand the severity of rootkit viruses, and am doubtful that I was able to fully clean the system on my own. Thank you again for your time, please let me know what else I can provide. Attach10_4.zip MBAM quick scan results Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7841 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 10/4/2011 8:42:18 PM mbam-log-2011-10-04 (20-42-18).txt Scan type: Quick scan Objects scanned: 189534 Time elapsed: 12 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26 Run by Nathan at 20:45:16 on 2011-10-04 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.929 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Windows\system32\lxdncoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\TpShocks.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Windows\System32\rundll32.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\vsnpstd3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\tsnpstd3.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{B5BDE8C5-7E39-438A-ACFA-2CB78DEDEBB7} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000011.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKslb3c1bb9e;MpKslb3c1bb9e;c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\MpKslb3c1bb9e.sys [2011-10-4 28752] R1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-7 216912] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 66848] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592] R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048] R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-6-6 3881472] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-6-6 54784] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-3-27 221824] R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-6-6 2381312] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280] R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-9 3715072] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-6-6 48192] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-2-11 204800] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-10-05 01:30:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-05 01:26:54 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\MpKslb3c1bb9e.sys 2011-10-05 01:26:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\offreg.dll 2011-10-01 15:10:01 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2011-10-01 15:09:27 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96c971de-3be4-4889-96ff-1254b987bf46}\mpengine.dll 2011-09-30 12:33:50 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f6768f4-f2c4-4734-a010-515f5d051f57}\gapaengine.dll 2011-09-30 12:10:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16:58 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56:03 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\mpengine.dll 2011-09-27 02:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2011-09-27 00:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-09-26 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11:19 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-13 23:59:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-09-29 20:17:51 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 20:46:32.72 ===============
  8. Hi, Thank you for your response! I did want to clarify in case it wasn't clear above. I now can run MBAM, but only after deleting a rootkit virus found by GMER Rootkit Scanner (I know now that this was unadvisable). Should I still run ComboFix? Thank you so much for all of your help.
  9. Hi, I was recently infected with OpenCloud Security, a fake malware program. Prior to finding this helpful forum, I attempted multiple techniques to remove the malware, including Microsoft Security Sweep Tool. This found a number of viruses, but even after restarting I was unable to run MalwareBytes (or any other protection program). Within seconds of opening, it would quit the scan, and I was unable to open again. This also occurred in safe mode. After using GMER Rootkit Scanner, I deleted an identified rootkit virus (again, this was prior to finding this forum that states NOT to do that). However, since doing this, I have been able to use MalwareBytes (after re-installing), which did find more viruses, which were removed successfully. Although I am able to run my anti-malware/virusware (MalwareBytes and Avira), I am getting frequent messages about viruses being found. And by reading about Rootkit viruses, I am concerned about the integrity of my system. Hopefully I have followed all the protocol for the forum correctly (My DDMS and GMER results are posted). Please let me know if there is any other information I can provide. Thank you for your time. DDS txt file . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26 Run by Nathan at 7:41:56 on 2011-09-30 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1802 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [win2119b744] c:\users\nathan\appdata\local\temp\win2119b744.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\win211~1.lnk - c:\users\nathan\appdata\local\temp\win2119b744.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{AE9638A1-0706-4AA2-A99C-34A4FB6A3D10} : DhcpNameServer = 66.78.202.254 66.78.210.254 TCP: Interfaces\{B5BDE8C5-7E39-438A-ACFA-2CB78DEDEBB7} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000011.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-3-27 221824] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280] R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-9 3715072] S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-14 344712] S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-7 216912] S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-6-6 48192] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-25 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-25 66616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-10-22 22816] S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744] S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-10-22 147984] S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-10-22 66880] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-14 69192] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592] S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-6-6 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-6-6 54784] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-6-6 2381312] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-14 91896] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-14 43192] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-14 66536] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-2-11 204800] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-09-30 12:40:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\offreg.dll 2011-09-30 12:39:59 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\offreg.dll 2011-09-30 12:33:50 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f6768f4-f2c4-4734-a010-515f5d051f57}\gapaengine.dll 2011-09-30 12:33:31 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\mpengine.dll 2011-09-30 12:10:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16:58 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56:03 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\mpengine.dll 2011-09-27 02:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2011-09-27 00:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-09-26 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11:19 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-25 21:34:09 -------- d-----w- c:\users\nathan\appdata\roaming\Avira 2011-09-25 21:32:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-09-25 21:32:55 -------- d-----w- c:\programdata\Avira 2011-09-25 21:32:55 -------- d-----w- c:\program files\Avira 2011-09-13 23:59:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-09-29 20:17:51 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . ============= FINISH: 7:43:40.73 =============== GMER txt file GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-29 21:01:02 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084 Running: dlmdi1m4.exe; Driver: C:\Users\Nathan\AppData\Local\Temp\kgriqpog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0559cba7 ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB30660$\1281546711 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\@ 2048 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\bckfg.tmp 849 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\cfg.ini 359 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\keywords 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\kwrd.dll 208896 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\L 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\L\ogejidap 54784 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\lsflt7.ver 1199 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000001.@ 2048 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000002.@ 209920 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000000.@ 1024 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000032.@ 71168 bytes ---- EOF - GMER 1.0.15 ---- I also have the "attach.txt" file from DDS; there are mixed messages on the forums about whether or not to attach this. I will leave it out until instructed to do so. Thank you again. (My apologies for posting this in the wrong forum first!)
