Solved Bad image error after every application opens

Status
Not open for further replies.
M

myantidrugboys

Posts: 32   +0
Bad image.JPG

This is the error that keeps popping up every time I open any application.
Im running XP and I was able to back up all of my files.

Im noob when it comes to computers so I hope some one can help me!

-Anti
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download and run exeHelper.

  • Please download exeHelper from Raktor to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file named log.txt will be created in the directory where you ran exeHelper.com
  • Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

See, if you can open your programs after running the above.
 
Please, always PASTE all logs.
Attached logs will NOT be reviewed.

exeHelper by Raktor
Build 20100414
Run at 17:33:14 on 12/18/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Do ALL of your programs are affected?
See, if same issue happens in Safe Mode.
 
I'm confused then...
How are you posting, if you said, you can't open ANY program?

Don't worry about time limit. It only applies, if you stay "mum" for more than 5 days.
 
No i can open all my programs, the message just pops up every time i try to open it and i have to click ok and then the program opens up
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5354

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2010 2:02:25 AM
mbam-log-2010-12-19 (02-02-25).txt

Scan type: Quick scan
Objects scanned: 154848
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\angle interactive\rd platinum v5.0 (PUP.RegistryDefender) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\angle interactive\rd platinum v5.0\report.csv (PUP.RegistryDefender) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-19 02:15:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54101 rev.MBZI
Running: xb4rbov9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugtdrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 2:19:56.14 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1205 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
mWinlogon: System=kdjal.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
{2903f82b-f0d3-41e5-be91-d16a3af6ff01}
{5207f056-f0d3-41e5-be91-d16a3af6ff01}
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{6755221f-cc42-4173-8b66-a34914ad9ee9}
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f300e1b2-c3da-4d6f-9d0d-84fa17bc377c}: {c773cb71-af48-d0d9-f6d4-ad3c2b1e003f}
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4C350B19-6CA1-4569-B14C-296D8D65300B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [GzSndExePath] c:\program files\gunze\gztp_pack\GzSnd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [GzSnd] %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [CSS Upgrade Assistant] "c:\program files\lenovo\css8_upgrade_asst.exe" /runkey
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [AMSG] c:\progra~1\thinkv~2\amsg\Amsg.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://stu-wireless-nac.stu.campus.wpunj.edu/auth/CCALogin.CAB
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
AppInit_DLLs: jsrklb.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUlICrO
LSA: Notification Packages = scecli ACGina psqlpwd ACGina ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hjk8ebf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-6-9 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-16 11608]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-6-24 13480]
R1 TSMSMI;TSM System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [2008-1-23 6656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-16 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-16 267944]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2010-9-27 79136]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-16 61960]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-6-9 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-8-7 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2010-9-27 71016]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-8-8 63928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-24 24652]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [2006-10-30 27008]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-1-23 23080]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2006-10-30 30888]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-11-16 45496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336]

=============== Created Last 30 ================

2010-12-16 12:30:47 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-12-16 12:30:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 12:30:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-16 12:30:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 12:30:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 12:20:45 -------- d-----w- c:\windows\system32\dumps
2010-12-16 07:30:50 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira
2010-12-16 07:29:11 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-16 07:29:09 -------- d-----w- c:\program files\Avira
2010-12-16 07:29:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-16 03:05:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-12-16 03:00:42 -------- d-----w- c:\program files\IObit
2010-12-15 20:15:11 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:14:42 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-15 10:14:21 20 ----a-w- c:\windows\system32\JSRKLB.DLL
2010-12-13 09:12:03 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Search
2010-12-13 08:22:32 -------- d-----w- c:\windows\system32\winrm
2010-12-13 08:22:21 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-13 08:21:48 -------- d-----w- c:\docume~1\admini~1\applic~1\Windows Desktop Search
2010-12-13 08:20:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-13 08:20:58 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-13 08:19:49 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-12-13 08:19:49 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-12-13 08:19:48 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-11-25 23:02:34 15256 ----a-w- c:\docume~1\admini~1\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-25 18:52:02 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software

