TechSpot

Bad image error after every application opens

Solved
By myantidrugboys
Dec 18, 2010
Topic Status:
Not open for further replies.
  1. Bad image.JPG

    This is the error that keeps popping up every time i open any application.
    Im running XP and i was able to back up all of my files.

    Im noob when it comes to computers so i hope some one can help me!

    -Anti
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download and run exeHelper.

    • Please download exeHelper from Raktor to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file named log.txt will be created in the directory where you ran exeHelper.com
    • Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    See, if you can open your programs after running the above.
  3. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please, always PASTE all logs.
    Attached logs will NOT be reviewed.

    exeHelper by Raktor
    Build 20100414
    Run at 17:33:14 on 12/18/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    Do ALL of your programs are affected?
    See, if same issue happens in Safe Mode.
  5. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    Yes it happend with all programs and it even happened in safe mode
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    OK...

    I assume, you're posting form some different computer?
  7. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    no i am using the same computer..


    i have to go to work but i will be back later i know there is a time limit is that okay?
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I'm confused then...
    How are you posting, if you said, you can't open ANY program?

    Don't worry about time limit. It only applies, if you stay "mum" for more than 5 days.
  9. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    No i can open all my programs, the message just pops up every time i try to open it and i have to click ok and then the program opens up
  10. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I see...

    In that case....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  11. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5354

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/19/2010 2:02:25 AM
    mbam-log-2010-12-19 (02-02-25).txt

    Scan type: Quick scan
    Objects scanned: 154848
    Time elapsed: 5 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\angle interactive\rd platinum v5.0 (PUP.RegistryDefender) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\angle interactive\rd platinum v5.0\report.csv (PUP.RegistryDefender) -> Quarantined and deleted successfully.
     
  12. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-19 02:15:39
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54101 rev.MBZI
    Running: xb4rbov9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugtdrpog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  13. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrator at 2:19:56.14 on Sun 12/19/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1205 [GMT -5:00]

    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    C:\WINDOWS\Explorer.EXE
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    C:\program files\mozilla firefox\firefox.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    mWinlogon: System=kdjal.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    {2903f82b-f0d3-41e5-be91-d16a3af6ff01}
    {5207f056-f0d3-41e5-be91-d16a3af6ff01}
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    {6755221f-cc42-4173-8b66-a34914ad9ee9}
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {f300e1b2-c3da-4d6f-9d0d-84fa17bc377c}: {c773cb71-af48-d0d9-f6d4-ad3c2b1e003f}
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {4C350B19-6CA1-4569-B14C-296D8D65300B} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [GzSndExePath] c:\program files\gunze\gztp_pack\GzSnd.exe
    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [TpShocks] TpShocks.exe
    mRun: [TP4EX] tp4ex.exe
    mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
    mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
    mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [GzSnd] %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
    mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
    mRun: [CSS Upgrade Assistant] "c:\program files\lenovo\css8_upgrade_asst.exe" /runkey
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
    mRun: [AMSG] c:\progra~1\thinkv~2\amsg\Amsg.exe /startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
    mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://stu-wireless-nac.stu.campus.wpunj.edu/auth/CCALogin.CAB
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: ACNotify - ACNotify.dll
    Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    AppInit_DLLs: jsrklb.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUlICrO
    LSA: Notification Packages = scecli ACGina psqlpwd ACGina ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hjk8ebf3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Mp3Rocket
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-9 24304]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-16 11608]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-6-24 13480]
    R1 TSMSMI;TSM System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [2008-1-23 6656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-16 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-16 267944]
    R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2010-9-27 79136]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-16 61960]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-9 132456]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-8-7 53248]
    R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
    R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2010-9-27 71016]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-8-8 63928]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-24 24652]
    R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2006-10-30 27008]
    R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-1-23 23080]
    R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2006-10-30 30888]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-16 45496]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]