  10. Hi, I was recently infected with OpenCloud Security, a fake malware program. Prior to finding this helpful forum, I attempted multiple techniques to remove the malware, including Microsoft Security Sweep Tool. This found a number of viruses, but even after restarting I was unable to run MalwareBytes (or any other protection program). Within seconds of opening, it would quit the scan, and I was unable to open again. This also occurred in safe mode. After using GMER Rootkit Scanner, I deleted an identified rootkit virus (again, this was prior to finding this forum that states NOT to do that). However, since doing this, I have been able to use MalwareBytes (after re-installing), which did find more viruses, which were removed successfully. Although I am able to run my anti-malware/virusware (MalwareBytes and Avira), I am getting frequent messages about viruses being found. And by reading about Rootkit viruses, I am concerned about the integrity of my system. Hopefully I have followed all the protocol for the forum correctly (My DDMS and GMER results are posted). Please let me know if there is any other information I can provide. Thank you for your time. DDS txt file . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26 Run by Nathan at 7:41:56 on 2011-09-30 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2519.1802 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com uDefault_Page_URL = hxxp://lenovo.live.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [win2119b744] c:\users\nathan\appdata\local\temp\win2119b744.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe" mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWlIcon] c:\program files\thinkpad\connectutilities\ACWlIcon.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [snpstd3] c:\windows\vsnpstd3.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\nathan\appdata\roaming\micros~1\windows\startm~1\programs\startup\win211~1.lnk - c:\users\nathan\appdata\local\temp\win2119b744.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{AE9638A1-0706-4AA2-A99C-34A4FB6A3D10} : DhcpNameServer = 66.78.202.254 66.78.210.254 TCP: Interfaces\{B5BDE8C5-7E39-438A-ACFA-2CB78DEDEBB7} : DhcpNameServer = 75.75.76.76 75.75.75.75 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli ACGina . ================= FIREFOX =================== . FF - ProfilePath - c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\huo5uhcn.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gmail.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\users\nathan\appdata\roaming\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\users\nathan\appdata\roaming\move networks\plugins\npqmp071505000011.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-3-27 221824] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-6-6 81280] R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2009-2-9 3715072] S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-14 344712] S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-8-21 53816] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480] S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\29574\RapportCerberus32_29574.sys [2011-8-7 216912] S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-8-21 66360] S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-8-21 158904] S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-6-6 48192] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-25 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-26 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-25 66616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-4-16 45424] S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-10-22 22816] S2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744] S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-10-22 147984] S2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-10-22 66880] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-14 69192] S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-6-6 66848] S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-8-21 870200] S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?] S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-4-16 62320] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-24 520192] S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-24 360448] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-6-6 2058776] S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592] S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048] S2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304] S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2009-6-6 3881472] S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-6-6 54784] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176] S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdkmd32.sys [2009-6-6 2381312] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-14 91896] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-14 43192] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-14 66536] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-9 29232] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-2-11 204800] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-15 1120752] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-09-30 12:40:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\offreg.dll 2011-09-30 12:39:59 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\offreg.dll 2011-09-30 12:33:50 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8f6768f4-f2c4-4734-a010-515f5d051f57}\gapaengine.dll 2011-09-30 12:33:31 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0815784f-d10b-46c0-9671-447ed49a176e}\mpengine.dll 2011-09-30 12:10:07 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-09-29 20:16:58 -------- d-----w- C:\TDSSKiller_Quarantine 2011-09-28 00:56:03 -------- d-----w- c:\program files\Microsoft Security Client 2011-09-28 00:55:17 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2011-09-28 00:38:43 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6428307d-2137-41b6-ba3d-0767a2ef079b}\mpengine.dll 2011-09-27 02:01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3 2011-09-27 00:40:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2 2011-09-26 23:44:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-09-26 05:11:19 -------- d-----w- c:\windows\Standalone System Sweeper 2011-09-25 21:34:09 -------- d-----w- c:\users\nathan\appdata\roaming\Avira 2011-09-25 21:32:55 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-09-25 21:32:55 -------- d-----w- c:\programdata\Avira 2011-09-25 21:32:55 -------- d-----w- c:\program files\Avira 2011-09-13 23:59:53 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-09-29 20:17:51 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2011-09-11 15:37:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-08-21 15:00:36 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec 2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll 2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys . ============= FINISH: 7:43:40.73 =============== GMER txt file GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-09-29 21:01:02 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0084 Running: dlmdi1m4.exe; Driver: C:\Users\Nathan\AppData\Local\Temp\kgriqpog.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0559cba7 ---- Files - GMER 1.0.15 ---- File C:\Windows\$NtUninstallKB30660$\1281546711 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\@ 2048 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\bckfg.tmp 849 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\cfg.ini 359 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\keywords 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\kwrd.dll 208896 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\L 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\L\ogejidap 54784 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\lsflt7.ver 1199 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U 0 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000001.@ 2048 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\00000002.@ 209920 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000000.@ 1024 bytes File C:\Windows\$NtUninstallKB30660$\4137123500\U\80000032.@ 71168 bytes ---- EOF - GMER 1.0.15 ---- I also have the "attach.txt" file from DDS; there are mixed messages on the forums about whether or not to attach this. I will leave it out until instructed to do so. Thank you again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.