==================== Find3M ====================

2010-12-19 06:35:41 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 04:30:26 759828 ----a-w- c:\program files\cc_20101108_233007.reg
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-05 06:29:00 251240 ------w- c:\windows\system32\PWMCPl.cpl
2010-11-05 06:29:00 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-01-17 18:04:41 9088 -c--a-w- c:\program files\cc_20090117_130427.reg
2008-12-22 19:32:02 20040 -c--a-w- c:\program files\cc_20081222_143158.reg
2008-12-22 19:28:32 45620 -c--a-w- c:\program files\cc_20081222_142702.reg

============= FINISH: 2:23:00.54 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2008 1:30:43 AM
System Uptime: 12/19/2010 2:05:17 AM (0 hours ago)

Motherboard: LENOVO | | 63668KU
Processor: Intel(R) Core(TM) Duo CPU L2500 @ 1.83GHz | None | 1828/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 2.691 GiB free.
D: is CDROM ()
R: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP338: 9/23/2010 8:49:24 AM - Avg Update
RP339: 9/23/2010 8:51:21 AM - Avg Update
RP340: 9/24/2010 9:24:59 AM - System Checkpoint
RP341: 9/25/2010 1:49:44 PM - System Checkpoint
RP342: 9/27/2010 12:30:32 AM - System Checkpoint
RP343: 9/27/2010 10:43:31 PM - Installed NetWaiting
RP344: 9/27/2010 10:44:05 PM - Installed NetWaiting
RP345: 9/27/2010 10:49:03 PM - Installed ThinkPad Tablet Shortcut Menu
RP346: 9/27/2010 10:50:06 PM - Installed Power Manager
RP347: 9/29/2010 6:27:01 AM - System Checkpoint
RP348: 9/30/2010 7:27:35 AM - Software Distribution Service 3.0
RP349: 10/1/2010 3:10:20 PM - System Checkpoint
RP350: 10/1/2010 3:40:38 PM - Unsigned driver install
RP351: 10/3/2010 3:28:01 AM - System Checkpoint
RP352: 10/4/2010 11:49:52 AM - Avg Update
RP353: 10/4/2010 2:56:46 PM - Unsigned driver install
RP354: 10/5/2010 5:04:26 AM - Software Distribution Service 3.0
RP355: 10/6/2010 12:49:42 AM - Software Distribution Service 3.0
RP356: 10/7/2010 2:14:59 AM - System Checkpoint
RP357: 10/8/2010 2:28:22 PM - System Checkpoint
RP358: 10/9/2010 3:13:22 PM - System Checkpoint
RP359: 10/10/2010 11:52:31 PM - System Checkpoint
RP360: 10/12/2010 12:11:56 AM - System Checkpoint
RP361: 10/14/2010 3:54:31 PM - System Checkpoint
RP362: 10/14/2010 9:00:34 PM - Software Distribution Service 3.0
RP363: 10/17/2010 5:19:48 AM - System Checkpoint
RP364: 10/18/2010 3:14:50 PM - System Checkpoint
RP365: 10/20/2010 1:34:45 AM - System Checkpoint
RP366: 10/21/2010 3:33:13 AM - System Checkpoint
RP367: 10/22/2010 2:19:11 PM - System Checkpoint
RP368: 10/23/2010 9:47:57 AM - Installed Java(TM) 6 Update 22
RP369: 10/25/2010 1:35:45 PM - System Checkpoint
RP370: 10/26/2010 11:52:25 AM - Avg Update
RP371: 10/28/2010 2:05:21 AM - Installed ThinkVantage Access Connections
RP372: 10/29/2010 4:06:45 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP373: 10/29/2010 4:07:03 AM - Installed AVG 2011
RP374: 10/29/2010 4:07:56 AM - Removed AVG Free 9.0
RP375: 10/29/2010 4:18:52 AM - Installed AVG 2011
RP376: 10/30/2010 6:09:09 AM - System Checkpoint
RP377: 10/31/2010 6:33:04 PM - System Checkpoint
RP378: 11/1/2010 6:42:54 PM - System Checkpoint
RP379: 11/3/2010 4:49:35 AM - System Checkpoint
RP380: 11/4/2010 7:44:21 PM - System Checkpoint
RP381: 11/6/2010 3:21:29 AM - System Checkpoint
RP382: 11/7/2010 5:00:29 AM - System Checkpoint
RP383: 11/9/2010 2:49:58 AM - System Checkpoint
RP384: 11/10/2010 5:35:17 AM - System Checkpoint
RP385: 11/11/2010 3:05:30 AM - Software Distribution Service 3.0
RP386: 11/12/2010 1:21:30 PM - System Checkpoint
RP387: 11/14/2010 1:58:29 AM - System Checkpoint
RP388: 11/15/2010 2:18:06 AM - System Checkpoint
RP389: 11/17/2010 12:52:44 AM - System Checkpoint
RP390: 11/19/2010 5:01:36 PM - System Checkpoint
RP391: 11/21/2010 3:29:41 AM - System Checkpoint
RP392: 11/22/2010 4:02:22 AM - System Checkpoint
RP393: 11/23/2010 5:28:32 AM - System Checkpoint
RP394: 11/24/2010 7:03:05 AM - System Checkpoint
RP395: 11/27/2010 6:33:23 AM - System Checkpoint
RP396: 11/29/2010 2:11:21 PM - System Checkpoint
RP397: 12/1/2010 1:40:56 PM - System Checkpoint
RP398: 12/3/2010 5:40:58 AM - System Checkpoint
RP399: 12/4/2010 5:49:28 AM - System Checkpoint
RP400: 12/5/2010 10:52:20 PM - System Checkpoint
RP401: 12/7/2010 6:24:10 AM - System Checkpoint
RP402: 12/9/2010 4:58:32 PM - System Checkpoint
RP403: 12/11/2010 4:14:44 AM - System Checkpoint
RP404: 12/12/2010 5:39:59 PM - System Checkpoint
RP405: 12/13/2010 3:03:42 AM - Installed Power Manager
RP406: 12/13/2010 3:15:15 AM - Software Distribution Service 3.0
RP407: 12/14/2010 2:03:03 AM - Software Distribution Service 3.0
RP408: 12/15/2010 6:55:29 AM - System Checkpoint
RP409: 12/15/2010 9:00:40 PM - Software Distribution Service 3.0
RP410: 12/15/2010 10:08:04 PM - Removed ooVoo
RP411: 12/17/2010 12:44:52 AM - System Checkpoint
RP412: 12/17/2010 9:00:25 PM - Software Distribution Service 3.0
RP413: 12/18/2010 4:46:49 PM - Removed AVG 2011
RP414: 12/18/2010 4:47:59 PM - Removed AVG 2011
RP415: 12/18/2010 5:15:32 PM - Removed Cisco Clean Access Agent.