    =============== Created Last 30 ================

    2010-12-16 12:30:47 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-12-16 12:30:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-16 12:30:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-16 12:30:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-16 12:30:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-16 12:20:45 -------- d-----w- c:\windows\system32\dumps
    2010-12-16 07:30:50 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira
    2010-12-16 07:29:11 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-16 07:29:09 -------- d-----w- c:\program files\Avira
    2010-12-16 07:29:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-12-16 03:05:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
    2010-12-16 03:00:42 -------- d-----w- c:\program files\IObit
    2010-12-15 20:15:11 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 20:14:42 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2010-12-15 10:14:21 20 ----a-w- c:\windows\system32\JSRKLB.DLL
    2010-12-13 09:12:03 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Search
    2010-12-13 08:22:32 -------- d-----w- c:\windows\system32\winrm
    2010-12-13 08:22:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-13 08:21:48 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
    2010-12-13 08:20:58 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-13 08:20:58 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-13 08:19:49 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-13 08:19:49 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-13 08:19:48 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2010-11-25 23:02:34 15256 ----a-w- c:\docume~1\admini~1\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
    2010-11-25 18:52:02 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software

    ==================== Find3M ====================

    2010-12-19 06:35:41 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
    2010-11-09 04:30:26 759828 ----a-w- c:\program files\cc_20101108_233007.reg
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-05 06:29:00 251240 ------w- c:\windows\system32\PWMCPl.cpl
    2010-11-05 06:29:00 196608 ------w- c:\windows\PWMBTHLP.EXE
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
    2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-01-17 18:04:41 9088 -c--a-w- c:\program files\cc_20090117_130427.reg
    2008-12-22 19:32:02 20040 -c--a-w- c:\program files\cc_20081222_143158.reg
    2008-12-22 19:28:32 45620 -c--a-w- c:\program files\cc_20081222_142702.reg

    ============= FINISH: 2:23:00.54 ===============
  14. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2008 1:30:43 AM
    System Uptime: 12/19/2010 2:05:17 AM (0 hours ago)

