TechSpot

Bad image pop up, malware maybe?

Solved
By oscar1987
Dec 11, 2010
Topic Status:
Not open for further replies.
  1. I've been trying to get rid of this Bad Image spam/malware/virus. I followed your 8 step process and im attaching the logs as requested. plz help i dont know that else to do. thanks
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Welcome aboard [​IMG]

    Please, read here: http://www.techspot.com/vb/topic154928.html

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    as requested





    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Oscar at 15:08:57.14 on Sat 12/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.364 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AT&T\Communication Manager\ATTCM.exe
    C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    C:\Program Files\AT&T\Communication Manager\bmctl.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Oscar\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page =
    uSearch Bar =
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant =
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
    mRun: [TP4EX] tp4ex.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
    mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent
    mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe"
    mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    StartupFolder: c:\docume~1\oscar\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\oscar\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
    IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
    IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: bmnet.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: tpfnf2 - notifyf2.dll
    Notify: tphotkey - tphklock.dll
    AppInit_DLLs: c:\windows\system32\wpdmtpa.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 nwprovau
    LSA: Notification Packages = scecli csspwntfy

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\oscar\applic~1\mozilla\firefox\profiles\0jyy3stz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\oscar\applic~1\mozilla\firefox\profiles\0jyy3stz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-11 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-11 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-11 632792]
    R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
    R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-3-10 121416]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    S3 cpuz132;cpuz132;\??\c:\docume~1\oscar\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\oscar\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

    =============== Created Last 30 ================

    2010-12-11 17:09:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-11 15:47:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 15:45:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 15:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 15:08:03 -------- d-----w- c:\docume~1\oscar\applic~1\Registry Mechanic
    2010-12-11 15:02:56 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-11 15:02:56 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-11 15:02:56 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-11 15:02:56 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-11 15:02:55 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-12-11 15:02:52 -------- d-----w- c:\program files\common files\PC Tools
    2010-12-11 13:06:11 20 ----a-w- c:\windows\system32\WPDMTPA.DLL
    2010-11-28 16:10:59 0 ---ha-w- c:\docume~1\oscar\locals~1\applic~1\BIT18C.tmp

    ==================== Find3M ====================

    2010-12-05 14:42:41 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-09-24 18:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 18:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 16:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

    ============= FINISH: 15:11:33.56 ===============














    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/13/2008 10:27:03 PM
    System Uptime: 12/11/2010 2:50:38 PM (1 hours ago)

    Motherboard: LENOVO | | 9457GG1
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | None | 1662/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 51 GiB total, 23.221 GiB free.
    D: is CDROM ()
    R: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP291: 9/19/2010 5:19:40 PM - System Checkpoint
    RP292: 9/24/2010 10:40:26 PM - Installed Java(TM) 6 Update 21
    RP293: 9/24/2010 10:42:39 PM - Avg Update
    RP294: 9/24/2010 10:43:14 PM - Avg Update
    RP295: 9/26/2010 4:07:37 PM - System Checkpoint
    RP296: 10/9/2010 3:26:10 PM - Avg Update
    RP297: 10/10/2010 5:41:55 PM - Software Distribution Service 3.0
    RP298: 10/15/2010 1:56:39 PM - System Checkpoint
    RP299: 10/17/2010 9:16:32 AM - System Checkpoint
    RP300: 10/17/2010 12:47:59 PM - Removed Driver Detective.
    RP301: 10/17/2010 3:45:14 PM - Software Distribution Service 3.0
    RP302: 10/23/2010 3:56:38 PM - System Checkpoint
    RP303: 10/24/2010 4:26:58 PM - System Checkpoint
    RP304: 10/26/2010 10:10:03 PM - Avg Update
    RP305: 10/26/2010 10:12:29 PM - Installed Java(TM) 6 Update 22
    RP306: 10/30/2010 11:47:21 AM - System Checkpoint
    RP307: 10/31/2010 8:26:21 AM - Removed Opera 10.62.
    RP308: 10/31/2010 8:26:31 AM - Installed Opera 10.63.
    RP309: 10/31/2010 6:09:41 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP310: 10/31/2010 6:10:00 PM - Installed AVG 2011
    RP311: 10/31/2010 6:10:54 PM - Removed AVG Free 9.0
    RP312: 10/31/2010 6:20:01 PM - Installed AVG 2011
    RP313: 11/2/2010 11:24:40 PM - System Checkpoint
    RP314: 11/5/2010 11:35:11 PM - System Checkpoint
    RP315: 11/7/2010 8:45:44 AM - System Checkpoint
    RP316: 11/7/2010 11:26:23 AM - Removed Microsoft Office Language Pack 2007 - English
    RP317: 11/7/2010 11:30:53 AM - Removed Microsoft Office Excel Viewer 2003
    RP318: 11/7/2010 11:38:21 AM - Before uninstalling Microsoft Office Enterprise 2007
    RP319: 11/7/2010 12:46:52 PM - Installed Microsoft Office Professional Plus 2010
    RP320: 11/7/2010 12:38:18 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP321: 11/9/2010 7:12:06 PM - Software Distribution Service 3.0
    RP322: 11/9/2010 11:41:45 PM - Software Distribution Service 3.0
    RP323: 11/10/2010 3:44:09 PM - Software Distribution Service 3.0
    RP324: 11/10/2010 7:04:02 PM - Before uninstalling HP Smart Web Printing 4.60
    RP325: 11/13/2010 4:30:45 PM - System Checkpoint
    RP326: 11/14/2010 11:28:17 AM - Software Distribution Service 3.0
    RP327: 11/20/2010 3:35:05 PM - System Checkpoint
    RP328: 11/21/2010 6:14:49 PM - System Checkpoint
    RP329: 11/27/2010 9:59:23 AM - System Checkpoint
    RP330: 11/28/2010 12:36:55 PM - System Checkpoint
    RP331: 12/4/2010 10:49:00 AM - System Checkpoint
    RP332: 12/5/2010 11:52:51 AM - System Checkpoint
    RP333: 12/11/2010 10:36:33 AM - Removed Opera 10.63.
    RP334: 12/11/2010 12:09:12 PM - avast! Free Antivirus Setup
    RP335: 12/11/2010 12:24:11 PM - Removed AVG 2011
    RP336: 12/11/2010 12:28:20 PM - Removed AVG 2011