==== Installed Programs ======================

µTorrent
Access Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Media Player
Adobe Reader 8.2.5
Adobe Shockwave Player 11.5
AGEIA PhysX v6.10.25
Agilix GoBinder Lite
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Choice Guard
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Lite
Help Center
High Definition Audio Driver Package - KB888111
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
InterVideo VirtualDrive
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Maintenance Manager
Malwarebytes' Anti-Malware
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Education Pack for Windows XP Tablet PC Edition
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Small Business Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack
MMI
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSN
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultiTouch Driver
MultiTouch Driver Supplement
ObjectDock
On Screen Display
Picasa 2
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Segoe UI
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
System Migration Assistant
System Update
Tablet PC Tutorials for Microsoft Windows XP SP2
The Game of Life 1.00
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TI Connect 1.6
TrackPoint Accessibility Features
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XP Themes
Zinio Reader

==== Event Viewer Messages From Past Week ========

12/19/2010 2:09:15 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2010 2:09:15 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/19/2010 2:09:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
12/18/2010 5:55:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC avgio avipbb eeCtrl Fips IBMTPCHK intelppm IPSec Lbd lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Smapint ssmdrv Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP TSMSMI
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:55:15 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 5:54:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/18/2010 5:54:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2010 4:08:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TabletSVC service.
12/18/2010 4:08:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
12/17/2010 2:15:00 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AcSvc service.
12/16/2010 7:24:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
12/16/2010 7:19:14 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:57 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/16/2010 7:18:54 AM, error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:54 AM, error: Service Control Manager [7034] - The Power Manager DBC Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:53 AM, error: Service Control Manager [7031] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/16/2010 7:18:50 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/16/2010 7:18:48 AM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:47 AM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:47 AM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:45 AM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:39 AM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:36 AM, error: Service Control Manager [7034] - The ThinkVantage Registry Monitor Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:35 AM, error: Service Control Manager [7034] - The TABLET Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:35 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:34 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTSMLBIZ service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:31 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:30 AM, error: Service Control Manager [7034] - The Lenovo Doze Mode Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:30 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:28 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:26 AM, error: Service Control Manager [7034] - The ASR Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:25 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/16/2010 7:18:24 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:24 AM, error: Service Control Manager [7031] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/16/2010 7:18:23 AM, error: Service Control Manager [7034] - The On Screen Display service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:23 AM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
12/16/2010 7:18:22 AM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
12/15/2010 12:01:55 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/13/2010 3:21:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Update for WMDRM-enabled Media Players (KB902344).
12/13/2010 1:17:02 AM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/12/2010 2:23:21 AM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0016CFA3C847 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
12/12/2010 1:36:52 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0002000c