    Motherboard: LENOVO | | 63668KU
    Processor: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz | None | 1828/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 88 GiB total, 2.691 GiB free.
    D: is CDROM ()
    R: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP338: 9/23/2010 8:49:24 AM - Avg Update
    RP339: 9/23/2010 8:51:21 AM - Avg Update
    RP340: 9/24/2010 9:24:59 AM - System Checkpoint
    RP341: 9/25/2010 1:49:44 PM - System Checkpoint
    RP342: 9/27/2010 12:30:32 AM - System Checkpoint
    RP343: 9/27/2010 10:43:31 PM - Installed NetWaiting
    RP344: 9/27/2010 10:44:05 PM - Installed NetWaiting
    RP345: 9/27/2010 10:49:03 PM - Installed ThinkPad Tablet Shortcut Menu
    RP346: 9/27/2010 10:50:06 PM - Installed Power Manager
    RP347: 9/29/2010 6:27:01 AM - System Checkpoint
    RP348: 9/30/2010 7:27:35 AM - Software Distribution Service 3.0
    RP349: 10/1/2010 3:10:20 PM - System Checkpoint
    RP350: 10/1/2010 3:40:38 PM - Unsigned driver install
    RP351: 10/3/2010 3:28:01 AM - System Checkpoint
    RP352: 10/4/2010 11:49:52 AM - Avg Update
    RP353: 10/4/2010 2:56:46 PM - Unsigned driver install
    RP354: 10/5/2010 5:04:26 AM - Software Distribution Service 3.0
    RP355: 10/6/2010 12:49:42 AM - Software Distribution Service 3.0
    RP356: 10/7/2010 2:14:59 AM - System Checkpoint
    RP357: 10/8/2010 2:28:22 PM - System Checkpoint
    RP358: 10/9/2010 3:13:22 PM - System Checkpoint
    RP359: 10/10/2010 11:52:31 PM - System Checkpoint
    RP360: 10/12/2010 12:11:56 AM - System Checkpoint
    RP361: 10/14/2010 3:54:31 PM - System Checkpoint
    RP362: 10/14/2010 9:00:34 PM - Software Distribution Service 3.0
    RP363: 10/17/2010 5:19:48 AM - System Checkpoint
    RP364: 10/18/2010 3:14:50 PM - System Checkpoint
    RP365: 10/20/2010 1:34:45 AM - System Checkpoint
    RP366: 10/21/2010 3:33:13 AM - System Checkpoint
    RP367: 10/22/2010 2:19:11 PM - System Checkpoint
    RP368: 10/23/2010 9:47:57 AM - Installed Java(TM) 6 Update 22
    RP369: 10/25/2010 1:35:45 PM - System Checkpoint
    RP370: 10/26/2010 11:52:25 AM - Avg Update
    RP371: 10/28/2010 2:05:21 AM - Installed ThinkVantage Access Connections
    RP372: 10/29/2010 4:06:45 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP373: 10/29/2010 4:07:03 AM - Installed AVG 2011
    RP374: 10/29/2010 4:07:56 AM - Removed AVG Free 9.0
    RP375: 10/29/2010 4:18:52 AM - Installed AVG 2011
    RP376: 10/30/2010 6:09:09 AM - System Checkpoint
    RP377: 10/31/2010 6:33:04 PM - System Checkpoint
    RP378: 11/1/2010 6:42:54 PM - System Checkpoint
    RP379: 11/3/2010 4:49:35 AM - System Checkpoint
    RP380: 11/4/2010 7:44:21 PM - System Checkpoint
    RP381: 11/6/2010 3:21:29 AM - System Checkpoint
    RP382: 11/7/2010 5:00:29 AM - System Checkpoint
    RP383: 11/9/2010 2:49:58 AM - System Checkpoint
    RP384: 11/10/2010 5:35:17 AM - System Checkpoint
    RP385: 11/11/2010 3:05:30 AM - Software Distribution Service 3.0
    RP386: 11/12/2010 1:21:30 PM - System Checkpoint
    RP387: 11/14/2010 1:58:29 AM - System Checkpoint
    RP388: 11/15/2010 2:18:06 AM - System Checkpoint
    RP389: 11/17/2010 12:52:44 AM - System Checkpoint
    RP390: 11/19/2010 5:01:36 PM - System Checkpoint
    RP391: 11/21/2010 3:29:41 AM - System Checkpoint
    RP392: 11/22/2010 4:02:22 AM - System Checkpoint
    RP393: 11/23/2010 5:28:32 AM - System Checkpoint
    RP394: 11/24/2010 7:03:05 AM - System Checkpoint
    RP395: 11/27/2010 6:33:23 AM - System Checkpoint
    RP396: 11/29/2010 2:11:21 PM - System Checkpoint
    RP397: 12/1/2010 1:40:56 PM - System Checkpoint
    RP398: 12/3/2010 5:40:58 AM - System Checkpoint
    RP399: 12/4/2010 5:49:28 AM - System Checkpoint
    RP400: 12/5/2010 10:52:20 PM - System Checkpoint
    RP401: 12/7/2010 6:24:10 AM - System Checkpoint
    RP402: 12/9/2010 4:58:32 PM - System Checkpoint
    RP403: 12/11/2010 4:14:44 AM - System Checkpoint
    RP404: 12/12/2010 5:39:59 PM - System Checkpoint
    RP405: 12/13/2010 3:03:42 AM - Installed Power Manager
    RP406: 12/13/2010 3:15:15 AM - Software Distribution Service 3.0
    RP407: 12/14/2010 2:03:03 AM - Software Distribution Service 3.0
    RP408: 12/15/2010 6:55:29 AM - System Checkpoint
    RP409: 12/15/2010 9:00:40 PM - Software Distribution Service 3.0
    RP410: 12/15/2010 10:08:04 PM - Removed ooVoo
    RP411: 12/17/2010 12:44:52 AM - System Checkpoint
    RP412: 12/17/2010 9:00:25 PM - Software Distribution Service 3.0
    RP413: 12/18/2010 4:46:49 PM - Removed AVG 2011
    RP414: 12/18/2010 4:47:59 PM - Removed AVG 2011
    RP415: 12/18/2010 5:15:32 PM - Removed Cisco Clean Access Agent.