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 7.0.9
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Software Update
    AT&T Communication Manager
    avast! Free Antivirus
    Brother Analysis Tool
    BufferChm
    CAM UnZip 4.42
    Casino Collection
    CCleaner
    Critical Update for Windows Media Player 11 (KB959772)
    D1600
    Definition update for Microsoft Office 2010 (KB982726)
    DeviceDiscovery
    DJ_SF_06_D1600_SW_Min
    GIMP 2.6.10
    GPBaseService2
    Help Center
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 13.0
    HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
    HP Imaging Device Functions 13.0
    HP Print Projects 1.0
    HP Solution Center 13.0
    HP Update
    hpPrintProjects
    HPProductAssistant
    hpWLPGInstaller
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    IBM ThinkPad UltraNav Driver
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    MarketResearch
    Message Center
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Spanish) 2007
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Spanish) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Software Update for Web Folders (Spanish) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    MLB.TV NexDef Plug-in
    Mozilla Firefox (3.6.12)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    PDF Settings
    PriceGong 2.1.0
    Productivity Center Supplement for ThinkPad
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Registry Mechanic 10.0
    Remove Multimedia Center
    Rescue and Recovery - Client Security Solution
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Snapshot Viewer
    Software Installer
    SolutionCenter
    Sonic Express Labeler
    Sonic Update Manager
    SoundMAX
    Status
    System Migration Assistant
    TBS WMP Plug-in
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Keyboard Customizer Utility
    ThinkPad Modem
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Wizard
    ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    ThinkVantage Away Manager
    ThinkVantage Technologies Welcome Message
    Toolbox
    TrackPoint Accessibility Features
    TrayApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoLAN VLC media player 0.8.6f
    Viewpoint Media Player
    Wallpapers
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows XP Service Pack 3
    XP Codec Pack
    XP Themes
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== Event Viewer Messages From Past Week ========

    12/5/2010 7:52:54 PM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s).
    12/5/2010 5:02:43 PM, error: Dhcp [1002] - The IP address lease 10.72.222.149 for the Network Card with network address 0016CF0D0D35 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    12/5/2010 4:28:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    12/5/2010 4:28:08 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/5/2010 4:28:02 PM, error: Dhcp [1002] - The IP address lease 10.72.223.141 for the Network Card with network address 0016CF0D0D35 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    12/5/2010 10:15:55 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/11/2010 8:29:33 AM, error: Dhcp [1002] - The IP address lease 10.72.223.238 for the Network Card with network address 0016CF0D0D35 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    12/11/2010 3:09:02 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    12/11/2010 3:07:20 PM, error: Dhcp [1002] - The IP address lease 10.72.223.236 for the Network Card with network address 0016CF0D0D35 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    12/11/2010 12:58:29 PM, error: Dhcp [1002] - The IP address lease 10.72.223.245 for the Network Card with network address 0016CF0D0D35 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
    12/11/2010 12:49:22 PM, error: Service Control Manager [7034] - The AT&T RcAppSvc service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:16 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/11/2010 12:49:14 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:14 PM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:13 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:13 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:12 PM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:12 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:12 PM, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:11 PM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:09 PM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 12:49:09 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
    12/11/2010 11:58:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Zune Bus Enumerator service to connect.
    12/11/2010 11:58:24 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    12/11/2010 10:20:50 AM, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.
    12/11/2010 10:20:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    ==== End Of File ===========================













    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-11 15:06:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.AS31
    Running: foqqeff8.exe; Driver: C:\DOCUME~1\Oscar\LOCALS~1\Temp\pwwcqfog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA49A750A]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA49A732E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA49A7468]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----









    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5295

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/11/2010 11:57:35 AM
    mbam-log-2010-12-11 (11-57-35).txt

    Scan type: Full scan (C:\|R:\|)
    Objects scanned: 238813
    Time elapsed: 1 hour(s), 7 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Oscar\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
     
  4. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    im a noob... i posted as requested but i dont see my post?
     
  5. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    No worries :)
    It required my approval.
    Hold on....
     
