1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Internet Access Blocked -- ThinkPoint and Zugo

Discussion in 'Malware and Virus Removal Archive' started by macoons, 2010/11/27.

Page 1 of 2
  1. 2010/11/27
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    [Resolved] Internet Access Blocked -- ThinkPoint and Zugo

    Firstly, thanks for all your assistance it is a great help!

    This problem is on a Lenovo Netbook. It had ThinkPoint (maybe still has) and I followed some instructions to get rid of it that apperaed to work. However, something is blocking access to the internet. Malwarbytes can perform an update, and if I use the Lenovo quickstart to the web which bypasses Windows (I think), I can get on, however once Windows is started (and the wireless is connected, IE just shows "Internet Explorer cannot display webpage ". Here are the logs and thanks again!

    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\scott\Desktop\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.
    C:\Documents and Settings\scott\Start Menu\Programs\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-27 15:07:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 WDC_WD1600BEVS-08VAT2 rev.14.01A14
    Running: c0d8juxc.exe; Driver: C:\DOCUME~1\scott\LOCALS~1\Temp\pxkyypob.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7B5EFC6 ZwCreateKey
    SSDT F7B5EFBC ZwCreateThread
    SSDT F7B5EFCB ZwDeleteKey
    SSDT F7B5EFD5 ZwDeleteValueKey
    SSDT F7B5EFDA ZwLoadKey
    SSDT F7B5EFA8 ZwOpenProcess
    SSDT F7B5EFAD ZwOpenThread
    SSDT F7B5EFE4 ZwReplaceKey
    SSDT F7B5EFDF ZwRestoreKey
    SSDT F7B5EFD0 ZwSetValueKey

    ---- Kernel code sections - GMER 1.0.15 ----

    ? plwjhkaw.sys The system cannot find the file specified. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\winlogon.exe[840] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!DialogBoxParamW] [1003695B] C:\WINDOWS\system32\PicNotify.dll

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

    ---- EOF - GMER 1.0.15 ----


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 119):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A7D000 \WINDOWS\system32\KDCOM.DLL
    0xF798D000 \WINDOWS\system32\BOOTVID.dll
    0xF757D000 plwjhkaw.sys
    0xF744E000 ACPI.sys
    0xF7A7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF743D000 pci.sys
    0xF758D000 isapnp.sys
    0xF7991000 compbatt.sys
    0xF7995000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B45000 pciide.sys
    0xF77FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF759D000 MountMgr.sys
    0xF7400000 ftdisk.sys
    0xF7999000 ACPIEC.sys
    0xF7B46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF7805000 PartMgr.sys
    0xF75AD000 VolSnap.sys
    0xF73E8000 atapi.sys
    0xF75BD000 disk.sys
    0xF75CD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF73C8000 fltMgr.sys
    0xF73B6000 sr.sys
    0xF739F000 KSecDD.sys
    0xF7312000 Ntfs.sys
    0xF72E5000 NDIS.sys
    0xF72CB000 Mup.sys
    0xF778D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A35000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6CDC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF6CC8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6CA0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6C71000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF6B1E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF789D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6AFA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78A5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7A39000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
    0xF779D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF78AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6AC3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7A8D000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF78B5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A3D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7B8D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF77AD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A41000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6A84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF77BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF77CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78BD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6A73000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF77DD000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF78C5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF78CD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF77ED000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF78D5000 \SystemRoot\system32\DRIVERS\psadd.sys
    0xF7A8F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6A50000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF69AB000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A55000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF760D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF762D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xA9608000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xA95E4000 \SystemRoot\system32\drivers\portcls.sys
    0xF763D000 \SystemRoot\system32\drivers\drmk.sys
    0xF7A25000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7A95000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7CB7000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A97000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF78F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF78FD000 \SystemRoot\System32\drivers\vga.sys
    0xF7A99000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A9B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7905000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF790D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7A2D000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9561000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA9508000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA94E0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA94BA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA9498000 \SystemRoot\System32\drivers\afd.sys
    0xF766D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF791D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA93CD000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9335000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF769D000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7925000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA930B000 \SystemRoot\System32\Drivers\RTS5121.sys
    0xF76AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA92E8000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7A9F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xA92CA000 \SystemRoot\System32\Drivers\usbvideo.sys
    0xA92B2000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7AA5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA95BC000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF793D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BA5000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA915D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA918E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA8F00000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA8E9B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA901D000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8B7F000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7B17000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
    0xA8AFF000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8276000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7845000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA7EC3000 \??\C:\DOCUME~1\scott\LOCALS~1\Temp\pxkyypob.sys
    0xA7E98000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    752 C:\WINDOWS\system32\smss.exe
    816 csrss.exe
    840 C:\WINDOWS\system32\winlogon.exe
    884 C:\WINDOWS\system32\services.exe
    896 C:\WINDOWS\system32\lsass.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1148 svchost.exe
    1188 C:\WINDOWS\system32\svchost.exe
    1308 svchost.exe
    1336 svchost.exe
    1604 C:\WINDOWS\system32\spoolsv.exe
    1680 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1752 svchost.exe
    1976 C:\WINDOWS\explorer.exe
    2044 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    328 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    348 C:\QSTART.SYS\config\DVMExportService.exe
    440 C:\Program Files\Java\jre6\bin\jqs.exe
    512 C:\WINDOWS\system32\HPZipm12.exe
    544 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    636 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    664 C:\WINDOWS\system32\svchost.exe
    112 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    1104 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    172 C:\Program Files\Lenovo\System Update\SUService.exe
    180 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    200 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    240 C:\Program Files\Lenovo\Energy Management\utility.exe
    312 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    1832 C:\WINDOWS\RTHDCPL.EXE
    632 C:\WINDOWS\system32\igfxtray.exe
    504 C:\WINDOWS\system32\hkcmd.exe
    688 C:\WINDOWS\system32\igfxpers.exe
    712 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    728 C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    740 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    700 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1248 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1404 C:\WINDOWS\system32\ctfmon.exe
    1416 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1420 C:\WINDOWS\system32\igfxsrvc.exe
    1440 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1836 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2060 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3408 alg.exe
    2940 C:\WINDOWS\system32\mshta.exe
    1364 D:\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: C06319AA0D8692AC073FE28A77B8150D893D0C0E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!