    ==== Installed Programs ======================

    ĀµTorrent
    Access Help
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Media Player
    Adobe Reader 8.2.5
    Adobe Shockwave Player 11.5
    AGEIA PhysX v6.10.25
    Agilix GoBinder Lite
    AIM 6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Choice Guard
    Client Security Solution
    Compatibility Pack for the 2007 Office system
    Diskeeper Lite
    Help Center
    High Definition Audio Driver Package - KB888111
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    Ink Art
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    InterVideo VirtualDrive
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Lenovo Auto Scroll Utility
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    Maintenance Manager
    Malwarebytes' Anti-Malware
    Message Center
    Message Center Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Education Pack for Windows XP Tablet PC Edition
    Microsoft Energy Blue Theme Pack
    Microsoft Experience Pack for Tablet PC
    Microsoft Ink Crossword
    Microsoft Ink Desktop
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Media Transfer
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Outlook Connector
    Microsoft Office Small Business Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Snipping Tool 2.0
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
    MMI
    MobileMe Control Panel
    Mozilla Firefox (3.6.13)
    MSN
    MSN Toolbar Platform
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MultiTouch Driver
    MultiTouch Driver Supplement
    ObjectDock
    On Screen Display
    Picasa 2
    Presentation Director
    Productivity Center Supplement for ThinkPad
    QuickTime
    RecordNow Audio
    RecordNow Copy
    RecordNow Data
    Remove Multimedia Center
    Rescue and Recovery
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Segoe UI
    Sonic DLA
    Sonic Express Labeler
    Sonic Icons for Lenovo
    Sonic Update Manager
    SoundMAX
    System Migration Assistant
    System Update
    Tablet PC Tutorials for Microsoft Windows XP SP2
    The Game of Life 1.00
    ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad Configuration
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Integration Setup
    ThinkPad Hotkey Features Setup
    ThinkPad Keyboard Customizer Utility
    ThinkPad Modem
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad Tablet Button Driver
    ThinkPad Tablet Shortcut Menu
    ThinkPad TrackPoint Driver
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Fingerprint Software
    ThinkVantage Productivity Center
    ThinkVantage Technologies Welcome Message
    TI Connect 1.6
    TrackPoint Accessibility Features
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Wallpapers
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    XP Themes
    Zinio Reader

    ==== Event Viewer Messages From Past Week ========

    12/19/2010 2:09:15 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/19/2010 2:09:15 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    12/19/2010 2:09:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC avgio avipbb eeCtrl Fips IBMTPCHK intelppm IPSec Lbd lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Smapint ssmdrv Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP TSMSMI
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 5:54:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/18/2010 5:54:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/18/2010 4:08:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TabletSVC service.
    12/18/2010 4:08:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    12/17/2010 2:15:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AcSvc service.
    12/16/2010 7:24:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    12/16/2010 7:19:14 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:57 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/16/2010 7:18:54 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:54 AM, error: Service Control Manager [7034] - The Power Manager DBC Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:53 AM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/16/2010 7:18:50 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/16/2010 7:18:48 AM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:47 AM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:47 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:45 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:39 AM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:36 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:35 AM, error: Service Control Manager [7034] - The TABLET Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:35 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:34 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:31 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:30 AM, error: Service Control Manager [7034] - The Lenovo Doze Mode Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:30 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:28 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:26 AM, error: Service Control Manager [7034] - The ASR Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:25 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/16/2010 7:18:24 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:24 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/16/2010 7:18:23 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:23 AM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
    12/16/2010 7:18:22 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
    12/15/2010 12:01:55 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/13/2010 3:21:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Update for WMDRM-enabled Media Players (KB902344).
    12/13/2010 1:17:02 AM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/12/2010 2:23:21 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    12/12/2010 1:36:52 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

    ==== End Of File ===========================
  15. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  16. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0002000c

