Author Topic: VistaAntispyware 2012 ??? (Read 30069 times)

MtlHab39 · « **Reply #30 on:** February 10, 2012, 08:47:28 PM »

Here is Combofix

ComboFix 12-02-05.02 - Costa 2012-02-10 22:18:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2013.1159 [GMT -5:00]
Running from: e:\combofix\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\1199\5FCB.tmp
c:\program files\LP\1199\71A6.tmp
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!drivers!tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 03:23 . 2012-02-11 03:27   --------   d-----w-   c:\users\Costa\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-02-11 03:23 . 2012-02-11 03:23   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-02 00:50 . 2012-02-02 00:50   --------   d-----w-   c:\windows\Sun
2012-02-02 00:16 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2012-02-02 00:16 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
2012-02-02 00:16 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
2012-02-02 00:16 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
2012-02-02 00:16 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
2012-01-28 13:34 . 2012-02-02 03:58   --------   d-----w-   c:\program files\0A1FD
2012-01-27 01:56 . 2012-02-02 03:57   --------   d-----w-   c:\users\Costa\AppData\Roaming\Xiypyc
2012-01-27 01:56 . 2012-01-27 02:22   --------   d-----w-   c:\users\Costa\AppData\Roaming\Bavu
2012-01-27 01:52 . 2012-02-02 03:57   --------   d-----w-   c:\users\Costa\AppData\Roaming\0A1FD
2012-01-27 01:52 . 2012-01-27 01:52   98816   ----a-w-   c:\users\Costa\AppData\Roaming\Microsoft\1199\E85F.tmp
2012-01-27 01:52 . 2012-02-02 03:58   --------   d-----w-   c:\users\Costa\AppData\Roaming\9EB0A
2012-01-27 01:51 . 2012-01-27 01:51   --------   d-----w-   c:\users\Costa\AppData\Local\SanctionedMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 01:52 . 2011-05-15 22:20   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-06 04:19 . 2012-01-24 13:39   6557240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B9286A-88E7-4DE5-8347-EE27386AE36B}\mpengine.dll
2011-12-10 20:24 . 2011-03-06 06:55   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 18:55   376320   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 00:10   2043904   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 18:55   1205064   ----a-w-   c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:54   66560   ----a-w-   c:\windows\system32\packager.dll
2011-11-16 16:23 . 2012-02-02 00:16   377344   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-15 19:29 . 2010-04-11 01:40   222080   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26   3908192   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-11-09 23:38   2331672   ----a-w-   c:\program files\Softonic_English\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-10-26 632096]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-10-26 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-21 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-21 165152]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Brother BPRSP.lnk - c:\windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe [2011-5-9 40960]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16   421160   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53   460872   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02   435672   ----a-w-   c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 20:29   2221352   ----a-w-   c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-12-05 12:34   247728   ----a-w-   c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 04:06]
.
2011-12-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{1DEDB864-CDE5-46C2-A040-FFC9FFB7A4EB}.job
- c:\windows\system32\msfeedssync.exe [2011-04-30 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:52162
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Costa\AppData\Roaming\Mozilla\Firefox\Profiles\gyi7i6zf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52162
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Costa\AppData\Roaming\Apple Computer\Logs\asl.202113_06Feb12.log 6094 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="NADA"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"=hex:51,66,7a,6c,4c,1d,38,12,6e,11,1c,
97,c3,bb,1e,0d,c5,d0,a1,73,e9,d0,34,37
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}"=hex:51,66,7a,6c,4c,1d,38,12,28,66,44,
75,7f,7b,a7,04,d5,fe,72,b2,e9,7c,fb,19
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,38,12,84,37,34,
43,18,6a,45,07,d2,ee,c0,91,e1,d2,8c,31
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,38,12,75,3e,1c,
2e,3b,47,9a,0a,cd,64,23,dc,cb,3e,10,f3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}"=hex:51,66,7a,6c,4c,1d,38,12,24,e7,33,
cd,4a,31,0a,0b,c2,c1,e6,30,23,b9,ba,a3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,6f,40,f8,41,e1,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4048)
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\PC Tools Security\BDT\BDTUpdateService.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\brother\BPRSP\resources\BrSupSsp.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Browny02\BrYNSvc.exe
c:\windows\System32\GfxUI.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
.
**************************************************************************
.
Completion time: 2012-02-10 22:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 03:34
ComboFix2.txt 2011-03-09 05:13
.
Pre-Run: 84,261,441,536 bytes free
Post-Run: 84,641,824,768 bytes free
.
- - End Of File - - 1B5F5CCAA2783E66C98331DEBD658322