    DDS (Ver_10-11-27.01) - NTFSx86
    Run by scott at 15:14:21.07 on Sat 11/27/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.554 [GMT -8:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\QSTART.SYS\config\DVMExportService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Lenovo\Energy Management\utility.exe
    C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\System32\mshta.exe
    D:\dds.scr

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://lenovo.msn.com
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\search toolbar\tbhelper.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
    mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\scott\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    Notify: PicNotify - PicNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-27 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-27 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-27 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-27 60936]
    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [2008-11-20 307200]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-1-27 9472]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-1-27 157696]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-19 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-27 1684736]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

    =============== Created Last 30 ================

    2010-11-27 22:25:39 -------- d--h--w- C:\dvmexp
    2010-11-27 20:50:23 -------- d-----w- c:\windows\system32\NtmsData
    2010-11-27 20:48:17 -------- d-----w- c:\docume~1\scott\applic~1\Avira
    2010-11-27 20:46:54 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-27 20:46:53 -------- d-----w- c:\program files\Avira
    2010-11-27 20:46:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-11-27 00:36:15 -------- d-----w- c:\docume~1\scott\applic~1\GetRightToGo
    2010-11-20 06:49:24 -------- d-----w- c:\program files\VideoLAN
    2010-11-20 04:46:05 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-11-20 04:44:38 -------- d-----w- C:\bb81f3deaf50a5ce6fa1b630
    2010-11-20 04:44:35 -------- d-----w- c:\windows\system32\LogFiles
    2010-11-20 04:43:59 -------- d-----w- C:\4538fa9eefb5ef2007786e761e7a
    2010-11-12 04:16:03 -------- d-----w- c:\docume~1\scott\locals~1\applic~1\Threat Expert
    2010-11-12 03:38:12 -------- d-----w- c:\docume~1\scott\applic~1\Malwarebytes
    2010-11-12 03:37:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-12 03:37:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-12 03:37:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-12 03:37:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    ==================== Find3M ====================

    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 15:14:59.62 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/6/2010 3:14:31 PM
    System Uptime: 11/27/2010 2:25:02 PM (1 hours ago)

    Motherboard: Lenovo | | Kuril
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1596/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 146 GiB total, 133.074 GiB free.
    D: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP34: 9/3/2010 6:45:55 PM - System Checkpoint
    RP35: 9/5/2010 3:59:46 PM - System Checkpoint
    RP36: 9/6/2010 4:31:11 PM - System Checkpoint
    RP37: 9/18/2010 10:20:49 AM - System Checkpoint
    RP38: 9/18/2010 12:01:03 PM - Software Distribution Service 3.0
    RP39: 9/19/2010 6:14:13 PM - System Checkpoint
    RP40: 9/28/2010 1:49:51 AM - System Checkpoint
    RP41: 9/29/2010 7:40:45 PM - System Checkpoint
    RP42: 9/29/2010 8:06:58 PM - Software Distribution Service 3.0
    RP43: 10/1/2010 7:04:39 PM - System Checkpoint
    RP44: 10/3/2010 2:03:23 PM - System Checkpoint
    RP45: 10/6/2010 8:21:16 PM - Software Distribution Service 3.0
    RP46: 10/7/2010 7:02:16 PM - Software Distribution Service 3.0
    RP47: 10/8/2010 8:08:32 PM - System Checkpoint
    RP48: 10/9/2010 8:37:44 PM - System Checkpoint
    RP49: 10/12/2010 9:59:30 PM - Software Distribution Service 3.0
    RP50: 10/16/2010 7:29:14 PM - System Checkpoint
    RP51: 10/23/2010 1:51:45 PM - System Checkpoint
    RP52: 10/24/2010 5:18:02 PM - System Checkpoint
    RP53: 10/26/2010 9:41:01 AM - System Checkpoint
    RP54: 10/27/2010 8:30:43 PM - System Checkpoint
    RP55: 10/30/2010 2:48:35 PM - System Checkpoint
    RP56: 11/9/2010 2:52:37 PM - System Checkpoint
    RP57: 11/11/2010 8:58:40 AM - Software Distribution Service 3.0
    RP58: 11/19/2010 6:00:13 PM - System Checkpoint
    RP59: 11/19/2010 8:38:11 PM - Installed Windows Media Player 11
    RP60: 11/19/2010 8:43:52 PM - Software Distribution Service 3.0
    RP61: 11/21/2010 8:45:05 PM - Software Distribution Service 3.0
    RP62: 11/26/2010 6:42:23 PM - System Checkpoint

    ==== Installed Programs ======================

    2007 Microsoft Office system
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.0
    AiO_Scan
    AiOSoftware
    Avira AntiVir Personal - Free Antivirus
    Broadcom Gigabit Integrated Controller
    Broadcom WLAN
    Business Contact Manager for Outlook 2007 SP1
    Energy Management
    Fax
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 18
    Junk Mail filter update
    Lenovo Quick Start
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSXML 6.0 Parser
    OpenOffice.org 3.2
    PC-Doctor 5 for Windows
    QFolder
    Readme
    Realtek Card Reader
    Realtek High Definition Audio Driver
    Scan
    Search Toolbar
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Synaptics Pointing Device Driver
    System Update
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Word 2007 (KB974631)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VeriFace III
    VLC media player 1.1.5
    Wallpapers
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    11/27/2010 2:00:49 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:49 PM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:49 PM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:48 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:48 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:48 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:48 PM, error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 2:00:48 PM, error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
    11/27/2010 12:50:26 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library TOSHIBA TransMemory USB Device.
    11/27/2010 12:46:07 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    11/27/2010 12:46:07 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\scott\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    11/27/2010 12:46:07 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    11/26/2010 5:35:56 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    11/26/2010 5:35:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
    11/25/2010 11:04:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/25/2010 10:56:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    11/25/2010 10:56:02 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    11/25/2010 10:56:02 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/25/2010 10:56:02 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/25/2010 10:56:02 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

    ==== End Of File ===========================
     
    macoons,
    #1
  2. 2010/11/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Let's start with fixing your MBR....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/11/27
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Can I do this with a thumb drive? I am working on a netbook that does not have a CD drive?
     
    macoons,
    #3
  5. 2010/11/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let's try this instead....