    Kernel Drivers (total 186):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F05000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA0C8000 VolSnap.sys
    0xB9EED000 atapi.sys
    0xB9E13000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9DF3000 fltmgr.sys
    0xB9DE1000 sr.sys
    0xB9DCB000 DRVMCDB.SYS
    0xBA0F8000 PxHelp20.sys
    0xB9DB4000 KSecDD.sys
    0xBA338000 DozeHDD.sys
    0xB9D27000 Ntfs.sys
    0xB9CFA000 NDIS.sys
    0xB9CDA000 Apsx86.sys
    0xBA108000 ApsHM86.sys
    0xBA118000 ohci1394.sys
    0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9CC0000 Mup.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB7F1F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB7F0B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB7EE3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB7EA6000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xB7D5D000 \SystemRoot\system32\DRIVERS\athw.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB7D39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB7D25000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA60C000 \SystemRoot\system32\DRIVERS\tkbtnpn.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA2F8000 \SystemRoot\system32\DRIVERS\tp4track.sys
    0xB8788000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB7CA9000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xB84FD000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8778000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB9C98000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB7C95000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB84F5000 \SystemRoot\system32\DRIVERS\nscirda.sys
    0xB9C94000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xB84ED000 \SystemRoot\system32\DRIVERS\wisdpen.sys
    0xB84DD000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xB9C8C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB84D5000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xB8768000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB9C84000 \SystemRoot\system32\drivers\iviaspi.sys
    0xBA614000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0xB8758000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB8748000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7C72000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB84CD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xB7B81000 \SystemRoot\system32\DRIVERS\btkrnl.sys
    0xB84C5000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
    0xBA79D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB84BD000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xB84B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8738000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB87BC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB7B6A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8728000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8718000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB7B59000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8708000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB7B29000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB86F8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA4B0000 \SystemRoot\system32\DRIVERS\psadd.sys
    0xBA616000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB7ACB000 \SystemRoot\system32\DRIVERS\update.sys
    0xB87AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA168000 \SystemRoot\system32\DRIVERS\wsimd.sys
    0xBA348000 \SystemRoot\system32\DRIVERS\btport.sys
    0xBA188000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA7751000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA772D000 \SystemRoot\system32\drivers\portcls.sys
    0xBA228000 \SystemRoot\system32\drivers\drmk.sys
    0xA765D000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA75F2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xA7501000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xA744E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xBA388000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB977F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA64E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA791D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB9C4F000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA660D000 \SystemRoot\system32\DRIVERS\GzTpHid.sys
    0xA693D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA5B4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA7B7000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5B6000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA65F5000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
    0xA65ED000 \SystemRoot\System32\drivers\vga.sys
    0xBA5B8000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA65E5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA5C81000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA6935000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA2893000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA283A000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA2814000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA27EC000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA5BA9000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA27CA000 \SystemRoot\System32\drivers\afd.sys
    0xA5B99000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA5764000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBA5BC000 \SystemRoot\system32\DRIVERS\TSMSMI32.SYS
    0xA5C79000 \SystemRoot\System32\drivers\TSMAPIP.SYS
    0xA5C71000 \SystemRoot\System32\drivers\Tppwrif.sys
    0xA5C69000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
    0xA5C61000 \SystemRoot\System32\drivers\TDSMAPI.SYS
    0xA5C59000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA5C51000 \SystemRoot\System32\drivers\Smapint.sys
    0xA266F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA25FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA5BE000 \SystemRoot\system32\DRIVERS\smiif32.sys
    0xBA5C0000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
    0xA5754000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA5744000 \SystemRoot\System32\Drivers\tcusb.sys
    0xA1DBC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xA06ED000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xBA5F2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xA28CA000 \SystemRoot\System32\drivers\ANC.SYS
    0x98F22000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA7929000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9904F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA6D5000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x9856F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x9FF90000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0xBA68D000 \SystemRoot\System32\DLA\DLADResN.SYS
    0x98559000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
    0xB9C9C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