  6. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0002000c

    Kernel Drivers (total 160):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A7D000 \WINDOWS\system32\KDCOM.DLL
    0xF798D000 \WINDOWS\system32\BOOTVID.dll
    0xF744E000 ACPI.sys
    0xF7A7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF743D000 pci.sys
    0xF757D000 isapnp.sys
    0xF7991000 compbatt.sys
    0xF7995000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B45000 pciide.sys
    0xF77FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF741F000 pcmcia.sys
    0xF758D000 MountMgr.sys
    0xF7400000 ftdisk.sys
    0xF7A81000 dmload.sys
    0xF73DA000 dmio.sys
    0xF7805000 PartMgr.sys
    0xF7999000 ACPIEC.sys
    0xF7B46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF759D000 VolSnap.sys
    0xF73C2000 atapi.sys
    0xF72EC000 iaStor.sys
    0xF75AD000 disk.sys
    0xF75BD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72CC000 fltmgr.sys
    0xF72BA000 sr.sys
    0xF75CD000 PxHelp20.sys
    0xF72A3000 KSecDD.sys
    0xF7216000 Ntfs.sys
    0xF71E9000 NDIS.sys
    0xF75DD000 ohci1394.sys
    0xF75ED000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF71CF000 Mup.sys
    0xF7A83000 BMLoad.sys
    0xF761D000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF772D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF608F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF607B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6053000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6030000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF5FBD000 \SystemRoot\system32\DRIVERS\ar5211.sys
    0xF78CD000 \SystemRoot\System32\drivers\swmsflt.sys
    0xF78D5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5F99000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78DD000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF774D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF78E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF5F58000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7AE1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF78ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF78F5000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xF713A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7136000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xF775D000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF6CA7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF6C97000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF5F35000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7C18000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7AE3000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF78FD000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6C87000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF712E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5F1E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF6C77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF6C67000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7905000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5F0D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF6C57000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF790D000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7915000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF791D000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF5EDD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF6C47000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7AE5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5E7F000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A35000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF6C37000 \SystemRoot\system32\DRIVERS\zumbus.sys
    0xF653A000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF5E0E000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xF776D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAA25F000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xAA23B000 \SystemRoot\system32\drivers\portcls.sys
    0xF77CD000 \SystemRoot\system32\drivers\drmk.sys
    0xAA175000 \SystemRoot\system32\drivers\AEAudio.sys
    0xAA13B000 \SystemRoot\system32\DRIVERS\hsxhwazl.sys
    0xAA044000 \SystemRoot\system32\DRIVERS\hsx_dpv.sys
    0xA9F8E000 \SystemRoot\system32\DRIVERS\hsx_cnxt.sys
    0xF766D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF61DA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B23000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7BD7000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B25000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7885000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF788D000 \SystemRoot\System32\drivers\vga.sys
    0xF7B27000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B29000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7895000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF789D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF71A3000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA87DB000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA8782000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF78A5000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
    0xF76DD000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA8734000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA870C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF718F000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA86EA000 \SystemRoot\System32\drivers\afd.sys
    0xF76ED000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF78AD000 \SystemRoot\System32\drivers\Tppwrif.sys
    0xF78B5000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
    0xA869F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA862F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF771D000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8608000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF78C5000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA96CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA9662000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xA9652000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA9642000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xF71A7000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA1A2F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA0C28000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA16E4000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA1F80000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B74000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA875E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA0C11000 \SystemRoot\system32\DRIVERS\WudfPf.sys
    0xA8302000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA0BFB000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    0xA4FB5000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
    0xA33AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA0BE4000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA0ACC000 \SystemRoot\system32\DRIVERS\nwrdr.sys
    0xA0A9F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA0A12000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA0D88000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7845000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0xA501D000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
    0xA083B000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA0A47000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
    0xA076B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA0833000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF762D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    0xF7AF1000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
    0xAA1EB000 \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
    0xF7B61000 \??\C:\Program Files\SMI2\smi2.sys
    0xA8332000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x9FAB9000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA9F0D000 \??\C:\WINDOWS\system32\PCTINDIS5.SYS
    0x9F5F2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x9F22B000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    760 C:\WINDOWS\system32\smss.exe
    808 csrss.exe
    832 C:\WINDOWS\system32\winlogon.exe
    880 C:\WINDOWS\system32\services.exe
    892 C:\WINDOWS\system32\lsass.exe
    1044 C:\WINDOWS\system32\ibmpmsvc.exe
    1072 C:\WINDOWS\system32\svchost.exe
    1132 svchost.exe
    1180 C:\WINDOWS\system32\svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1304 svchost.exe
    1400 svchost.exe
    1608 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1980 C:\WINDOWS\system32\BRSVC01A.EXE
    1996 C:\WINDOWS\system32\spoolsv.exe
    2004 C:\WINDOWS\system32\BRSS01A.EXE
    196 svchost.exe
    1704 C:\WINDOWS\system32\IPSSVC.EXE
    1724 C:\Program Files\Bonjour\mDNSResponder.exe
    1756 C:\WINDOWS\system32\svchost.exe
    268 C:\WINDOWS\system32\svchost.exe
    324 C:\Program Files\Java\jre6\bin\jqs.exe
    516 C:\Program Files\Common Files\Motive\McciCMService.exe
    584 C:\WINDOWS\system32\svchost.exe
    636 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    656 C:\WINDOWS\system32\svchost.exe
    680 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    724 C:\WINDOWS\system32\svchost.exe
    852 C:\WINDOWS\system32\TpKmpSvc.exe
    1372 ibmtcsd.exe
    1444 C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    1456 C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    1480 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1208 C:\WINDOWS\system32\ZuneBusEnum.exe
    2068 wmpnetwk.exe
    2424 alg.exe
    2764 C:\WINDOWS\explorer.exe
    2888 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2968 C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    3164 C:\WINDOWS\system32\hkcmd.exe
    3180 C:\WINDOWS\system32\igfxpers.exe
    3192 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
    3204 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    3284 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    3412 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    3464 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3476 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    3524 C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    3592 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    3608 C:\WINDOWS\system32\rundll32.exe
    3688 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    3776 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    3808 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    3820 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3828 C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3904 C:\Program Files\Zune\ZuneLauncher.exe
    3916 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    3936 C:\WINDOWS\system32\ctfmon.exe
    3948 C:\Program Files\Messenger\msmsgs.exe
    3992 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4036 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    4048 C:\Documents and Settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
    2852 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    2880 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    2984 C:\Program Files\AT&T\Communication Manager\ATTCM.exe
    3716 C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    3132 C:\Program Files\Mozilla Firefox\firefox.exe
    2332 C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    428 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    2536 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    3060 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    4852 C:\Program Files\AT&T\Communication Manager\bmctl.exe
    3100 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5764 OSPPSVC.EXE
    5636 C:\Documents and Settings\Oscar\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK6032GSX, Rev: AS314E

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: A4A01DCDE4619D495E4908F80D7A1A5F7D9E7BA0


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  8. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    ComboFix 10-12-11.03 - Oscar 12/11/2010 19:46:24.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.395 [GMT -5:00]
    Running from: c:\documents and settings\Oscar\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Oscar\Application Data\PriceGong
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Oscar\Application Data\PriceGong\Data\z.xml
    c:\program files\Altnet
    c:\program files\Altnet\Download Manager\altinst1.dll
    c:\program files\Altnet\Download Manager\altinst2.dll
    c:\windows\system32\P2P Networking
    c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
    c:\windows\system32\P2P Networking\P2P Networking.eng
    c:\windows\system32\WPDMTPA.DLL

    ----- BITS: Possible infected sites -----

    hxxp://nexdef.mlb.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
    .

    2010-12-11 21:52 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 17:10 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-11 17:10 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-11 17:10 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-11 17:10 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-11 17:10 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-11 17:10 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-11 17:10 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-11 17:09 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\program files\Alwil Software
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-11 15:47 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 15:45 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 15:45 . 2010-12-11 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 15:08 . 2010-12-11 15:08 -------- d-----w- c:\documents and settings\Oscar\Application Data\Registry Mechanic
    2010-12-11 15:02 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-11 15:02 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-11 15:02 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-11 15:02 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-11 15:02 . 2008-09-18 03:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-12-11 15:02 . 2010-12-11 15:02 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-11-28 16:10 . 2010-11-28 16:10 0 ---ha-w- c:\documents and settings\Oscar\Local Settings\Application Data\BIT18C.tmp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-05 14:42 . 2008-01-14 03:09 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 18:19 . 2010-09-24 18:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-24 17:06 . 2010-09-24 17:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2010-09-24 16:31 . 2009-12-14 23:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 16:23 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 13:35 . 2010-09-18 13:35 18944 ----a-r- c:\documents and settings\Oscar\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2010-09-18 06:53 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 1980-01-01 08:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 1980-01-01 08:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-09-25 02:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2008-01-18 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
    2010-03-28 19:47 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-10 94208]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 69632]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-22 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-23 151552]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-23 208896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-03-11 883272]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\documents and settings\Oscar\Start Menu\Programs\Startup\
    MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-7-20 802960]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-03-23 10:03 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 07:45 28672 -c----w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 04:16 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/11/2010 12:10 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2010 12:10 PM 17744]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/11/2010 10:02 AM 632792]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 4:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 8:12 PM 121416]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - BMLoad
    *Deregistered* - WAM