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y ".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
     
    broni,
    #4
  6. 2010/11/27
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    sigh... Sorry, I don't seem to have that option. I have an F2 setup option right after boot (for about 2 or 3 seconds) that lets me change things like where it is supposed to boot from. Then I have an F11 option for about 10 seconds after that which allows me to enter Lenovo's recovery console where I can erase and reformat the hard drive and reinstall original software or customize the recovery of certain programs. None of those options seem to get me to the command prompt.
     
    macoons,
    #5
  7. 2010/11/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, let's leave it for now...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Combofix installed the recovery console so I can get to the C:\Windows> prompt

    I can also now access the internet.

    Here is the Combofix log:

    ComboFix 10-11-28.02 - scott 11/28/2010 20:35:31.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.502 [GMT -8:00]
    Running from: c:\documents and settings\scott\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Toolbar4
    c:\documents and settings\scott\Application Data\completescan
    c:\documents and settings\scott\Application Data\install
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\basis.xml
    c:\program files\Search Toolbar\bg.bmp
    c:\program files\Search Toolbar\bing_logo.png
    c:\program files\Search Toolbar\celebrity.png
    c:\program files\Search Toolbar\drop_images.png
    c:\program files\Search Toolbar\drop_maps.png
    c:\program files\Search Toolbar\drop_news.png
    c:\program files\Search Toolbar\drop_videos.png
    c:\program files\Search Toolbar\drop_web.png
    c:\program files\Search Toolbar\facebook.png
    c:\program files\Search Toolbar\favicon.png
    c:\program files\Search Toolbar\games.png
    c:\program files\Search Toolbar\hotmail.png
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\images.png
    c:\program files\Search Toolbar\include.xml
    c:\program files\Search Toolbar\info.txt
    c:\program files\Search Toolbar\lifestyle.png
    c:\program files\Search Toolbar\maps.png
    c:\program files\Search Toolbar\messenger.png
    c:\program files\Search Toolbar\msn.png
    c:\program files\Search Toolbar\news.png
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\tbcore3.dll
    c:\program files\Search Toolbar\tbhelper.dll
    c:\program files\Search Toolbar\twitter.png
    c:\program files\Search Toolbar\uninstall.exe
    c:\program files\Search Toolbar\update.exe
    c:\program files\Search Toolbar\version.txt
    c:\program files\Search Toolbar\video.png
    c:\program files\Search Toolbar\videos.png
    c:\program files\Search Toolbar\weather.png
    c:\program files\Search Toolbar\web.png
    c:\windows\system32\Thumbs.db
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
    .

    2010-11-29 04:19 . 2010-11-29 04:19 -------- d-----w- C:\dvmexp
    2010-11-27 20:50 . 2010-11-27 21:46 -------- d-----w- c:\windows\system32\NtmsData
    2010-11-27 20:48 . 2010-11-27 20:48 -------- d-----w- c:\documents and settings\scott\Application Data\Avira
    2010-11-27 20:46 . 2010-08-03 00:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-27 20:46 . 2010-08-03 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-11-27 20:46 . 2010-06-17 23:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-11-27 20:46 . 2010-06-17 23:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-11-27 20:46 . 2010-11-27 20:46 -------- d-----w- c:\program files\Avira
    2010-11-27 20:46 . 2010-11-27 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-11-27 00:36 . 2010-11-27 00:38 -------- d-----w- c:\documents and settings\scott\Application Data\GetRightToGo
    2010-11-20 06:57 . 2010-11-20 07:27 -------- d-----w- c:\documents and settings\scott\Application Data\vlc
    2010-11-20 06:49 . 2010-11-20 06:49 -------- d-----w- c:\program files\VideoLAN
    2010-11-20 04:46 . 2010-11-20 04:46 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-11-20 04:44 . 2010-11-20 04:45 -------- d-----w- C:\bb81f3deaf50a5ce6fa1b630
    2010-11-20 04:44 . 2010-11-20 04:45 -------- d-----w- c:\windows\system32\drivers\UMDF
    2010-11-20 04:44 . 2010-11-20 04:44 -------- d-----w- c:\windows\system32\LogFiles
    2010-11-20 04:43 . 2010-11-20 04:44 -------- d-----w- C:\4538fa9eefb5ef2007786e761e7a
    2010-11-12 04:16 . 2010-11-12 04:16 -------- d-----w- c:\documents and settings\scott\Local Settings\Application Data\Threat Expert
    2010-11-12 03:38 . 2010-11-12 03:38 -------- d-----w- c:\documents and settings\scott\Application Data\Malwarebytes
    2010-11-12 03:37 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-12 03:37 . 2010-11-12 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-12 03:37 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-12 03:37 . 2010-11-12 03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-12 03:16 . 2010-11-12 04:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-11-11 17:31 . 2010-11-11 17:31 -------- d-----w- c:\windows\Sun

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 19:23 . 2008-07-21 20:04 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2008-07-21 20:04 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2008-07-21 20:04 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2008-07-21 20:04 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2008-07-21 20:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2008-07-21 20:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2008-07-21 20:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2008-07-21 20:04 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2008-07-21 20:04 1852800 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
    @= "{771C7324-DA80-49D3-8017-753B0AF60951} "
    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
    2010-01-28 03:15 241752 ----a-w- c:\windows\system32\IcnOvrly.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-23 1146880]
    "EnergyUtility "= "c:\program files\Lenovo\Energy Management\utility.exe" [2008-07-10 4456448]
    "Energy Management "= "c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-08-28 1283984]
    "RTHDCPL "= "RTHDCPL.EXE" [2009-02-17 17508864]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
    "TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
    "VeriFaceManager "= "c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2010-01-28 323584]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

    c:\documents and settings\scott\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PicNotify]
    2010-01-28 03:15 1167360 ----a-w- c:\windows\system32\PicNotify.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/27/2010 12:46 PM 135336]
    R2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [11/20/2008 9:15 AM 307200]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [1/27/2010 7:06 PM 9472]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [1/27/2010 7:12 PM 157696]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 8:25 PM 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/27/2010 7:06 PM 1684736]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 04:25]