MtlHab39 · « **Reply #31 on:** February 10, 2012, 08:52:14 PM »

Noticed I am still missing much of the Killer file; attached where it previously left off on post

16:50:45.0110 5636   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:50:45.0110 5636   IPNAT - ok
16:50:45.0578 5636   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:50:45.0578 5636   IRENUM - ok
16:50:46.0233 5636   isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:50:46.0249 5636   isapnp - ok
16:50:46.0701 5636   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:50:46.0717 5636   iScsiPrt - ok
16:50:47.0216 5636   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:50:47.0216 5636   iteatapi - ok
16:50:47.0715 5636   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:50:47.0715 5636   iteraid - ok
16:50:48.0137 5636   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:48.0137 5636   kbdclass - ok
16:50:48.0573 5636   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:48.0573 5636   kbdhid - ok
16:50:49.0104 5636   KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:50:49.0104 5636   KSecDD - ok
16:50:49.0650 5636   lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
16:50:49.0650 5636   lenovo.smi - ok
16:50:50.0009 5636   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:50.0009 5636   lltdio - ok
16:50:50.0695 5636   LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:50:50.0695 5636   LSI_FC - ok
16:50:51.0194 5636   LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:50:51.0194 5636   LSI_SAS - ok
16:50:51.0990 5636   LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:50:51.0990 5636   LSI_SCSI - ok
16:50:52.0723 5636   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:50:52.0723 5636   luafv - ok
16:50:53.0300 5636   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:50:53.0300 5636   mdmxsdk - ok
16:50:53.0768 5636   megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:50:53.0784 5636   megasas - ok
16:50:54.0704 5636   MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:50:54.0704 5636   MegaSR - ok
16:50:55.0297 5636   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:50:55.0313 5636   Modem - ok
16:50:55.0859 5636   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:50:55.0859 5636   monitor - ok
16:50:56.0280 5636   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:56.0280 5636   mouclass - ok
16:50:56.0826 5636   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:56.0841 5636   mouhid - ok
16:50:57.0403 5636   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:50:57.0403 5636   MountMgr - ok
16:50:57.0855 5636   mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:50:57.0871 5636   mpio - ok
16:50:58.0292 5636   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:50:58.0292 5636   mpsdrv - ok
16:50:58.0885 5636   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:50:58.0885 5636   Mraid35x - ok
16:50:59.0478 5636   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:50:59.0478 5636   MRxDAV - ok
16:50:59.0946 5636   mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:59.0946 5636   mrxsmb - ok
16:51:00.0383 5636   mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:00.0398 5636   mrxsmb10 - ok
16:51:00.0960 5636   mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:00.0960 5636   mrxsmb20 - ok
16:51:01.0365 5636   msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:51:01.0365 5636   msahci - ok
16:51:02.0067 5636   msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:51:02.0067 5636   msdsm - ok
16:51:02.0520 5636   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:51:02.0520 5636   Msfs - ok
16:51:02.0957 5636   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:51:02.0957 5636   msisadrv - ok
16:51:03.0456 5636   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:51:03.0456 5636   MSKSSRV - ok
16:51:04.0111 5636   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:04.0111 5636   MSPCLOCK - ok
16:51:04.0641 5636   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:51:04.0641 5636   MSPQM - ok
16:51:05.0094 5636   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:51:05.0094 5636   MsRPC - ok
16:51:05.0562 5636   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:51:05.0562 5636   mssmbios - ok
16:51:06.0123 5636   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:51:06.0123 5636   MSTEE - ok
16:51:06.0560 5636   MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\A0101V32.sys
16:51:06.0560 5636   MTsensor - ok
16:51:07.0091 5636   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:51:07.0091 5636   Mup - ok
16:51:07.0527 5636   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:51:07.0543 5636   NativeWifiP - ok
16:51:08.0027 5636   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:51:08.0027 5636   NDIS - ok
16:51:08.0619 5636   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:08.0619 5636   NdisTapi - ok
16:51:09.0119 5636   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:09.0119 5636   Ndisuio - ok
16:51:09.0524 5636   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:09.0524 5636   NdisWan - ok
16:51:09.0977 5636   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:51:09.0977 5636   NDProxy - ok
16:51:10.0460 5636   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:51:10.0460 5636   NetBIOS - ok
16:51:10.0991 5636   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:51:10.0991 5636   netbt - ok
16:51:11.0474 5636   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:51:11.0474 5636   nfrd960 - ok
16:51:12.0067 5636   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:51:12.0067 5636   Npfs - ok
16:51:12.0722 5636   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:51:12.0722 5636   nsiproxy - ok
16:51:13.0143 5636   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:51:13.0159 5636   Ntfs - ok
16:51:13.0674 5636   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:51:13.0674 5636   ntrigdigi - ok
16:51:14.0220 5636   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:51:14.0220 5636   Null - ok
16:51:14.0828 5636   nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:51:14.0828 5636   nvraid - ok
16:51:15.0390 5636   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:51:15.0390 5636   nvstor - ok
16:51:15.0920 5636   nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:51:15.0936 5636   nv_agp - ok
16:51:16.0513 5636   NwlnkFlt - ok
16:51:16.0997 5636   NwlnkFwd - ok
16:51:17.0480 5636   ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:51:17.0496 5636   ohci1394 - ok