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-12 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-14 09:13]

    2010-12-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-12-12 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2010-12-11 22:05]

    2010-12-11 c:\windows\Tasks\RMSmartUpdate.job
    - c:\program files\Registry Mechanic\Update.exe [2010-12-11 17:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    LSP: bmnet.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    AddRemove-Brother Analysis Tool - c:\program files\Brother\Brother Analysis Tool\Uninst.isu
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Oscar\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-11 19:54
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(824)
    c:\windows\system32\tphklock.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    - - - - - - - > 'lsass.exe'(880)
    c:\windows\system32\bmnet.dll

    - - - - - - - > 'explorer.exe'(5624)
    c:\windows\system32\WININET.dll
    c:\windows\system32\PROCHLP.DLL
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\brss01a.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\ZuneBusEnum.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\windows\system32\rundll32.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-11 19:59:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-12 00:59

    Pre-Run: 24,699,695,104 bytes free
    Post-Run: 24,555,638,784 bytes free

    - - End Of File - - 6ACC289A4EBFE87B5D551335B37D1A59
     
  9. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    ...and the reason, you refused recovery console is?

    We'll start with fixing your MBR:
    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  10. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    Quote:
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    ...and the reason, you refused recovery console is?


    no sure, i thought i hit yes.
     
  11. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    for the MBR code ill have to wait till i get home since i dont have any blank any CDs on me, just a USB flash. Can i use that? or just wait till i get a CD
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    We can do it without CD, if you re-run Combofix and allow recovery console installation.
    Post new Combofix log then.
     
  13. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    ComboFix 10-12-11.03 - Oscar 12/12/2010 12:26:14.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.366 [GMT -5:00]
    Running from: c:\documents and settings\Oscar\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible infected sites -----

    hxxp://nexdef.mlb.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
    .

    2010-12-11 21:52 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 17:10 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-11 17:10 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-11 17:10 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-11 17:10 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-11 17:10 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-11 17:10 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-11 17:10 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-11 17:09 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\program files\Alwil Software
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-11 15:47 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 15:45 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 15:45 . 2010-12-11 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 15:08 . 2010-12-11 15:08 -------- d-----w- c:\documents and settings\Oscar\Application Data\Registry Mechanic
    2010-12-11 15:02 . 2010-09-16 17:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2010-12-11 15:02 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-12-11 15:02 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-12-11 15:02 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-12-11 15:02 . 2008-09-18 03:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-12-11 15:02 . 2010-12-11 15:02 -------- d-----w- c:\program files\Common Files\PC Tools
    2010-11-28 16:10 . 2010-11-28 16:10 0 ---ha-w- c:\documents and settings\Oscar\Local Settings\Application Data\BIT18C.tmp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-05 14:42 . 2008-01-14 03:09 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 18:19 . 2010-09-24 18:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-24 17:06 . 2010-09-24 17:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2010-09-24 16:31 . 2009-12-14 23:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 16:23 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 13:35 . 2010-09-18 13:35 18944 ----a-r- c:\documents and settings\Oscar\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2010-09-18 06:53 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 1980-01-01 08:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 1980-01-01 08:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-09-25 02:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2008-01-18 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
    2010-03-28 19:47 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-10 94208]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 69632]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-22 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-23 151552]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-23 208896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-03-11 883272]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\documents and settings\Oscar\Start Menu\Programs\Startup\
    MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-7-20 802960]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-03-23 10:03 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 07:45 28672 -c----w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 04:16 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/11/2010 12:10 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2010 12:10 PM 17744]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [12/11/2010 10:02 AM 632792]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 4:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 8:12 PM 121416]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - BMLoad

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-12 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-14 09:13]

    2010-12-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-12-12 c:\windows\Tasks\RMSchedule.job
    - c:\program files\Registry Mechanic\RegMech.exe [2010-12-11 22:05]

    2010-12-12 c:\windows\Tasks\RMSmartUpdate.job
    - c:\program files\Registry Mechanic\Update.exe [2010-12-11 17:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    LSP: bmnet.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-12 12:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(840)
    c:\windows\system32\tphklock.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    - - - - - - - > 'lsass.exe'(896)
    c:\windows\system32\bmnet.dll
    .
    Completion time: 2010-12-12 12:34:32
    ComboFix-quarantined-files.txt 2010-12-12 17:34
    ComboFix2.txt 2010-12-12 00:59

    Pre-Run: 24,662,634,496 bytes free
    Post-Run: 24,650,149,888 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    - - End Of File - - 068833595E9EEA65DA96E3966FFFA225
     
  14. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good :)

    Restart computer
    When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
    If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

    You should get a black screen with a C:\> prompt. Type with an Enter after each line:

    fixmbr

    (If it asks you if you are sure then say "Y".)

    exit

    Reboot computer.

    Post fresh MBRCheck log.
     