    2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyServer = http=127.0.0.1:23012
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
    WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-28 20:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(840)
    c:\windows\system32\PicNotify.dll
    c:\windows\system32\FaceVerify.dll
    c:\windows\system32\MainOp.dll
    c:\windows\system32\VideoOp.dll
    c:\windows\system32\Image.dll
    c:\windows\system32\Momo.dll
    c:\windows\system32\Apblend.dll
    c:\windows\system32\SetDev.dll
    c:\windows\system32\FunFrm.dll
    c:\windows\system32\facev.dll
    .
    Completion time: 2010-11-28 20:42:17
    ComboFix-quarantined-files.txt 2010-11-29 04:42

    Pre-Run: 142,804,414,464 bytes free
    Post-Run: 142,756,573,184 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 3BF19F5F03E6B5D151C93B58367F2E0F
     
    macoons,
    #7
  9. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
    Proceed with my reply #4 while I'm checking your Combofix log.
     
    broni,
    #8
  10. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good :)

    I want to check one ore thing....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #9
  11. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Here is the MBR log. I will work on TDS Killer next

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 117):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A7D000 \WINDOWS\system32\KDCOM.DLL
    0xF798D000 \WINDOWS\system32\BOOTVID.dll
    0xF744E000 ACPI.sys
    0xF7A7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF743D000 pci.sys
    0xF757D000 isapnp.sys
    0xF7991000 compbatt.sys
    0xF7995000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B45000 pciide.sys
    0xF77FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF741F000 pcmcia.sys
    0xF758D000 MountMgr.sys
    0xF7400000 ftdisk.sys
    0xF7999000 ACPIEC.sys
    0xF7B46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF7805000 PartMgr.sys
    0xF759D000 VolSnap.sys
    0xF73E8000 atapi.sys
    0xF75AD000 disk.sys
    0xF75BD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF73C8000 fltMgr.sys
    0xF73B6000 sr.sys
    0xF739F000 KSecDD.sys
    0xF7312000 Ntfs.sys
    0xF72E5000 NDIS.sys
    0xF72CB000 Mup.sys
    0xF77AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A39000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6CDC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF6CC8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6CA0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6C71000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF6B1E000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF78AD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6AFA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78B5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7A3D000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
    0xF77BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF78BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6AC3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7A89000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF78C5000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A41000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7B99000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF77CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A45000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6AAC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF77DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF77ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6A73000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF75DD000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF78D5000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF78DD000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF75ED000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF78E5000 \SystemRoot\system32\DRIVERS\psadd.sys
    0xF7A8B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6A50000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF69F2000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A55000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF761D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF763D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xAA2C8000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xAA2A4000 \SystemRoot\system32\drivers\portcls.sys
    0xF764D000 \SystemRoot\system32\drivers\drmk.sys
    0xF7A21000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF78FD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xAA22A000 \SystemRoot\System32\Drivers\RTS5121.sys
    0xF7A91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B74000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A93000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF790D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7915000 \SystemRoot\System32\drivers\vga.sys
    0xF7A95000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF791D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7925000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7A2D000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA1F7000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA19E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAA176000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAA150000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAA12E000 \SystemRoot\System32\drivers\afd.sys
    0xF767D000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF768D000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF792D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xAA03B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9FCB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF76BD000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA9FA8000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7A9B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xA9F8A000 \SystemRoot\System32\Drivers\usbvideo.sys
    0xA9F72000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7A9D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA288000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF793D000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C00000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9E1D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA9E4A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9BC0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA9B5B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9CD5000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA983F000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF7AF7000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
    0xA96F7000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8F5E000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF786D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    748 C:\WINDOWS\system32\smss.exe
    812 csrss.exe
    836 C:\WINDOWS\system32\winlogon.exe
    880 C:\WINDOWS\system32\services.exe
    892 C:\WINDOWS\system32\lsass.exe
    1076 C:\WINDOWS\system32\svchost.exe
    1144 svchost.exe
    1184 C:\WINDOWS\system32\svchost.exe
    1308 svchost.exe
    1332 svchost.exe
    1612 C:\WINDOWS\system32\spoolsv.exe
    1672 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1752 svchost.exe
    1964 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2024 C:\WINDOWS\explorer.exe
    156 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    176 C:\QSTART.SYS\config\DVMExportService.exe
    308 C:\Program Files\Java\jre6\bin\jqs.exe
    456 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    484 C:\WINDOWS\system32\HPZipm12.exe
    524 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    644 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    692 C:\WINDOWS\system32\svchost.exe
    732 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    796 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    1216 C:\Program Files\Lenovo\System Update\SUService.exe
    1380 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1396 C:\Program Files\Lenovo\Energy Management\utility.exe
    1400 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    1428 C:\WINDOWS\RTHDCPL.EXE
    1432 C:\WINDOWS\system32\igfxtray.exe
    1440 C:\WINDOWS\system32\hkcmd.exe
    1448 C:\WINDOWS\system32\wuauclt.exe
    1472 C:\WINDOWS\system32\igfxpers.exe
    1488 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    1496 C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    1524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1664 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    1576 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1712 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1788 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    1800 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1860 C:\WINDOWS\system32\ctfmon.exe
    1920 C:\WINDOWS\system32\igfxsrvc.exe
    2136 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2348 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3596 alg.exe
    3016 wmiprvse.exe
    2588 D:\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    macoons,
    #10
  12. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)
     
    broni,
    #11
  13. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    TDS Log:

    2010/11/28 21:17:16.0468 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
    2010/11/28 21:17:16.0468 ================================================================================
    2010/11/28 21:17:16.0468 SystemInfo:
    2010/11/28 21:17:16.0468
    2010/11/28 21:17:16.0468 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/28 21:17:16.0468 Product type: Workstation
    2010/11/28 21:17:16.0468 ComputerName: LENOVO-29F7409F
    2010/11/28 21:17:16.0468 UserName: scott
    2010/11/28 21:17:16.0468 Windows directory: C:\WINDOWS
    2010/11/28 21:17:16.0468 System windows directory: C:\WINDOWS
    2010/11/28 21:17:16.0468 Processor architecture: Intel x86
    2010/11/28 21:17:16.0468 Number of processors: 2
    2010/11/28 21:17:16.0468 Page size: 0x1000
    2010/11/28 21:17:16.0468 Boot type: Normal boot
    2010/11/28 21:17:16.0468 ================================================================================
    2010/11/28 21:17:16.0875 Initialize success
    2010/11/28 21:17:20.0484 ================================================================================
    2010/11/28 21:17:20.0484 Scan started
    2010/11/28 21:17:20.0484 Mode: Manual;
    2010/11/28 21:17:20.0484 ================================================================================
    2010/11/28 21:17:21.0578 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2010/11/28 21:17:21.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/28 21:17:21.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/11/28 21:17:22.0093 ACPIVPC (5508e9f55799c6551d54dfbc4a068b68) C:\WINDOWS\system32\DRIVERS\AcpiVpc.sys
    2010/11/28 21:17:22.0156 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/11/28 21:17:22.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/28 21:17:22.0328 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/28 21:17:22.0359 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/11/28 21:17:22.0406 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2010/11/28 21:17:22.0437 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2010/11/28 21:17:22.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/11/28 21:17:22.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/11/28 21:17:22.0578 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2010/11/28 21:17:22.0640 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2010/11/28 21:17:22.0734 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2010/11/28 21:17:22.0921 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2010/11/28 21:17:22.0953 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2010/11/28 21:17:23.0000 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2010/11/28 21:17:23.0031 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2010/11/28 21:17:23.0062 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2010/11/28 21:17:23.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/28 21:17:23.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/28 21:17:23.0234 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/28 21:17:23.0281 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/28 21:17:23.0437 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2010/11/28 21:17:23.0546 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2010/11/28 21:17:23.0593 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2010/11/28 21:17:23.0687 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/11/28 21:17:23.0796 BCM43XX (cc03987ee5d0f956706b40d2f91f9e4f) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2010/11/28 21:17:23.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/28 21:17:24.0125 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2010/11/28 21:17:24.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/28 21:17:24.0203 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/28 21:17:24.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2010/11/28 21:17:24.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/28 21:17:24.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/28 21:17:24.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/28 21:17:24.0437 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/11/28 21:17:24.0468 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2010/11/28 21:17:24.0500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/11/28 21:17:24.0546 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2010/11/28 21:17:24.0578 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2010/11/28 21:17:24.0625 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2010/11/28 21:17:24.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/28 21:17:24.0734 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/28 21:17:24.0828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/28 21:17:24.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/28 21:17:24.0921 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/28 21:17:24.0968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/11/28 21:17:25.0000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/28 21:17:25.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/28 21:17:25.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/11/28 21:17:25.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/28 21:17:25.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/11/28 21:17:25.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/28 21:17:25.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/28 21:17:25.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/28 21:17:25.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/28 21:17:25.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/28 21:17:25.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/28 21:17:25.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2010/11/28 21:17:25.0546 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/11/28 21:17:25.0578 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/11/28 21:17:25.0640 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/11/28 21:17:25.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/28 21:17:25.0781 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2010/11/28 21:17:25.0828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2010/11/28 21:17:25.0875 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/28 21:17:26.0125 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/11/28 21:17:26.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/28 21:17:26.0437 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2010/11/28 21:17:26.0671 IntcAzAudAddService (42d9da46b6d1c40daab37947d8a4490b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/11/28 21:17:26.0765 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/11/28 21:17:26.0781 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/28 21:17:26.0828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/28 21:17:26.0859 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/28 21:17:26.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/28 21:17:26.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/28 21:17:26.0984 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/28 21:17:27.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/28 21:17:27.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/28 21:17:27.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/28 21:17:27.0187 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/11/28 21:17:27.0234 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/28 21:17:27.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/28 21:17:27.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/28 21:17:27.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/28 21:17:27.0531 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2010/11/28 21:17:27.0671 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/28 21:17:27.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/28 21:17:27.0781 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/28 21:17:27.0828 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2010/11/28 21:17:27.0859 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/28 21:17:27.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/28 21:17:28.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/28 21:17:28.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/28 21:17:28.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/28 21:17:28.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/28 21:17:28.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/28 21:17:28.0234 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/28 21:17:28.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/28 21:17:28.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/28 21:17:28.0343 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/28 21:17:28.0390 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/28 21:17:28.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/28 21:17:28.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/28 21:17:28.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/28 21:17:28.0531 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/28 21:17:28.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/28 21:17:28.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/28 21:17:28.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/28 21:17:28.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/28 21:17:28.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/28 21:17:28.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/28 21:17:28.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/28 21:17:29.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/11/28 21:17:29.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/28 21:17:29.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/28 21:17:29.0109 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/28 21:17:29.0171 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/28 21:17:29.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/11/28 21:17:29.0343 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2010/11/28 21:17:29.0390 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2010/11/28 21:17:29.0484 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
    2010/11/28 21:17:29.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/28 21:17:29.0593 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
    2010/11/28 21:17:29.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/28 21:17:29.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/28 21:17:29.0703 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2010/11/28 21:17:29.0734 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2010/11/28 21:17:29.0765 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2010/11/28 21:17:29.0796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2010/11/28 21:17:29.0828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2010/11/28 21:17:29.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/28 21:17:29.0937 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/28 21:17:29.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/28 21:17:30.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/28 21:17:30.0046 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/28 21:17:30.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/28 21:17:30.0140 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/28 21:17:30.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/28 21:17:30.0265 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/28 21:17:30.0375 RSUSBSTOR (4290417463801d31b7c6d1adb0f8bb4c) C:\WINDOWS\system32\Drivers\RTS5121.sys
    2010/11/28 21:17:30.0453 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/28 21:17:30.0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/11/28 21:17:30.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/28 21:17:30.0609 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2010/11/28 21:17:30.0671 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/28 21:17:30.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2010/11/28 21:17:30.0781 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/28 21:17:30.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/28 21:17:30.0906 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/28 21:17:30.0968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2010/11/28 21:17:31.0015 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/28 21:17:31.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/28 21:17:31.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/28 21:17:31.0156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/11/28 21:17:31.0187 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/11/28 21:17:31.0218 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/11/28 21:17:31.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/11/28 21:17:31.0359 SynTP (6bd4fd6c3ee76c247ecaf484cb590b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2010/11/28 21:17:31.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/28 21:17:31.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/28 21:17:31.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/28 21:17:31.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/28 21:17:31.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/28 21:17:31.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2010/11/28 21:17:31.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/28 21:17:31.0812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2010/11/28 21:17:31.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/28 21:17:31.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/28 21:17:32.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/28 21:17:32.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/28 21:17:32.0171 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/28 21:17:32.0234 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/28 21:17:32.0250 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/28 21:17:32.0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/28 21:17:32.0359 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2010/11/28 21:17:32.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/28 21:17:32.0468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2010/11/28 21:17:32.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/11/28 21:17:32.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/28 21:17:32.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/28 21:17:32.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/28 21:17:32.0796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/11/28 21:17:32.0843 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/11/28 21:17:32.0906 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/28 21:17:32.0968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/28 21:17:33.0015 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/28 21:17:33.0359 ================================================================================
    2010/11/28 21:17:33.0359 Scan finished
    2010/11/28 21:17:33.0359 ================================================================================
     