16:51:18.0198 5636   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:51:18.0198 5636   Parport - ok
16:51:18.0635 5636   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:51:18.0635 5636   partmgr - ok
16:51:19.0165 5636   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:51:19.0165 5636   Parvdm - ok
16:51:19.0649 5636   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:51:19.0649 5636   pci - ok
16:51:20.0351 5636   pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:51:20.0351 5636   pciide - ok
16:51:20.0834 5636   pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:20.0834 5636   pcmcia - ok
16:51:21.0443 5636   PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
16:51:21.0443 5636   PCTCore - ok
16:51:21.0973 5636   pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
16:51:21.0973 5636   pctDS - ok
16:51:22.0519 5636   pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
16:51:22.0535 5636   pctEFA - ok
16:51:23.0096 5636   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:51:23.0112 5636   PEAUTH - ok
16:51:23.0705 5636   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:51:23.0705 5636   PptpMiniport - ok
16:51:24.0219 5636   Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:51:24.0219 5636   Processor - ok
16:51:24.0797 5636   psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
16:51:24.0812 5636   psadd - ok
16:51:25.0483 5636   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:51:25.0483 5636   PSched - ok
16:51:25.0904 5636   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
16:51:25.0904 5636   PxHelp20 - ok
16:51:26.0528 5636   ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:51:26.0544 5636   ql2300 - ok
16:51:27.0137 5636   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:51:27.0137 5636   ql40xx - ok
16:51:27.0636 5636   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:51:27.0636 5636   QWAVEdrv - ok
16:51:28.0073 5636   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:51:28.0073 5636   RasAcd - ok
16:51:28.0619 5636   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:28.0619 5636   Rasl2tp - ok
16:51:29.0133 5636   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:29.0149 5636   RasPppoe - ok
16:51:29.0648 5636   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:51:29.0648 5636   RasSstp - ok
16:51:30.0179 5636   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:51:30.0179 5636   rdbss - ok
16:51:30.0709 5636   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:30.0709 5636   RDPCDD - ok
16:51:31.0271 5636   rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:51:31.0271 5636   rdpdr - ok
16:51:31.0832 5636   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:51:31.0832 5636   RDPENCDD - ok
16:51:32.0363 5636   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:51:32.0363 5636   RDPWD - ok
16:51:32.0893 5636   rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:51:32.0893 5636   rimmptsk - ok
16:51:33.0392 5636   rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:51:33.0392 5636   rimsptsk - ok
16:51:33.0923 5636   rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:51:33.0923 5636   rismxdp - ok
16:51:34.0469 5636   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:51:34.0469 5636   rspndr - ok
16:51:35.0077 5636   RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
16:51:35.0077 5636   RTL8169 - ok
16:51:35.0249 5636   SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:51:35.0264 5636   SASDIFSV - ok
16:51:35.0280 5636   SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:51:35.0280 5636   SASKUTIL - ok
16:51:35.0732 5636   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:51:35.0732 5636   sbp2port - ok
16:51:36.0341 5636   sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:51:36.0341 5636   sdbus - ok
16:51:36.0809 5636   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:51:36.0809 5636   secdrv - ok
16:51:37.0448 5636   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:51:37.0448 5636   Serenum - ok
16:51:38.0228 5636   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:51:38.0228 5636   Serial - ok
16:51:38.0837 5636   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:51:38.0837 5636   sermouse - ok
16:51:39.0273 5636   sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:51:39.0273 5636   sffdisk - ok
16:51:39.0757 5636   sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:51:39.0757 5636   sffp_mmc - ok
16:51:40.0225 5636   sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:51:40.0225 5636   sffp_sd - ok
16:51:40.0740 5636   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:51:40.0740 5636   sfloppy - ok
16:51:41.0255 5636   Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
16:51:41.0255 5636   Shockprf - ok
16:51:41.0613 5636   sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:51:41.0613 5636   sisagp - ok
16:51:42.0050 5636   SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:51:42.0050 5636   SiSRaid2 - ok
16:51:42.0549 5636   SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:51:42.0549 5636   SiSRaid4 - ok
16:51:43.0049 5636   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:51:43.0049 5636   Smb - ok
16:51:43.0548 5636   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:51:43.0548 5636   spldr - ok
16:51:44.0063 5636   srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:51:44.0063 5636   srv - ok
16:51:44.0437 5636   srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:51:44.0453 5636   srv2 - ok
16:51:44.0827 5636   srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:51:44.0827 5636   srvnet - ok
16:51:45.0248 5636   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:51:45.0248 5636   swenum - ok
16:51:45.0654 5636   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:51:45.0654 5636   Symc8xx - ok
16:51:46.0200 5636   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:51:46.0200 5636   Sym_hi - ok
16:51:46.0559 5636   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:51:46.0559 5636   Sym_u3 - ok
16:51:47.0073 5636   SynTP (f92350e343b056a83093bc0d8f750f05) C:\Windows\system32\DRIVERS\SynTP.sys
16:51:47.0073 5636   SynTP - ok
16:51:47.0682 5636   Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:51:47.0682 5636   Tcpip - ok
16:51:48.0134 5636   Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:51:48.0150 5636   Tcpip6 - ok
16:51:48.0587 5636   tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:51:48.0587 5636   tcpipreg - ok