    0xBA5CC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
    0xBA5D0000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
    0xA26F2000 \SystemRoot\System32\DLA\DLABOIOM.SYS
    0x98541000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
    0x9852B000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
    0x98515000 \SystemRoot\system32\DRIVERS\irda.sys
    0xA28A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x98470000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA0062000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0x9838D000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0xA0917000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
    0x98234000 \SystemRoot\System32\Drivers\HTTP.sys
    0x98107000 \SystemRoot\system32\drivers\wdmaud.sys
    0x98F42000 \SystemRoot\system32\drivers\sysaudio.sys
    0x98039000 \SystemRoot\system32\DRIVERS\srv.sys
    0x985C4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x981DC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9FC85000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
    0x9818C000 \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
    0xBA7F1000 \??\C:\Program Files\SMI2\smi2.sys
    0x97CD3000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
    0x96413000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x9627D000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 109):
    0 System Idle Process
    4 System
    1352 C:\WINDOWS\system32\smss.exe
    1400 csrss.exe
    1428 C:\WINDOWS\system32\winlogon.exe
    1472 C:\WINDOWS\system32\services.exe
    1484 C:\WINDOWS\system32\lsass.exe
    1728 C:\WINDOWS\system32\ibmpmsvc.exe
    1760 C:\WINDOWS\system32\svchost.exe
    1816 svchost.exe
    1856 C:\WINDOWS\system32\svchost.exe
    2036 svchost.exe
    232 C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
    368 svchost.exe
    784 C:\WINDOWS\system32\spoolsv.exe
    868 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    908 svchost.exe
    980 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    992 C:\WINDOWS\system32\IPSSVC.EXE
    1012 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    1044 C:\WINDOWS\system32\acs.exe
    1100 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1116 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1132 C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
    1156 C:\Program Files\Bonjour\mDNSResponder.exe
    1192 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    1204 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    768 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
    1276 PresentationFontCache.exe
    1956 C:\WINDOWS\system32\svchost.exe
    2028 C:\Program Files\Java\jre6\bin\jqs.exe
    460 C:\WINDOWS\system32\wisptis.exe
    652 C:\WINDOWS\system32\tabbtnu.exe
    1512 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2104 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    2160 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2324 C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
    2416 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2488 C:\WINDOWS\system32\TpKmpSvc.exe
    2708 tvttcsd.exe
    2824 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    3012 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    3040 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    3148 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3192 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3272 wmpnetwk.exe
    3304 C:\WINDOWS\system32\searchindexer.exe
    3576 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    3892 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
    3952 C:\Program Files\Lenovo\System Update\SUService.exe
    2180 C:\WINDOWS\explorer.exe
    2124 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    2768 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    2780 C:\WINDOWS\system32\ctfmon.exe
    3228 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3852 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    656 alg.exe
    3760 C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
    3504 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
    2480 C:\WINDOWS\system32\rundll32.exe
    3020 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
    3628 C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
    1020 C:\WINDOWS\system32\TpShocks.exe
    684 C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
    3712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2132 C:\WINDOWS\system32\igfxext.exe
    884 C:\WINDOWS\system32\igfxsrvc.exe
    1768 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
    1888 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    4048 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    932 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    2092 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    2448 C:\Program Files\Picasa2\PicasaMediaDetector.exe
    3424 C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
    3348 igfxext.exe
    2300 igfxsrvc.exe
    3924 C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe
    3640 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    4200 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
    4432 C:\WINDOWS\system32\igfxtray.exe
    4908 C:\WINDOWS\system32\hkcmd.exe
    5048 C:\WINDOWS\system32\svchost.exe
    5044 C:\WINDOWS\system32\igfxpers.exe
    5244 C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.EXE
    5292 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    6028 C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
    3848 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    1920 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    508 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
    4484 C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
    4764 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    5000 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    5304 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    5580 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    5928 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1876 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3808 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4896 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    5424 C:\Program Files\Digital Line Detect\DLG.exe
    5532 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    4888 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    3416 C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    3800 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    6128 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    4876 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    4164 C:\Program Files\Mozilla Firefox\firefox.exe
    1852 C:\WINDOWS\system32\searchprotocolhost.exe
    5984 searchfilterhost.exe
    6008 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZIC60R