    macoons,
    #12
  14. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
    Clean.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #13
  15. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    Running Great :)

    OTL Log is too long (155858 Characters):

    Extras Log:

    OTL Extras logfile created on: 11/28/2010 9:27:43 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\scott\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 595.00 Mb Available Physical Memory | 59.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.97 Gb Total Space | 132.96 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
    Drive D: | 1.89 Gb Total Space | 1.57 Gb Free Space | 83.32% Space Free | Partition Type: FAT

    Computer Name: LENOVO-29F7409F | User Name: scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{808E299D-B223-4B06-ACB7-68F3705D9EC6}" = Lenovo Quick Start
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
    "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
    "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "PROHYBRIDR" = 2007 Microsoft Office system
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VeriFace III" = VeriFace III
    "VLC media player" = VLC media player 1.1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2010 1:16:26 PM | Computer Name = LENOVO-29F7409F | Source = Google Update | ID = 20
    Description =

    Error - 10/9/2010 2:16:27 PM | Computer Name = LENOVO-29F7409F | Source = Google Update | ID = 20
    Description =

    Error - 10/16/2010 12:02:12 AM | Computer Name = LENOVO-29F7409F | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/17/2010 5:18:43 PM | Computer Name = LENOVO-29F7409F | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/17/2010 5:18:47 PM | Computer Name = LENOVO-29F7409F | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/11/2010 1:34:38 PM | Computer Name = LENOVO-29F7409F | Source = Application Error | ID = 1000
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 11/11/2010 1:35:09 PM | Computer Name = LENOVO-29F7409F | Source = Winlogon | ID = 1015
    Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
    status code c0000005. The machine must now be restarted.

    Error - 11/11/2010 2:18:44 PM | Computer Name = LENOVO-29F7409F | Source = Application Error | ID = 1004
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x715b9e59.

    Error - 11/26/2010 10:09:10 PM | Computer Name = LENOVO-29F7409F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 11/26/2010 10:09:36 PM | Computer Name = LENOVO-29F7409F | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    [ System Events ]
    Error - 11/27/2010 6:00:49 PM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7034
    Description = The System Update service terminated unexpectedly. It has done this
    1 time(s).

    Error - 11/27/2010 6:25:35 PM | Computer Name = LENOVO-29F7409F | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 11/27/2010 6:26:00 PM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Pcmcia

    Error - 11/28/2010 12:46:34 AM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7001
    Description = The DHCP Client service depends on the NetBios over Tcpip service
    which failed to start because of the following error: %%31

    Error - 11/28/2010 12:46:34 AM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7001
    Description = The DNS Client service depends on the TCP/IP Protocol Driver service
    which failed to start because of the following error: %%31

    Error - 11/28/2010 12:46:34 AM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7001
    Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
    failed to start because of the following error: %%31

    Error - 11/28/2010 12:46:34 AM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7001
    Description = The IPSEC Services service depends on the IPSEC driver service which
    failed to start because of the following error: %%31

    Error - 11/28/2010 12:46:34 AM | Computer Name = LENOVO-29F7409F | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

    Error - 11/28/2010 12:46:58 AM | Computer Name = LENOVO-29F7409F | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/28/2010 12:50:51 AM | Computer Name = LENOVO-29F7409F | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


    < End of report >
     
    macoons,
    #14
  16. 2010/11/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)
    Split OTL log between few replies.
     
    broni,
    #15
  17. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    OTL logfile created on: 11/28/2010 9:27:43 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\scott\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 595.00 Mb Available Physical Memory | 59.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 145.97 Gb Total Space | 132.96 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
    Drive D: | 1.89 Gb Total Space | 1.57 Gb Free Space | 83.32% Space Free | Partition Type: FAT

    Computer Name: LENOVO-29F7409F | User Name: scott | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    PRC - [2010/08/19 19:20:16 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010/01/27 19:15:48 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/07/10 17:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/11/20 09:15:06 | 000,307,200 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
    PRC - [2008/08/28 15:10:18 | 001,283,984 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    PRC - [2008/07/09 16:21:20 | 004,456,448 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
    PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/07/10 17:25:42 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/11/20 09:15:06 | 000,307,200 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\scott\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/02/18 02:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/07/22 18:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV - [2008/06/19 20:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/05/22 18:21:26 | 000,225,280 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/14 21:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2006/04/22 21:33:52 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
    DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.hotmail.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