Kernel Drivers (total 186):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E13000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DF3000 fltmgr.sys
0xB9DE1000 sr.sys
0xB9DCB000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DB4000 KSecDD.sys
0xBA338000 DozeHDD.sys
0xB9D27000 Ntfs.sys
0xB9CFA000 NDIS.sys
0xB9CDA000 Apsx86.sys
0xBA108000 ApsHM86.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CC0000 Mup.sys
0xBA158000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7F1F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7F0B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7EE3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7EA6000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB7D5D000 \SystemRoot\system32\DRIVERS\athw.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7D39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7D25000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\tkbtnpn.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA2F8000 \SystemRoot\system32\DRIVERS\tp4track.sys
0xB8788000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7CA9000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB84FD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8778000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9C98000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB7C95000 \SystemRoot\system32\DRIVERS\parport.sys
0xB84F5000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xB9C94000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB84ED000 \SystemRoot\system32\DRIVERS\wisdpen.sys
0xB84DD000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9C8C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB84D5000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB8768000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9C84000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA614000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8758000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8748000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7C72000 \SystemRoot\system32\DRIVERS\ks.sys
0xB84CD000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB7B81000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB84C5000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xBA79D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB84BD000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xB84B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8738000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB87BC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7B6A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8728000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8718000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB7B59000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8708000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7B29000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB86F8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\psadd.sys
0xBA616000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7ACB000 \SystemRoot\system32\DRIVERS\update.sys
0xB87AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA168000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA348000 \SystemRoot\system32\DRIVERS\btport.sys
0xBA188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA7751000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA772D000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xA765D000 \SystemRoot\system32\drivers\AEAudio.sys
0xA75F2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA7501000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA744E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA388000 \SystemRoot\System32\Drivers\Modem.SYS
0xB977F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA64E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA791D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9C4F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA660D000 \SystemRoot\system32\DRIVERS\GzTpHid.sys
0xA693D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5B4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7B7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5B6000 \SystemRoot\System32\Drivers\Beep.SYS
0xA65F5000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA65ED000 \SystemRoot\System32\drivers\vga.sys
0xBA5B8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA65E5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA5C81000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA6935000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2893000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA283A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2814000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA27EC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA5BA9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA27CA000 \SystemRoot\System32\drivers\afd.sys
0xA5B99000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5764000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA5BC000 \SystemRoot\system32\DRIVERS\TSMSMI32.SYS
0xA5C79000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA5C71000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA5C69000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xA5C61000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xA5C59000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA5C51000 \SystemRoot\System32\drivers\Smapint.sys
0xA266F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA25FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\smiif32.sys
0xBA5C0000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xA5754000 \SystemRoot\System32\Drivers\Fips.SYS
0xA5744000 \SystemRoot\System32\Drivers\tcusb.sys
0xA1DBC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA06ED000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5F2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA28CA000 \SystemRoot\System32\drivers\ANC.SYS
0x98F22000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7929000 \SystemRoot\System32\drivers\Dxapi.sys
0x9904F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6D5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x9856F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9FF90000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA68D000 \SystemRoot\System32\DLA\DLADResN.SYS