  15. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0002000c

    Kernel Drivers (total 159):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7A7D000 \WINDOWS\system32\KDCOM.DLL
    0xF798D000 \WINDOWS\system32\BOOTVID.dll
    0xF744E000 ACPI.sys
    0xF7A7F000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF743D000 pci.sys
    0xF757D000 isapnp.sys
    0xF7991000 compbatt.sys
    0xF7995000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B45000 pciide.sys
    0xF77FD000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF741F000 pcmcia.sys
    0xF758D000 MountMgr.sys
    0xF7400000 ftdisk.sys
    0xF7A81000 dmload.sys
    0xF73DA000 dmio.sys
    0xF7805000 PartMgr.sys
    0xF7999000 ACPIEC.sys
    0xF7B46000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF759D000 VolSnap.sys
    0xF73C2000 atapi.sys
    0xF72EC000 iaStor.sys
    0xF75AD000 disk.sys
    0xF75BD000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72CC000 fltmgr.sys
    0xF72BA000 sr.sys
    0xF75CD000 PxHelp20.sys
    0xF72A3000 KSecDD.sys
    0xF7216000 Ntfs.sys
    0xF71E9000 NDIS.sys
    0xF75DD000 ohci1394.sys
    0xF75ED000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF71CF000 Mup.sys
    0xF7A83000 BMLoad.sys
    0xF761D000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF76BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF5C40000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF5C2C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF5C04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF5BE1000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF5B6E000 \SystemRoot\system32\DRIVERS\ar5211.sys
    0xF78F5000 \SystemRoot\System32\drivers\swmsflt.sys
    0xF78FD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF5B4A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7905000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF76CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF790D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF5B09000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7AD7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7915000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF791D000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
    0xF7A31000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7A35000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0xF76DD000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76FD000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF5AE6000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7AD9000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xF7925000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF770D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7A3D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5ACF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF771D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF772D000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF792D000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5ABE000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF773D000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7935000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF793D000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7945000 \SystemRoot\system32\DRIVERS\RimSerial.sys
    0xF5A8E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF774D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7ADB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5A30000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7A59000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF5F07000 \SystemRoot\system32\DRIVERS\zumbus.sys
    0xF5EF7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xF59BF000 \SystemRoot\System32\Drivers\wdf01000.sys
    0xF5ED7000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA9CAE000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA9C8A000 \SystemRoot\system32\drivers\portcls.sys
    0xF6604000 \SystemRoot\system32\drivers\drmk.sys
    0xA9C64000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA9C2A000 \SystemRoot\system32\DRIVERS\hsxhwazl.sys
    0xA9B33000 \SystemRoot\system32\DRIVERS\hsx_dpv.sys
    0xA9A7D000 \SystemRoot\system32\DRIVERS\hsx_cnxt.sys
    0xF65F4000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF6ED2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B15000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B59000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B17000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF78D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF78DD000 \SystemRoot\System32\drivers\vga.sys
    0xF7B19000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B1B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF78E5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF78ED000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF6EC2000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA9067000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA900E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA9926000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
    0xAA055000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA8FE8000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA8FC0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF6EB2000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA8F76000 \SystemRoot\System32\drivers\afd.sys
    0xAA045000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA98E6000 \SystemRoot\System32\drivers\Tppwrif.sys
    0xA98DE000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
    0xA5084000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA5014000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA9A2D000 \SystemRoot\System32\Drivers\Fips.SYS
    0xAA0B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA9A0D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xA981A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA99FD000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA99ED000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xA4FC5000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xA9347000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x9B79F000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x9A77E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x9BFB5000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9BE3E000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x9AAF5000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA08D6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9A767000 \SystemRoot\system32\DRIVERS\WudfPf.sys
    0x9A9E3000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x9A751000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
    0x9FB30000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
    0xA97FA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9A73A000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x9A622000 \SystemRoot\system32\DRIVERS\nwrdr.sys
    0x9A5CD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA2BD7000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0x9ACBD000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
    0x9A53C000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9A5FA000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
    0x9A494000 \SystemRoot\system32\DRIVERS\srv.sys
    0x9A530000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF76AD000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
    0xF7AAF000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
    0x9B75F000 \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
    0xF7C44000 \??\C:\Program Files\SMI2\smi2.sys
    0xF7985000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x99E17000 \SystemRoot\system32\drivers\wdmaud.sys
    0x9A03C000 \SystemRoot\system32\drivers\sysaudio.sys
    0x9FCE3000 \??\C:\WINDOWS\system32\PCTINDIS5.SYS
    0x9912B000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x98E0F000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 76):
    0 System Idle Process
    4 System
    768 C:\WINDOWS\system32\smss.exe
    820 csrss.exe
    844 C:\WINDOWS\system32\winlogon.exe
    888 C:\WINDOWS\system32\services.exe
    900 C:\WINDOWS\system32\lsass.exe
    1052 C:\WINDOWS\system32\ibmpmsvc.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1140 svchost.exe
    1188 C:\WINDOWS\system32\svchost.exe
    1228 C:\WINDOWS\system32\svchost.exe
    1324 svchost.exe
    1408 svchost.exe
    1628 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1888 C:\WINDOWS\system32\BRSVC01A.EXE
    1904 C:\WINDOWS\system32\BRSS01A.EXE
    1912 C:\WINDOWS\system32\spoolsv.exe
    1992 svchost.exe
    732 C:\WINDOWS\system32\IPSSVC.EXE
    748 C:\Program Files\Bonjour\mDNSResponder.exe
    1012 C:\WINDOWS\system32\svchost.exe
    1284 C:\WINDOWS\system32\svchost.exe
    1376 C:\Program Files\Java\jre6\bin\jqs.exe
    1464 C:\Program Files\Common Files\Motive\McciCMService.exe
    168 C:\WINDOWS\system32\svchost.exe
    216 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    240 C:\WINDOWS\system32\svchost.exe
    280 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    376 C:\WINDOWS\system32\svchost.exe
    392 C:\WINDOWS\system32\TpKmpSvc.exe
    500 ibmtcsd.exe
    516 C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    544 C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    576 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    664 C:\WINDOWS\system32\ZuneBusEnum.exe
    1544 wmpnetwk.exe
    2204 C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    2440 alg.exe
    2624 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3380 C:\WINDOWS\explorer.exe
    3676 C:\WINDOWS\system32\hkcmd.exe
    3684 C:\WINDOWS\system32\igfxpers.exe
    3704 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
    3720 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    3740 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    3780 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    3800 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    3836 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    3884 C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    3892 C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    3952 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    3964 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    4024 C:\WINDOWS\system32\rundll32.exe
    4092 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    212 C:\Program Files\AT&T\Communication Manager\ATTCM.exe
    312 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    644 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    2248 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2604 C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    2732 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2912 C:\Program Files\Zune\ZuneLauncher.exe
    672 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3028 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3396 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3636 C:\Documents and Settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
    3660 C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    3048 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    3552 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    3988 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3908 C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    4860 C:\Program Files\AT&T\Communication Manager\bmctl.exe
    4068 C:\WINDOWS\system32\wuauclt.exe
    4072 C:\Program Files\Mozilla Firefox\firefox.exe
    5948 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4388 C:\Documents and Settings\Oscar\My Documents\Downloads\MBRCheck(2).exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK6032GSX, Rev: AS314E

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  16. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good job :)

    Uninstall Registry Mechanic.