    O1 HOSTS File: ([2010/11/28 20:40:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\scott\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/28 21:24:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    [2010/11/28 21:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Desktop\tdsskiller
    [2010/11/28 21:10:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/28 21:08:25 | 000,000,000 | -H-D | C] -- C:\dvmexp
    [2010/11/28 20:33:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/28 20:32:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/28 20:32:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/28 20:32:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/28 20:32:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/28 20:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/28 20:30:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/27 12:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/11/27 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\Avira
    [2010/11/27 12:46:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/11/27 12:46:54 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/27 12:46:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/27 12:46:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/11/27 12:46:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/11/27 12:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/11/27 12:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/11/26 16:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Desktop\Downloads
    [2010/11/26 16:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\GetRightToGo
    [2010/11/19 22:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\vlc
    [2010/11/19 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/11/19 20:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/11/19 20:44:38 | 000,000,000 | ---D | C] -- C:\bb81f3deaf50a5ce6fa1b630
    [2010/11/19 20:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2010/11/19 20:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/11/19 20:43:59 | 000,000,000 | ---D | C] -- C:\4538fa9eefb5ef2007786e761e7a
    [2010/11/11 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/11/11 20:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Local Settings\Application Data\Threat Expert
    [2010/11/11 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\Malwarebytes
    [2010/11/11 19:37:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/11 19:37:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/11 19:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/11 19:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/11 19:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/11 09:31:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

    ========== Files - Modified Within 30 Days ==========

    [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    [2010/11/28 21:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/28 21:15:53 | 001,228,013 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\tdsskiller.zip
    [2010/11/28 21:08:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/28 21:08:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/28 21:08:11 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/28 20:51:49 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2010/11/28 20:40:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/28 20:31:30 | 003,981,591 | R--- | M] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/27 20:46:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/27 20:30:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/27 12:47:09 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/26 16:58:06 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\rkill.com
    [2010/11/26 16:49:56 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\shell.reg
    [2010/11/26 16:25:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/25 11:42:33 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\start
    [2010/11/21 20:46:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/11/20 10:51:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/11/20 10:51:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/11/19 22:50:00 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/11/19 20:46:14 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/19 20:46:14 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\Windows Media Player.lnk
    [2010/11/19 20:45:19 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/11/19 20:44:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/11/11 20:23:55 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2010/11/11 19:37:54 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 17:13:33 | 000,491,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 17:13:33 | 000,089,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/11/28 21:15:44 | 001,228,013 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\tdsskiller.zip
    [2010/11/28 20:33:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/28 20:33:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/28 20:32:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/28 20:32:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/28 20:32:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/28 20:32:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/28 20:32:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/28 20:29:34 | 003,981,591 | R--- | C] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/27 20:52:18 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/27 12:47:09 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/26 16:59:17 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\rkill.com
    [2010/11/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\shell.reg
    [2010/11/25 11:42:33 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\scott\Application Data\start
    [2010/11/19 22:50:00 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/11/19 20:46:14 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\Windows Media Player.lnk
    [2010/11/19 20:44:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/11/11 20:23:55 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2010/11/11 19:37:54 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/27 19:31:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2010/01/27 19:51:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/01/27 19:15:51 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
    [2010/01/27 19:15:51 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
    [2010/01/27 19:15:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
    [2010/01/27 19:15:50 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
    [2010/01/27 19:15:50 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
    [2010/01/27 19:15:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
    [2010/01/27 19:15:49 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
    [2010/01/27 19:15:49 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
    [2010/01/27 19:15:49 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
    [2010/01/27 19:15:49 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
    [2010/01/27 19:15:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
    [2010/01/27 19:15:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
    [2010/01/27 19:15:48 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
    [2010/01/27 19:15:48 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
    [2010/01/27 19:15:48 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
    [2010/01/27 19:15:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
    [2010/01/27 19:15:46 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
    [2010/01/27 19:08:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2008/10/28 11:17:50 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
    [2008/07/21 13:08:39 | 000,005,398 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/07/21 04:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========

    [2010/01/27 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2010/11/11 20:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/27 19:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
    [2010/11/26 16:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scott\Application Data\GetRightToGo
    [2010/03/11 06:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scott\Application Data\OpenOffice.org

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/11/27 20:30:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/28 20:51:49 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/28 20:42:18 | 000,013,490 | ---- | M] () -- C:\ComboFix.txt
    [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/28 21:08:17 | 000,167,398 | ---- | M] () -- C:\HeadNotify.log
    [2010/11/28 21:08:11 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2008/07/21 11:16:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/07/21 11:16:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/11/28 21:08:09 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/01/27 19:07:23 | 000,001,621 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/26 17:02:09 | 000,000,392 | ---- | M] () -- C:\rkill.log
    [2010/01/27 19:45:02 | 000,000,061 | -H-- | M] () -- C:\splash.idx
    [2010/11/28 21:18:51 | 000,047,038 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_21.17.16_log.txt
    [2010/01/27 19:15:52 | 000,000,032 | ---- | M] () -- C:\veriface.log
    [2009/05/14 16:55:58 | 000,005,232 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/07/21 11:15:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/07/21 04:08:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/07/21 04:08:42 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/07/21 04:08:42 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/07/21 11:16:28 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/06 15:15:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/07/21 11:19:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/28 20:31:30 | 003,981,591 | R--- | M] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/06 15:15:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\scott\Favorites\Desktop.ini
    [2010/01/27 19:19:32 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\scott\Favorites\Share Your Ideas.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/28 21:26:07 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\scott\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
     
    macoons,
    #16
  18. 2010/11/28
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    [2008/04/14 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 22:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >
     
    Last edited by a moderator: 2010/11/29
    macoons,
    #17
  19. 2010/11/29
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    [2008/04/14 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 22:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\scott\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/02/18 02:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/08/05 04:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008/07/22 18:03:24 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
    DRV - [2008/06/19 20:43:36 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2008/05/22 18:21:26 | 000,225,280 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/13 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/02/14 21:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2006/04/22 21:33:52 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
    DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.hotmail.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012