16:51:48.0977 5636   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:51:48.0992 5636   TDPIPE - ok
16:51:49.0491 5636   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:51:49.0491 5636   TDTCP - ok
16:51:49.0944 5636   tdx - ok
16:51:50.0271 5636   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:51:50.0271 5636   TermDD - ok
16:51:50.0849 5636   TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
16:51:50.0849 5636   TPDIGIMN - ok
16:51:51.0176 5636   TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
16:51:51.0176 5636   TPM - ok
16:51:51.0535 5636   TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
16:51:51.0535 5636   TPPWRIF - ok
16:51:51.0987 5636   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:51.0987 5636   tssecsrv - ok
16:51:52.0393 5636   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:51:52.0393 5636   tunmp - ok
16:51:52.0783 5636   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:51:52.0783 5636   tunnel - ok
16:51:53.0189 5636   tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
16:51:53.0189 5636   tvtfilter - ok
16:51:53.0610 5636   tvtumon (fc4d5a1ea9d736907cb547085248199f) C:\Windows\system32\DRIVERS\tvtumon.sys
16:51:53.0610 5636   tvtumon - ok
16:51:54.0140 5636   uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:51:54.0140 5636   uagp35 - ok
16:51:54.0717 5636   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:51:54.0717 5636   udfs - ok
16:51:55.0185 5636   uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:51:55.0185 5636   uliagpkx - ok
16:51:55.0981 5636   uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:51:55.0981 5636   uliahci - ok
16:51:56.0418 5636   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:51:56.0418 5636   UlSata - ok
16:51:56.0917 5636   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:51:56.0917 5636   ulsata2 - ok
16:51:57.0369 5636   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:51:57.0369 5636   umbus - ok
16:51:57.0947 5636   USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:51:57.0947 5636   USBAAPL - ok
16:51:58.0571 5636   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:58.0571 5636   usbccgp - ok
16:51:59.0039 5636   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:51:59.0039 5636   usbcir - ok
16:51:59.0553 5636   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:51:59.0553 5636   usbehci - ok
16:52:00.0193 5636   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:00.0193 5636   usbhub - ok
16:52:00.0895 5636   usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:52:00.0911 5636   usbohci - ok
16:52:01.0332 5636   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:01.0332 5636   usbprint - ok
16:52:01.0878 5636   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:52:01.0878 5636   usbscan - ok
16:52:02.0549 5636   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:02.0549 5636   USBSTOR - ok
16:52:03.0126 5636   usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:03.0173 5636   usbuhci - ok
16:52:03.0719 5636   usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:52:03.0719 5636   usbvideo - ok
16:52:04.0374 5636   vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:04.0452 5636   vga - ok
16:52:05.0123 5636   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:52:05.0123 5636   VgaSave - ok
16:52:05.0825 5636   viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:52:05.0825 5636   viaagp - ok
16:52:06.0293 5636   ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:52:06.0293 5636   ViaC7 - ok
16:52:06.0979 5636   viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:52:06.0979 5636   viaide - ok
16:52:07.0681 5636   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:52:07.0681 5636   volmgr - ok
16:52:08.0274 5636   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:52:08.0274 5636   volmgrx - ok
16:52:08.0898 5636   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:52:08.0898 5636   volsnap - ok
16:52:09.0428 5636   vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:52:09.0428 5636   vsmraid - ok
16:52:09.0974 5636   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:52:09.0990 5636   WacomPen - ok
16:52:10.0442 5636   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0442 5636   Wanarp - ok
16:52:10.0505 5636   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:10.0505 5636   Wanarpv6 - ok
16:52:11.0004 5636   Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:52:11.0004 5636   Wd - ok
16:52:11.0503 5636   Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:52:11.0519 5636   Wdf01000 - ok
16:52:12.0174 5636   WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:52:12.0174 5636   WimFltr - ok
16:52:12.0954 5636   winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:52:12.0969 5636   winachsf - ok
16:52:13.0593 5636   WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:13.0593 5636   WmiAcpi - ok
16:52:14.0233 5636   WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:52:14.0233 5636   WpdUsb - ok
16:52:14.0888 5636   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:14.0888 5636   ws2ifsl - ok
16:52:15.0356 5636   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:15.0356 5636   WUDFRd - ok
16:52:15.0980 5636   XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:52:15.0980 5636   XAudio - ok
16:52:16.0074 5636   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:52:16.0152 5636   \Device\Harddisk0\DR0 - ok
16:52:16.0152 5636   MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:52:16.0167 5636   \Device\Harddisk1\DR1 - ok
16:52:16.0167 5636   Boot (0x1200) (db22cc3cf933e4bbdc879e17b323bf87) \Device\Harddisk0\DR0\Partition0
16:52:16.0167 5636   \Device\Harddisk0\DR0\Partition0 - ok
16:52:16.0214 5636   Boot (0x1200) (2e8e2d73dfe7b63ffe913ceae517bade) \Device\Harddisk0\DR0\Partition1
16:52:16.0245 5636   \Device\Harddisk0\DR0\Partition1 - ok
16:52:16.0277 5636   Boot (0x1200) (01aec9517935ec23d2e9c0dd7359e4ed) \Device\Harddisk0\DR0\Partition2
16:52:16.0277 5636   \Device\Harddisk0\DR0\Partition2 - ok
16:52:16.0277 5636   Boot (0x1200) (b8f1d9319df78927e391e24460fdfb2a) \Device\Harddisk1\DR1\Partition0
16:52:16.0277 5636   \Device\Harddisk1\DR1\Partition0 - ok
16:52:16.0292 5636   ============================================================
16:52:16.0292 5636   Scan finished
16:52:16.0292 5636   ============================================================
16:52:16.0308 4768   Detected object count: 0
16:52:16.0308 4768   Actual detected object count: 0