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =====================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\documents and settings\Oscar\Local Settings\Application Data\BIT18C.tmp
    c:\windows\Tasks\RMSchedule.job
    c:\windows\Tasks\RMSmartUpdate.job
    
    
    Folder::
    c:\program files\PriceGong
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    ComboFix 10-12-11.03 - Oscar 12/12/2010 14:38:25.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.512 [GMT -5:00]
    Running from: c:\documents and settings\Oscar\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Oscar\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\documents and settings\Oscar\Local Settings\Application Data\BIT18C.tmp"
    "c:\windows\Tasks\RMSchedule.job"
    "c:\windows\Tasks\RMSmartUpdate.job"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\documents and settings\Oscar\Application Data\PriceGong
    c:\documents and settings\Oscar\Local Settings\Application Data\BIT18C.tmp
    c:\program files\PriceGong
    c:\program files\PriceGong\2.1.0\FF\chrome.manifest
    c:\program files\PriceGong\2.1.0\FF\components\PriceGong.xpt
    c:\program files\PriceGong\2.1.0\FF\components\PriceGongFF.dll
    c:\program files\PriceGong\2.1.0\FF\content\options.js
    c:\program files\PriceGong\2.1.0\FF\content\options.xul
    c:\program files\PriceGong\2.1.0\FF\content\PriceGong.png
    c:\program files\PriceGong\2.1.0\FF\install.rdf
    c:\program files\PriceGong\2.1.0\PriceGongIE.dll
    c:\program files\PriceGong\uninst.exe

    ----- BITS: Possible infected sites -----

    hxxp://nexdef.mlb.com
    .
    ((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
    .

    2010-12-11 21:52 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 17:10 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-11 17:10 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-11 17:10 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-11 17:10 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-11 17:10 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-12-11 17:10 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-12-11 17:10 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-12-11 17:09 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\program files\Alwil Software
    2010-12-11 17:09 . 2010-12-11 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-12-11 15:47 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-11 15:45 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 15:45 . 2010-12-11 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-11 15:08 . 2010-12-11 15:08 -------- d-----w- c:\documents and settings\Oscar\Application Data\Registry Mechanic
    2010-12-11 15:02 . 2010-12-12 19:27 -------- d-----w- c:\program files\Common Files\PC Tools

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-05 14:42 . 2008-01-14 03:09 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 18:19 . 2010-09-24 18:19 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
    2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-24 17:06 . 2010-09-24 17:06 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
    2010-09-24 16:31 . 2009-12-14 23:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2010-09-18 16:23 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 13:35 . 2010-09-18 13:35 18944 ----a-r- c:\documents and settings\Oscar\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
    2010-09-18 06:53 . 1980-01-01 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 1980-01-01 08:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 1980-01-01 08:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50 . 2010-09-25 02:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29 . 2008-01-18 01:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-12_17.31.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-12 18:46 . 2010-12-12 18:46 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 313472]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "TP4EX"="tp4ex.exe" [2005-10-17 65536]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-10 94208]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
    "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-03-23 69632]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-22 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-03-23 151552]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-03-23 208896]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-03-11 883272]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-07 202256]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\documents and settings\Oscar\Start Menu\Programs\Startup\
    MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-7-20 802960]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
    2006-03-23 10:03 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 07:45 28672 -c----w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 04:16 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/11/2010 12:10 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2010 12:10 PM 17744]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 4:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 7:45 PM 3968]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/10/2010 8:12 PM 121416]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - BMLoad

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-12 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-14 09:13]

    2010-12-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    LSP: bmnet.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-12 14:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(844)
    c:\windows\system32\tphklock.dll
    c:\program files\Lenovo\AwayTask\AwayNotify.dll

    - - - - - - - > 'lsass.exe'(900)
    c:\windows\system32\bmnet.dll
    .
    Completion time: 2010-12-12 14:46:01
    ComboFix-quarantined-files.txt 2010-12-12 19:45
    ComboFix2.txt 2010-12-12 17:34
    ComboFix3.txt 2010-12-12 00:59

    Pre-Run: 25,309,683,712 bytes free
    Post-Run: 25,297,317,888 bytes free

    - - End Of File - - B409398FE3C6A7FD9B4C952BB7E4593C
     
  18. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    PC is running smooth now, no error msg or anything. what was it? a virus?



    OTL Extras logfile created on: 12/12/2010 3:13:37 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Oscar\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 46.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51.33 Gb Total Space | 23.58 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
    Drive R: | 99.72 Mb Total Space | 0.01 Mb Free Space | 0.01% Space Free | Partition Type: FAT

    Computer Name: LENOVO-FA0500C5 | User Name: Oscar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = Max3.Association.HTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Maxthon3\Bin\Maxthon.exe" "%1" File not found
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
    "{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
    "{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12
    "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
    "{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
    "{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
    "{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.en-us_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.en-us_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.en-us_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
    "{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
    "{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CA89B56F-E71B-4E08-82A9-580533E1C048}" = System Migration Assistant
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
    "{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
    "{ECB82093-A207-4B57-A0C3-81202EBC39D8}" = AT&T Communication Manager
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Autobahn" = MLB.TV NexDef Plug-in
    "avast5" = avast! Free Antivirus
    "AwayTask" = ThinkVantage Away Manager
    "Casino Collection" = Casino Collection
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "CUZ4_is1" = CAM UnZip 4.42
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
    "InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Power Management Driver" = ThinkPad Power Management Driver
    "RealPlayer 12.0" = RealPlayer
    "Remove Multimedia Center" = Remove Multimedia Center
    "Snapshot Viewer" = Snapshot Viewer
    "SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "ThinkPadSoftwareInstaller" = Software Installer
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.10
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
    "XP Codec Pack" = XP Codec Pack
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2010 1:10:32 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:32 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:32 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:32 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:32 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:34 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:10:34 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 1:11:02 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: A connection with the server could not be established

    Error - 12/11/2010 1:11:02 PM | Computer Name = LENOVO-FA0500C5 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 12/11/2010 8:43:15 PM | Computer Name = LENOVO-FA0500C5 | Source = Application Error | ID = 1000
    Description = Faulting application ZuneBusEnum.exe, version 4.7.1404.0, faulting
    module unknown, version 0.0.0.0, fault address 0x1000b581.