    O1 HOSTS File: ([2010/11/28 20:40:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] c:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\scott\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\scott\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/28 21:24:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    [2010/11/28 21:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Desktop\tdsskiller
    [2010/11/28 21:10:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/28 21:08:25 | 000,000,000 | -H-D | C] -- C:\dvmexp
    [2010/11/28 20:33:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/28 20:32:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/28 20:32:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/28 20:32:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/28 20:32:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/28 20:30:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/28 20:30:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/27 12:50:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/11/27 12:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\Avira
    [2010/11/27 12:46:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/11/27 12:46:54 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/11/27 12:46:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/11/27 12:46:54 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/11/27 12:46:54 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/11/27 12:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/11/27 12:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/11/26 16:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Desktop\Downloads
    [2010/11/26 16:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\GetRightToGo
    [2010/11/19 22:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\vlc
    [2010/11/19 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010/11/19 20:46:24 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
    [2010/11/19 20:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2010/11/19 20:44:38 | 000,000,000 | ---D | C] -- C:\bb81f3deaf50a5ce6fa1b630
    [2010/11/19 20:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2010/11/19 20:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010/11/19 20:43:59 | 000,000,000 | ---D | C] -- C:\4538fa9eefb5ef2007786e761e7a
    [2010/11/11 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/11/11 20:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Local Settings\Application Data\Threat Expert
    [2010/11/11 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\scott\Application Data\Malwarebytes
    [2010/11/11 19:37:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/11 19:37:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/11 19:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/11 19:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/11 19:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/11 09:31:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

    ========== Files - Modified Within 30 Days ==========

    [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe
    [2010/11/28 21:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/28 21:15:53 | 001,228,013 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\tdsskiller.zip
    [2010/11/28 21:08:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/28 21:08:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/28 21:08:11 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/28 20:51:49 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2010/11/28 20:40:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/28 20:31:30 | 003,981,591 | R--- | M] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/27 20:46:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/27 20:30:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/27 12:47:09 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/26 16:58:06 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\rkill.com
    [2010/11/26 16:49:56 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\shell.reg
    [2010/11/26 16:25:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/25 11:42:33 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\start
    [2010/11/21 20:46:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/11/20 10:51:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/11/20 10:51:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/11/19 22:50:00 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/11/19 20:46:14 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/19 20:46:14 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\scott\Desktop\Windows Media Player.lnk
    [2010/11/19 20:45:19 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/11/19 20:44:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/11/11 20:23:55 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2010/11/11 19:37:54 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 17:13:33 | 000,491,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 17:13:33 | 000,089,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/11/28 21:15:44 | 001,228,013 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\tdsskiller.zip
    [2010/11/28 20:33:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/28 20:33:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/28 20:32:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/28 20:32:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/28 20:32:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/28 20:32:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/28 20:32:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/28 20:29:34 | 003,981,591 | R--- | C] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/27 20:52:18 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/27 12:47:09 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/11/26 16:59:17 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\rkill.com
    [2010/11/26 16:51:43 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\shell.reg
    [2010/11/25 11:42:33 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\scott\Application Data\start
    [2010/11/19 22:50:00 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/11/19 20:46:14 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\scott\Desktop\Windows Media Player.lnk
    [2010/11/19 20:44:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2010/11/11 20:23:55 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
    [2010/11/11 19:37:54 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/27 19:31:28 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2010/01/27 19:51:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/01/27 19:15:51 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
    [2010/01/27 19:15:51 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
    [2010/01/27 19:15:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
    [2010/01/27 19:15:50 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
    [2010/01/27 19:15:50 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
    [2010/01/27 19:15:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
    [2010/01/27 19:15:49 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
    [2010/01/27 19:15:49 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
    [2010/01/27 19:15:49 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
    [2010/01/27 19:15:49 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
    [2010/01/27 19:15:49 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
    [2010/01/27 19:15:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
    [2010/01/27 19:15:48 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
    [2010/01/27 19:15:48 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
    [2010/01/27 19:15:48 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
    [2010/01/27 19:15:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
    [2010/01/27 19:15:46 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
    [2010/01/27 19:08:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2008/10/28 11:17:50 | 000,012,240 | ---- | C] () -- C:\WINDOWS\System32\dvmio.sys
    [2008/07/21 13:08:39 | 000,005,398 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/07/21 04:09:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========
     
    macoons,
    #18
  20. 2010/11/29
    macoons

    macoons Inactive Thread Starter

    Joined:
    2010/03/31
    Messages:
    44
    Likes Received:
    0
    [2010/01/27 19:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2010/11/11 20:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/27 19:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
    [2010/11/26 16:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scott\Application Data\GetRightToGo
    [2010/03/11 06:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\scott\Application Data\OpenOffice.org

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/11/27 20:30:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/28 20:51:49 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/28 20:42:18 | 000,013,490 | ---- | M] () -- C:\ComboFix.txt
    [2008/07/21 11:16:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/28 21:08:17 | 000,167,398 | ---- | M] () -- C:\HeadNotify.log
    [2010/11/28 21:08:11 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2008/07/21 11:16:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/07/21 11:16:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/14 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 04:00:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/11/28 21:08:09 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/01/27 19:07:23 | 000,001,621 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/26 17:02:09 | 000,000,392 | ---- | M] () -- C:\rkill.log
    [2010/01/27 19:45:02 | 000,000,061 | -H-- | M] () -- C:\splash.idx
    [2010/11/28 21:18:51 | 000,047,038 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_21.17.16_log.txt
    [2010/01/27 19:15:52 | 000,000,032 | ---- | M] () -- C:\veriface.log
    [2009/05/14 16:55:58 | 000,005,232 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/07/21 11:15:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/07/21 04:08:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/07/21 04:08:42 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/07/21 04:08:42 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/07/21 11:16:28 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/06 15:15:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/07/21 11:19:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/28 20:31:30 | 003,981,591 | R--- | M] () -- C:\Documents and Settings\scott\Desktop\ComboFix.exe
    [2010/11/28 21:24:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\scott\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/03/06 15:15:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\scott\Favorites\Desktop.ini
    [2010/01/27 19:19:32 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\scott\Favorites\Share Your Ideas.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/28 21:26:07 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\scott\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 22:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 22:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

    < End of report >
     
    macoons,
    #19
  21. 2010/11/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:23012
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...