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 08312236BFF0DC51C59D57073BF32973CF384047


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  17. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    when i try to post the combofix log it said it cant post bc there are 11 images in my message and im only limited to 6? i tried doing half then the other but it still said it

    should i sent it as an attachment?
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Wrap it in in "code" tags and it'll post.
  19. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    zzzxxComboFix 10-12-18.02 - Administrator 12/19/2010 13:21:53.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1130 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\budbjljl.ini
    c:\windows\system32\JSRKLB.DLL
    c:\windows\system32\OrCIlUtv.ini
    c:\windows\system32\OrCIlUtv.ini2
    c:\windows\system32\qcybidov.ini
    c:\windows\system32\rewtvkyc.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
    .

    2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-12-16 12:30 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-16 12:30 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-16 12:20 . 2010-12-16 12:20 -------- d-----w- c:\windows\system32\dumps
    2010-12-16 07:30 . 2010-12-16 07:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
    2010-12-16 07:29 . 2010-11-30 23:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-16 07:29 . 2010-11-30 23:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-16 07:29 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-12-16 07:29 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-12-16 07:29 . 2010-12-16 07:29 -------- d-----w- c:\program files\Avira
    2010-12-16 07:29 . 2010-12-16 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-12-16 03:05 . 2010-12-16 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2010-12-16 03:00 . 2010-12-16 03:00 -------- d-----w- c:\program files\IObit
    2010-12-15 20:15 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 20:14 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2010-12-13 09:12 . 2010-12-13 09:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
    2010-12-13 08:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    2010-12-13 08:22 . 2010-12-13 08:22 -------- d-----w- c:\windows\system32\winrm
    2010-12-13 08:22 . 2010-12-13 08:23 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2010-12-13 08:21 . 2010-12-13 08:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-12-13 08:21 . 2010-12-13 08:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
    2010-12-13 08:20 . 2010-12-14 08:44 -------- d-----w- c:\program files\Windows Desktop Search
    2010-12-13 08:20 . 2010-12-13 08:20 -------- d-----w- c:\windows\system32\GroupPolicy
    2010-12-13 08:19 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
    2010-12-13 08:19 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
    2010-12-13 08:19 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
    2010-12-13 08:16 . 2010-12-13 08:17 -------- d-----w- c:\windows\system32\drivers\UMDF
    2010-11-25 18:52 . 2010-11-25 18:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
  20. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-19 06:35 . 2008-01-24 02:24 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-11-18 18:12 . 2006-04-30 23:11 81920 ------w- c:\windows\system32\isign32.dll
    2010-11-09 04:30 . 2010-11-09 04:30 759828 ----a-w- c:\program files\cc_20101108_233007.reg
    2010-11-06 00:26 . 2006-04-30 22:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2006-04-30 22:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:26 . 2006-04-30 22:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 06:29 . 2010-06-09 17:15 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
    2010-11-05 06:29 . 2009-11-16 22:36 251240 ------w- c:\windows\system32\PWMCPl.cpl
    2010-11-05 06:29 . 2008-01-24 02:04 4442 ------w- c:\windows\system32\drivers\TPPWRIF.SYS
    2010-11-05 06:29 . 2008-01-24 02:04 196608 ------w- c:\windows\PWMBTHLP.EXE
    2010-11-05 03:45 . 2010-11-02 03:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-03 12:25 . 2006-04-30 22:51 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2006-04-30 22:52 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2006-04-30 22:51 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2006-04-30 22:51 1853312 ------w- c:\windows\system32\win32k.sys
    2010-09-28 20:44 . 2009-03-13 15:23 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-28 20:44 . 2008-08-08 00:10 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-01-17 18:04 . 2009-01-17 18:04 9088 -c--a-w- c:\program files\cc_20090117_130427.reg
    2008-12-22 19:32 . 2008-12-22 19:32 20040 -c--a-w- c:\program files\cc_20081222_143158.reg
    2008-12-22 19:28 . 2008-12-22 19:28 45620 -c--a-w- c:\program files\cc_20081222_142702.reg
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
    "TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-11-05 208896]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
    "GzSndExePath"="c:\program files\Gunze\GZTP_Pack\GzSnd.exe" [2006-09-12 237568]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352]
    "TpShocks"="TpShocks.exe" [2010-07-01 337256]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2010-03-29 476520]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-09-17 425984]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-09-17 176128]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
    "PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
    "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
    "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
    "LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
    "LENTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE" [2010-03-29 1230184]
    "TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-03-29 58728]
    "CSS Upgrade Assistant"="c:\program files\Lenovo\css8_upgrade_asst.exe" [2007-01-26 663552]
    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
    "AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
    "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
  21. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    "c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-6-10 3450608]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-8 607584]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-7 50688]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2008-04-14 00:11 47104 ------w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2009-12-01 18:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 10:41 11776 ------w- c:\windows\system32\tabbtnwl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2008-04-14 00:12 32256 ------w- c:\windows\system32\tpgwlnot.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
  22. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [6/9/2010 12:15 PM 24304]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 12:44 PM 20592]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [6/24/2010 1:46 PM 13480]
    R1 TSMSMI;TSM System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [1/23/2008 9:07 PM 6656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/16/2010 2:29 AM 135336]
    R2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [9/27/2010 9:49 PM 79136]
    R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [6/9/2010 12:15 PM 132456]
    R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/7/2008 6:54 PM 53248]
    R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
    R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 1:47 PM 12560]
    R2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [9/27/2010 9:49 PM 71016]
    R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [8/8/2008 7:13 PM 63928]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/24/2008 12:34 AM 24652]
    R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [10/30/2006 12:30 PM 27008]
    R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/23/2008 8:55 PM 23080]
    R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [10/30/2006 12:30 PM 30888]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/16/2009 5:32 PM 45496]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 5:52 PM 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