SuperDave · « **Reply #32 on:** February 11, 2012, 11:17:00 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

MtlHab39 · « **Reply #33 on:** February 11, 2012, 11:28:55 AM »

Hi Dave
I am still unable to access online with the laptop and I have been using a USB stick back and forth ; what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?

SuperDave · « **Reply #34 on:** February 11, 2012, 01:16:54 PM »

Quote

what would be the best way to have ESET saved as a file onto stick and then opened on laptop's desktop; would I update the file while opening on the desktop or would it then subject the desktop to a scan?

That won't work. It needs a connection in order to scan your computer.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
***************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

MtlHab39 · « **Reply #35 on:** February 11, 2012, 04:01:24 PM »

MiniToolBox note

MiniToolBox by Farbar Version: 18-01-2012
Ran by Costa (administrator) on 11-02-2012 at 17:56:13
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:52162

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
11b/g Wireless LAN Mini PCI Express Adapter III = Maddiechat (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Costa-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Maddiechat:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III
Physical Address. . . . . . . . . : 00-24-2C-E4-E8-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : vaniercollege.intra
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-B3-B1-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vaniercollege.intra
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2c e4 e8 84 ...... 11b/g Wireless LAN Mini PCI Express Adapter III
10 ...00 24 8c b3 b1 19 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.vaniercollege.intra
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{47E42986-067B-4D6D-A977-3BFE22D64C3F}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 05:53:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2012 05:52:50 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/10/2012 10:49:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:48:29 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0x834, application start time 0xjusched.exe0.