0x98559000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB9C9C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5CC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA5D0000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0xA26F2000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x98541000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9852B000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x98515000 \SystemRoot\system32\DRIVERS\irda.sys
0xA28A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98470000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA0062000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0x9838D000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA0917000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0x98234000 \SystemRoot\System32\Drivers\HTTP.sys
0x98107000 \SystemRoot\system32\drivers\wdmaud.sys
0x98F42000 \SystemRoot\system32\drivers\sysaudio.sys
0x98039000 \SystemRoot\system32\DRIVERS\srv.sys
0x985C4000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x981DC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9FC85000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0x9818C000 \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
0xBA7F1000 \??\C:\Program Files\SMI2\smi2.sys
0x97CD3000 \??\C:\WINDOWS\system32\drivers\tvtfilter.sys
0x96413000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9627D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 109):
0 System Idle Process
4 System
1352 C:\WINDOWS\system32\smss.exe
1400 csrss.exe
1428 C:\WINDOWS\system32\winlogon.exe
1472 C:\WINDOWS\system32\services.exe
1484 C:\WINDOWS\system32\lsass.exe
1728 C:\WINDOWS\system32\ibmpmsvc.exe
1760 C:\WINDOWS\system32\svchost.exe
1816 svchost.exe
1856 C:\WINDOWS\system32\svchost.exe
2036 svchost.exe
232 C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
368 svchost.exe
784 C:\WINDOWS\system32\spoolsv.exe
868 C:\Program Files\Avira\AntiVir Desktop\sched.exe
908 svchost.exe
980 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
992 C:\WINDOWS\system32\IPSSVC.EXE
1012 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1044 C:\WINDOWS\system32\acs.exe
1100 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1116 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1132 C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
1156 C:\Program Files\Bonjour\mDNSResponder.exe
1192 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1204 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
768 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
1276 PresentationFontCache.exe
1956 C:\WINDOWS\system32\svchost.exe
2028 C:\Program Files\Java\jre6\bin\jqs.exe
460 C:\WINDOWS\system32\wisptis.exe
652 C:\WINDOWS\system32\tabbtnu.exe
1512 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2104 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
2160 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2324 C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
2416 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2488 C:\WINDOWS\system32\TpKmpSvc.exe
2708 tvttcsd.exe
2824 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
3012 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3040 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3148 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3192 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3272 wmpnetwk.exe
3304 C:\WINDOWS\system32\searchindexer.exe
3576 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3892 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
3952 C:\Program Files\Lenovo\System Update\SUService.exe
2180 C:\WINDOWS\explorer.exe
2124 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
2768 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
2780 C:\WINDOWS\system32\ctfmon.exe
3228 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3852 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
656 alg.exe
3760 C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
3504 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
2480 C:\WINDOWS\system32\rundll32.exe
3020 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
3628 C:\Program Files\Gunze\GZTP_Pack\GzSnd.exe
1020 C:\WINDOWS\system32\TpShocks.exe
684 C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
3712 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2132 C:\WINDOWS\system32\igfxext.exe
884 C:\WINDOWS\system32\igfxsrvc.exe
1768 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
1888 C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
4048 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
932 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
2092 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2448 C:\Program Files\Picasa2\PicasaMediaDetector.exe
3424 C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
3348 igfxext.exe
2300 igfxsrvc.exe
3924 C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe
3640 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
4200 C:\PROGRA~1\Lenovo\NPDIRECT\tpfnf7sp.exe
4432 C:\WINDOWS\system32\igfxtray.exe
4908 C:\WINDOWS\system32\hkcmd.exe
5048 C:\WINDOWS\system32\svchost.exe
5044 C:\WINDOWS\system32\igfxpers.exe
5244 C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.EXE
5292 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
6028 C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
3848 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
1920 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
508 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
4484 C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe
4764 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
5000 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
5304 C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
5580 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
5928 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1876 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3808 C:\Program Files\Windows Media Player\wmpnscfg.exe
4896 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
5424 C:\Program Files\Digital Line Detect\DLG.exe
5532 C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
4888 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3416 C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
3800 C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
6128 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
4876 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
4164 C:\Program Files\Mozilla Firefox\firefox.exe
1852 C:\WINDOWS\system32\searchprotocolhost.exe
5984 searchfilterhost.exe
6008 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZIC60R