    [ OSession Events ]
    Error - 4/24/2010 10:45:32 PM | Computer Name = LENOVO-FA0500C5 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    [ System Events ]
    Error - 12/11/2010 6:28:06 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7000
    Description = The Parallel port driver service failed to start due to the following
    error: %%1058

    Error - 12/11/2010 6:28:06 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7002
    Description = The BrPar service depends on the Parallel arbitrator group and no
    member of this group started.

    Error - 12/12/2010 1:18:09 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/12/2010 1:19:13 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/12/2010 1:22:06 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/12/2010 1:22:44 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/12/2010 1:26:07 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/12/2010 1:26:08 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 12/12/2010 1:26:23 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7016
    Description = The BrSplService service has reported an invalid current state 0.

    Error - 12/12/2010 1:27:56 PM | Computer Name = LENOVO-FA0500C5 | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.


    < End of report >
     
  20. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    had to split up the OTL in two post



    OTL logfile created on: 12/12/2010 3:13:37 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Oscar\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 465.00 Mb Available Physical Memory | 46.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51.33 Gb Total Space | 23.58 Gb Free Space | 45.94% Space Free | Partition Type: NTFS
    Drive R: | 99.72 Mb Total Space | 0.01 Mb Free Space | 0.01% Space Free | Partition Type: FAT

    Computer Name: LENOVO-FA0500C5 | User Name: Oscar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/12 15:12:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\My Documents\Downloads\OTL.exe
    PRC - [2010/09/24 13:19:08 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
    PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
    PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/07/06 20:39:46 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/07/06 14:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    PRC - [2010/05/14 13:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2010/03/10 20:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    PRC - [2010/03/10 20:10:24 | 000,883,272 | ---- | M] (ATT) -- C:\Program Files\AT&T\Communication Manager\ATTCM.exe
    PRC - [2010/03/10 20:02:30 | 000,390,272 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\AT&T\Communication Manager\bmctl.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/03/23 05:03:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
    PRC - [2006/03/23 05:03:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    PRC - [2005/12/21 21:34:58 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    PRC - [2005/12/21 21:20:56 | 001,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    PRC - [2005/12/21 21:13:20 | 002,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    PRC - [2005/12/21 21:08:02 | 001,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    PRC - [2005/12/21 20:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    PRC - [2005/11/15 16:13:24 | 000,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    PRC - [2005/11/14 18:23:22 | 000,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    PRC - [2005/11/11 04:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
    PRC - [2005/10/26 03:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    PRC - [2005/05/20 11:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2004/07/27 19:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2003/06/24 16:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2001/12/13 02:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/12/12 15:12:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Oscar\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2006/03/23 05:03:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL
    MOD - [2003/06/24 16:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
    SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/05/14 13:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/10 20:12:52 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
    SRV - [2008/01/20 23:50:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2006/03/23 05:03:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2005/12/21 21:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2005/12/21 21:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2005/12/21 20:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
    SRV - [2005/11/11 04:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2005/11/08 19:07:02 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2005/06/07 00:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
    SRV - [2001/11/23 02:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Oscar\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Oscar\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
    DRV - [2010/12/05 09:42:41 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/03/10 20:02:30 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
    DRV - [2010/03/10 20:00:10 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
    DRV - [2008/08/22 12:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2008/01/13 22:09:16 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2006/11/02 10:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/03/23 05:03:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006/03/23 04:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2006/01/31 13:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2005/12/21 20:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2005/12/21 19:45:56 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
    DRV - [2005/12/21 13:19:10 | 000,470,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2005/12/06 14:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
    DRV - [2005/12/06 14:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
    DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
    DRV - [2005/11/15 16:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
    DRV - [2005/11/11 04:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2005/10/26 13:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/10/12 15:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005/07/05 17:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
    DRV - [2005/05/17 13:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
    DRV - [2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/06/24 16:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 15:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2000/05/31 23:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (pmem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-flv&p="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/18 08:33:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/18 13:13:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 12:20:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 12:20:10 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension

    [2010/02/09 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Extensions
    [2010/02/09 18:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/12/12 09:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions
    [2010/10/10 13:28:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/10/10 13:28:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/10 13:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\extensions\toolbar@alot.com
    [2010/10/10 13:13:00 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\Oscar\Application Data\Mozilla\Firefox\Profiles\0jyy3stz.default\searchplugins\alot-search.xml
    [2010/12/12 09:18:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/26 21:13:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/12 14:44:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
    O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
    O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\Oscar\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Oscar\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
     
  21. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    here is the rest of the