Error: (02/10/2012 10:47:46 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:44:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2012 10:43:23 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:31:37 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.3.1, time stamp 0x4ccb4165, faulting module USER32.dll, version 6.0.6002.18005, time stamp 0x49e0380e, exception code 0xc0000005, fault offset 0x00015703,
process id 0xfa8, application start time 0xjusched.exe0.

Error: (02/10/2012 10:28:00 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

Error: (02/10/2012 10:26:59 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: SYSTEM)SYSTEM
Description: 0x80072af9

System errors:
=============
Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: lenovo.smi
SASDIFSV
SASKUTIL
spldr
tdx
TPPWRIF
tvtumon
Wanarpv6

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: BFE%%2

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DNS ClientNetIO Legacy TDI Support Driver%%31

Error: (02/11/2012 05:53:20 PM) (Source: Service Control Manager) (User: )
Description: DHCP ClientNetIO Legacy TDI Support Driver%%31

Error: (02/11/2012 05:53:02 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/11/2012 05:52:49 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (10/06/2010 09:10:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5531 seconds with 2280 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2012.54 MB
Available physical RAM: 1605.28 MB
Total Pagefile: 4262.32 MB
Available Pagefile: 4011.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.53 MB

========================= Partitions: =====================================

1 Drive c: (SW_Preload) (Fixed) (Total:137.82 GB) (Free:80.35 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.36 GB) FAT32
4 Drive q: (Lenovo) (Fixed) (Total:9.77 GB) (Free:4.1 GB) NTFS
5 Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.69 GB) NTFS

========================= Users: ========================================

User accounts for \\COSTA-PC

Administrator Costa Guest

**** End of log ****

Here is FarBar result

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 17:57:47
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 08:17] - [2011-04-21 08:58] - 0273408 ____A (Microsoft Corporation)

Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

MtlHab39 · « **Reply #36 on:** February 11, 2012, 04:13:46 PM »

Rescanned with farbar but checked off all choices except defender

Farbar Service Scanner Version: 10-02-2012
Ran by Costa (administrator) on 11-02-2012 at 18:11:09
Running from "E:\FarBar"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Demand. The default start type is Auto.
The ImagePath of bfe: "NADA".
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

SuperDave · « **Reply #37 on:** February 11, 2012, 05:07:45 PM »

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
tdx.sys

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

MtlHab39 · « **Reply #38 on:** February 12, 2012, 08:41:38 AM »

Here is SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 10:11 on 12/02/2012 by Costa
Administrator - Elevation successful

========== filefind ==========

Searching for "tdx.sys"
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys --a---- 71680 bytes [02:34 21/01/2008] [02:34 21/01/2008] D09276B1FAB033CE1D40DCBDF303D10F

-= EOF =-

SuperDave · « **Reply #39 on:** February 12, 2012, 11:03:33 AM »

Do you have your Windows OS disk or can you borrow one? It must be Vista™ Home Basic.

MtlHab39 · « **Reply #40 on:** February 12, 2012, 11:30:26 AM »

Would it have been included with the Lenovo?

MtlHab39 · « **Reply #41 on:** February 12, 2012, 11:33:19 AM »

Is it called Windows Live Installer?

SuperDave · « **Reply #42 on:** February 12, 2012, 06:51:41 PM »

Quote

Would it have been included with the Lenovo?

I'm not sure what Lenovo's policy is regarding OS disks. If it's like most Vista installations there should be a Recovery Console on the computer. In your case, it looks like there might be one on the Q drive. You can verify this by clicking on Windows Explorer and clicking on My Computer of Computer. There you should see the C drive and all the other drives. One should be named Recovery Console. In your case it should be the Q drive.

Run the Vista Recovery Console.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows Vista reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.

MtlHab39 · « **Reply #43 on:** February 14, 2012, 03:16:16 PM »

Hi Dave
Was able to access System Recovery Options window

Asks me to choose a recovery tool; operating system Microsoft Windows Vista on (D:) SW_Preload

choices are

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Lenovo Product Recovery

Which one do I access?

SuperDave · « **Reply #44 on:** February 14, 2012, 04:23:38 PM »

Let's start out with Startup Repair.

Computer Hope Forum

News:

Author Topic: VistaAntispyware 2012 ??? (Read 30069 times)

MtlHab39

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???

MtlHab39

Re: VistaAntispyware 2012 ???

SuperDave

Re: VistaAntispyware 2012 ???