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08312236BFF0DC51C59D57073BF32973CF384047


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
when i try to post the combofix log it said it cant post bc there are 11 images in my message and im only limited to 6? i tried doing half then the other but it still said it

should i sent it as an attachment?
 
zzzxxComboFix 10-12-18.02 - Administrator 12/19/2010 13:21:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1130 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\budbjljl.ini
c:\windows\system32\JSRKLB.DLL
c:\windows\system32\OrCIlUtv.ini
c:\windows\system32\OrCIlUtv.ini2
c:\windows\system32\qcybidov.ini
c:\windows\system32\rewtvkyc.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-16 12:30 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-16 12:30 . 2010-12-16 12:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 12:30 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 12:20 . 2010-12-16 12:20 -------- d-----w- c:\windows\system32\dumps
2010-12-16 07:30 . 2010-12-16 07:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-12-16 07:29 . 2010-11-30 23:48 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-16 07:29 . 2010-11-30 23:13 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-16 07:29 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-12-16 07:29 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-12-16 07:29 . 2010-12-16 07:29 -------- d-----w- c:\program files\Avira
2010-12-16 07:29 . 2010-12-16 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-12-16 03:05 . 2010-12-16 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-12-16 03:00 . 2010-12-16 03:00 -------- d-----w- c:\program files\IObit
2010-12-15 20:15 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:14 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-13 09:12 . 2010-12-13 09:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-12-13 08:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-13 08:22 . 2010-12-13 08:22 -------- d-----w- c:\windows\system32\winrm
2010-12-13 08:22 . 2010-12-13 08:23 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-12-13 08:21 . 2010-12-13 08:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-13 08:21 . 2010-12-13 08:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-12-13 08:20 . 2010-12-14 08:44 -------- d-----w- c:\program files\Windows Desktop Search
2010-12-13 08:20 . 2010-12-13 08:20 -------- d-----w- c:\windows\system32\GroupPolicy
2010-12-13 08:19 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-12-13 08:19 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-12-13 08:19 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-12-13 08:16 . 2010-12-13 08:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-25 18:52 . 2010-11-25 18:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 06:35 . 2008-01-24 02:24 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-11-18 18:12 . 2006-04-30 23:11 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 04:30 . 2010-11-09 04:30 759828 ----a-w- c:\program files\cc_20101108_233007.reg
2010-11-06 00:26 . 2006-04-30 22:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2006-04-30 22:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2006-04-30 22:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 06:29 . 2010-06-09 17:15 24304 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2010-11-05 06:29 . 2009-11-16 22:36 251240 ------w- c:\windows\system32\PWMCPl.cpl
2010-11-05 06:29 . 2008-01-24 02:04 4442 ------w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-11-05 06:29 . 2008-01-24 02:04 196608 ------w- c:\windows\PWMBTHLP.EXE
2010-11-05 03:45 . 2010-11-02 03:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2006-04-30 22:51 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-04-30 22:52 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2006-04-30 22:51 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2006-04-30 22:51 1853312 ------w- c:\windows\system32\win32k.sys
2010-09-28 20:44 . 2009-03-13 15:23 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 20:44 . 2008-08-08 00:10 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-01-17 18:04 . 2009-01-17 18:04 9088 -c--a-w- c:\program files\cc_20090117_130427.reg
2008-12-22 19:32 . 2008-12-22 19:32 20040 -c--a-w- c:\program files\cc_20081222_143158.reg
2008-12-22 19:28 . 2008-12-22 19:28 45620 -c--a-w- c:\program files\cc_20081222_142702.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-06-26 92960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-11-05 517480]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2010-11-05 208896]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"GzSndExePath"="c:\program files\Gunze\GZTP_Pack\GzSnd.exe" [2006-09-12 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352]
"TpShocks"="TpShocks.exe" [2010-07-01 337256]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2010-03-29 476520]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-09-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-09-17 176128]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LENTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE" [2010-03-29 1230184]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2010-03-29 58728]
"CSS Upgrade Assistant"="c:\program files\Lenovo\css8_upgrade_asst.exe" [2007-01-26 663552]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
 