    2010-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]

    2010-12-19 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-24 06:29]

    2010-12-13 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]
    .
    .
  23. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://stu-wireless-nac.stu.campus.wpunj.edu/auth/CCALogin.CAB
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjk8ebf3.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Mp3Rocket
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{2903F82B-F0D3-41E5-BE91-D16A3AF6FF01} - (no file)
    BHO-{5207F056-F0D3-41E5-BE91-D16A3AF6FF01} - (no file)
    BHO-{6755221F-CC42-4173-8B66-A34914AD9EE9} - (no file)
    BHO-{f300e1b2-c3da-4d6f-9d0d-84fa17bc377c} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-GzSnd - %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
    Notify-ACNotify - ACNotify.dll
    Notify-NavLogon - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-19 13:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2185960410-683171685-4088784698-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,94,14,9f,e2,17,55,4d,b0,ca,9a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,3f,c6,b4,a3,98,b0,40,ac,5d,51,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,c4,47,a4,ba,10,3c,47,ad,1b,9b,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1428)
    c:\windows\system32\vrlogon.dll
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    - - - - - - - > 'lsass.exe'(1484)
    c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infql2.dll

    - - - - - - - > 'explorer.exe'(1940)
    c:\windows\system32\WININET.dll
    c:\program files\Stardock\ObjectDock\DockShellHook.dll
    c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
    c:\windows\system32\btmmhook.dll
    c:\program files\PC-Doctor\ATLPcdToolbar569208.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\program files\windows journal\nbmaptip.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\windows\system32\acs.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
    c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\SearchIndexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\System32\tabbtnu.exe
    c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TpShocks.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Common Files\Lenovo\Logger\logmon.exe
    c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-19 13:38:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-19 18:38

    Pre-Run: 2,744,705,024 bytes free
    Post-Run: 2,527,657,984 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - C5257E6EEF1D4BDB2537124E5E54F94B
  24. myantidrugboys

    myantidrugboys TS Rookie Topic Starter Posts: 32

    The first two parts it says it will not be visible until a moderator has approved it
  25. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good job :)

    First, it looks like your MBR may be infected, but let's double check...

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.