    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.136.95.2 64.132.94.250
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\WINDOWS\1400_1050 Think Americas Map.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\1400_1050 Think Americas Map.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
    Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
    Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
    Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/12 12:24:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/12 10:39:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Oscar\Recent
    [2010/12/11 19:44:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/11 19:44:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/11 19:44:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/11 19:44:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/11 19:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/11 19:42:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/11 16:52:18 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2010/12/11 12:10:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/12/11 12:10:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/12/11 12:10:27 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/12/11 12:10:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/12/11 12:10:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/12/11 12:10:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/12/11 12:10:26 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/12/11 12:09:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/12/11 12:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/12/11 12:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/12/11 10:47:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/11 10:45:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/11 10:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/11 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Registry Mechanic
    [2010/12/11 10:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2010/12/11 10:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
    [2010/11/21 17:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Desktop\droid
    [2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/12/12 14:44:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/12 14:35:33 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\Shortcut to ComboFix.lnk
    [2010/12/12 13:47:24 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2010/12/12 13:47:16 | 000,008,888 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
    [2010/12/12 13:47:14 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/12 13:47:14 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    [2010/12/12 13:46:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/12 13:46:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/12 13:18:14 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
    [2010/12/11 16:52:19 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/12/11 14:50:20 | 104,857,600 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\SecureDrive.vol
    [2010/12/11 12:10:28 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/11 11:16:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1287374719-1552591571-343148099-1005.job
    [2010/12/11 10:47:21 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/05 09:42:41 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
    [2010/12/05 09:42:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/22 20:21:58 | 000,091,226 | R--- | M] () -- C:\Documents and Settings\Oscar\Desktop\SC_PPT_2a_oscarnunez_3_3.pptx
    [2010/11/22 19:04:36 | 000,043,364 | ---- | M] () -- C:\Documents and Settings\Oscar\Desktop\SCPPT2a_Ear.emf
    [2010/11/21 17:14:18 | 001,602,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2010/12/12 14:35:33 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\Shortcut to ComboFix.lnk
    [2010/12/12 12:24:40 | 000,000,194 | ---- | C] () -- C:\Boot.bak
    [2010/12/12 12:24:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/11 19:44:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/11 19:44:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/11 19:44:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/11 19:44:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/11 19:44:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/11 12:10:28 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/12/11 10:47:21 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/05 09:42:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/11/22 20:21:59 | 000,091,226 | R--- | C] () -- C:\Documents and Settings\Oscar\Desktop\SC_PPT_2a_oscarnunez_3_3.pptx
    [2010/11/22 19:04:35 | 000,043,364 | ---- | C] () -- C:\Documents and Settings\Oscar\Desktop\SCPPT2a_Ear.emf
    [2010/11/05 16:47:00 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2010/09/18 08:19:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Oscar\Application Data\AVSMediaPlayer.m3u
    [2010/09/18 08:06:15 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/09/18 08:06:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/07/06 20:47:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/04/14 19:24:58 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2010/01/24 02:20:44 | 000,003,804 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/01/29 23:27:51 | 000,010,448 | ---- | C] () -- C:\WINDOWS\System32\sbnetkey.sys
    [2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2008/09/11 10:53:44 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2008/09/11 10:50:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2008/09/11 10:50:15 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
    [2008/09/11 10:50:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Brwmark.ini
    [2008/09/11 10:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brohl144.ini
    [2008/09/11 10:47:52 | 000,000,296 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
    [2008/09/11 10:47:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\brpp2ka.ini
    [2008/09/11 10:47:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2008/09/11 10:47:52 | 000,000,011 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2008/03/07 17:14:50 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2008/02/21 19:02:13 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/10 20:18:14 | 000,002,887 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/13 22:27:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Oscar\Local Settings\Application Data\fusioncache.dat
    [2008/01/13 22:26:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
    [2008/01/13 22:26:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [2008/01/13 22:24:22 | 000,008,888 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
    [2008/01/13 22:24:22 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
    [2008/01/13 22:12:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/01/13 22:11:42 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2008/01/13 22:00:26 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2008/01/13 21:59:53 | 000,000,146 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/01/13 21:47:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
    [2008/01/13 21:46:12 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2008/01/13 21:46:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2008/01/04 16:58:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2006/02/02 19:37:10 | 000,004,676 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/10/17 18:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
    [2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
    [2004/08/09 14:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/09 13:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/06/24 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2008/01/13 22:26:57 | 000,000,194 | ---- | M] () -- C:\Boot.bak
    [2010/12/12 13:18:14 | 000,000,311 | RHS- | M] () -- C:\BOOT.INI
    [2008/01/13 22:06:46 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
    [2008/01/13 22:12:58 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
    [2004/08/09 13:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/12 14:46:01 | 000,015,670 | ---- | M] () -- C:\ComboFix.txt
    [2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2008/01/13 22:00:50 | 000,002,418 | ---- | M] () -- C:\drivez.log
    [2009/02/24 10:31:41 | 000,008,978 | ---- | M] () -- C:\EasyCD Ripper_log.txt
    [2009/04/14 11:24:30 | 000,173,420 | ---- | M] () -- C:\EZ Dock_log.txt
    [2010/12/12 13:46:32 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/17 13:49:15 | 000,175,349 | ---- | M] () -- C:\IbmEgath.XML
    [2008/01/13 22:27:24 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2008/02/13 07:40:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/11 08:41:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/12 13:46:29 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2008/09/10 21:48:26 | 000,001,296 | ---- | M] () -- C:\Player Library_log.txt
    [2008/09/12 13:19:59 | 000,028,424 | ---- | M] () -- C:\Player Loader_log.txt
    [2010/08/25 14:00:20 | 000,006,216 | ---- | M] () -- C:\rr.log
    [2010/09/18 08:34:48 | 000,042,232 | ---- | M] () -- C:\scramble.log
    [2010/01/27 22:23:19 | 000,000,644 | ---- | M] () -- C:\SVKSettings.txt
    [2008/01/13 21:58:24 | 000,001,559 | ---- | M] () -- C:\SYSLEVEL.IBM

    < %systemroot%\Fonts\*.com >
    [2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/09 13:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2001/12/13 02:01:00 | 000,027,836 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/04/16 17:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 13:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/09 13:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/09 13:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/11 08:51:32 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2008/01/13 22:27:32 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/09 14:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/18 08:02:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Oscar\Desktop\mbam-setup-1.46.exe
    [2009/03/16 23:11:33 | 000,476,696 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Oscar\Desktop\RealPlayer11GOLD.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/09/18 08:30:26 | 001,045,320 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Oscar\My Documents\DriverDetective.exe
    [2010/10/09 18:23:22 | 005,541,680 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\mlbnexdefinstall.exe
    [2010/10/10 09:05:56 | 014,302,896 | ---- | M] (Maxthon International ltd.) -- C:\Documents and Settings\Oscar\My Documents\mx3.0.17.1101.exe
    [2010/09/18 12:05:07 | 000,907,848 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\Oscar\My Documents\oss608ww.exe
    [2010/09/18 08:34:11 | 037,389,360 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\vlc-uber-setup.exe
    [2010/09/18 08:22:28 | 007,858,598 | ---- | M] () -- C:\Documents and Settings\Oscar\My Documents\XP-Codec-Pack_2.5.1.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/01/13 22:27:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Oscar\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/06/17 14:33:40 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Oscar\Cookies\desktop.ini
    [2010/12/12 14:50:42 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Oscar\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/27 01:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 04:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 04:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 04:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 04:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) 
      [2010/12/11 10:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Oscar\Application Data\Registry Mechanic
      [2010/12/11 10:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
      @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
      @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    All processes killed
    ========== OTL ==========
    Service Trufos stopped successfully!
    Service Trufos deleted successfully!
    File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys not found.
    Service Profos stopped successfully!
    Service Profos deleted successfully!
    File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\Documents and Settings\Oscar\Application Data\Registry Mechanic\log folder moved successfully.
    C:\Documents and Settings\Oscar\Application Data\Registry Mechanic folder moved successfully.
    C:\Program Files\Registry Mechanic\backup folder moved successfully.
    C:\Program Files\Registry Mechanic folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Oscar
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 36854 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49306765 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 1480 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1371 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Oscar
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12122010_163702

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  24. oscar1987

    oscar1987 TS Enthusiast Topic Starter Posts: 104

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 7.0.9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  25. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.