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-6-10 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-8 607584]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-7 50688]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ------w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 18:41 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ------w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ------w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [6/9/2010 12:15 PM 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 12:44 PM 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [6/24/2010 1:46 PM 13480]
R1 TSMSMI;TSM System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [1/23/2008 9:07 PM 6656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/16/2010 2:29 AM 135336]
R2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [9/27/2010 9:49 PM 79136]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [6/9/2010 12:15 PM 132456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/7/2008 6:54 PM 53248]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 1:47 PM 12560]
R2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [9/27/2010 9:49 PM 71016]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [8/8/2008 7:13 PM 63928]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/24/2008 12:34 AM 24652]
R3 GzTpHid;Touch Panel Filter Driver;c:\windows\system32\drivers\GzTpHid.sys [10/30/2006 12:30 PM 27008]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1/23/2008 8:55 PM 23080]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [10/30/2006 12:30 PM 30888]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/16/2009 5:32 PM 45496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 5:52 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-12-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-09-08 21:08]

2010-12-19 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-24 06:29]

2010-12-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-09-08 21:08]
.
.
 
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://stu-wireless-nac.stu.campus.wpunj.edu/auth/CCALogin.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hjk8ebf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Mp3Rocket
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

BHO-{2903F82B-F0D3-41E5-BE91-D16A3AF6FF01} - (no file)
BHO-{5207F056-F0D3-41E5-BE91-D16A3AF6FF01} - (no file)
BHO-{6755221F-CC42-4173-8B66-A34914AD9EE9} - (no file)
BHO-{f300e1b2-c3da-4d6f-9d0d-84fa17bc377c} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-GzSnd - %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-19 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2185960410-683171685-4088784698-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,94,14,9f,e2,17,55,4d,b0,ca,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,3f,c6,b4,a3,98,b0,40,ac,5d,51,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,c4,47,a4,ba,10,3c,47,ad,1b,9b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1428)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1484)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll

- - - - - - - > 'explorer.exe'(1940)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\system32\btmmhook.dll
c:\program files\PC-Doctor\ATLPcdToolbar569208.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-12-19 13:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-19 18:38

Pre-Run: 2,744,705,024 bytes free
Post-Run: 2,527,657,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C5257E6EEF1D4BDB2537124E5E54F94B
 
Good job :)

First, it looks like your MBR may be infected, but let's double check...

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Status
Not open for further replies.

Similar threads

E
Apple opens up the App Store to allow retro game emulators
Replies
8
Views
118
Theinsanegamer
T
Cal Jeffrey
DMA compliance scrutiny continues as EC opens five investigations into Apple, Google, and Meta
Replies
11
Views
186
Kazkas
Kazkas
midian182
HP Smart app mysteriously appears on non-HP Windows PCs
Replies
1
Views
299
Mark Fuller
M

Latest posts

Back