Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 akinchla

akinchla

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 14 October 2008 - 10:58 PM

I have tried VirtumondeBeGone and VundoFix - to no avail. I downloaded and ran all the preliminary programs suggested by BleepingComputer (except Spybot because it messes with my computer). I have been working on this for DAYS and it seems to have gotten worse in the last three hours (I now have a false Windows Update icon on my tool bar that warns of a security problem).

PLEASE HELP!!! I am at my wits end!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:47 PM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\ALISON~1\LOCALS~1\Temp\a.exe
O4 - HKLM\..\Policies\Explorer\Run: [VqDrsHm01s] C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe
O4 - HKCU\..\Policies\Explorer\Run: [VqDrsHm01s] C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe
O4 - HKUS\S-1-5-21-2077275953-1859188237-2199679856-500\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-2077275953-1859188237-2199679856-500\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Administrator')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/30.66/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab
O18 - Filter hijack: text/html - {cefa06f9-ac08-4a11-918e-a84da18e54f3} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: nwvbow.dll nvvjvn.dll sctbxy.dll mgwvfz.dll fjvvgv.dll wwejsf.dll afzsxt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13211 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 23 October 2008 - 03:32 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log


Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 27 October 2008 - 02:24 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#4 akinchla

akinchla
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 29 October 2008 - 09:27 AM

Hi EB,

I am still here, but I have been unable to open the bleepingcomputer website from my computer. I can access other websites (although, because of the virus I tend to log on and off rather quickly), but when I type in the address, both Firefox and Explorer can't find the host. I will try downloading the software you suggested and post a reply.

Thanks!

#5 akinchla

akinchla
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 29 October 2008 - 09:45 AM

Update:Hi EB -

I tried to download the OTViewIt from http://oldtimer.geekstogo.com/OTViewIT.exe, but it won't load.
FYI - also can't download the latest Microsoft Update (the urgent October 2008 one).

#6 akinchla

akinchla
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 29 October 2008 - 10:28 AM

Hi EB,

I was able to download the OTV on a thumbdrive and run it on my computer. The logs are below.

As for the Kaspersky's... I was able to run it, but no log popped-up at the end of the scan, and IE promptly closed itself down.

Thank you for all your help!!

OTViewIt log:

OTViewIt logfile created on: 10/29/2008 11:09:42 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Alison Kinchla\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.36 Mb Total Physical Memory | 123.58 Mb Available Physical Memory | 24.60% Memory free
1.57 Gb Paging File | 0.21 Gb Available in Paging File | 13.34% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 13.65 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ALISONCOMPUTER
Current User Name: Alison Kinchla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/07/12 12:40:08 | 00,040,551 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
[2005/09/30 04:32:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
[2005/10/05 04:00:00 | 00,073,728 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\IPSSVC.EXE
[2005/12/15 20:13:54 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/07/21 18:55:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
[2005/09/28 02:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2005/05/04 03:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
[2005/06/06 18:03:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
[2005/08/02 21:17:30 | 00,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
[2005/08/02 22:02:20 | 01,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
[2005/08/02 22:12:44 | 00,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
[2005/08/01 20:32:40 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2005/12/15 20:14:46 | 00,143,360 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
[2005/08/02 22:06:54 | 00,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
[2005/11/08 19:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
[2004/08/04 08:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/08/01 13:48:56 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2005/08/01 13:48:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/09/09 16:43:52 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2005/09/09 16:40:38 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2005/09/09 16:44:34 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2005/06/23 02:56:08 | 00,086,016 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
[2005/08/10 05:20:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[2005/08/29 17:15:02 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
[2005/08/02 00:36:50 | 00,475,136 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\AMSG.EXE
[2005/07/05 17:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
[2005/08/08 16:01:40 | 00,086,016 | ---- | M] (IBM Corporation) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
[2005/05/19 08:33:00 | 00,127,037 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
[2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2005/08/02 21:52:40 | 01,988,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
[2005/07/07 18:22:54 | 00,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
[2005/12/15 20:14:34 | 00,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
[2005/12/15 20:14:14 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2005/05/12 02:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/02/19 14:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/02/25 21:23:34 | 00,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2005/07/21 19:01:42 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2005/05/12 02:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2005/05/04 01:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2008/02/19 14:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2005/05/12 03:33:52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2005/08/02 21:56:48 | 02,364,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
[2005/05/12 03:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2005/09/09 16:40:28 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/10/25 14:33:45 | 00,161,280 | ---- | M] () -- C:\WINDOWS\Temp\tempo-617.tmp
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/07/27 19:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2004/07/27 19:50:04 | 00,503,808 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/10/13 18:30:17 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/27 11:53:25 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/09/26 19:02:46 | 00,409,692 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
[2005/09/26 19:11:04 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[2008/10/14 23:11:46 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/10/26 15:45:42 | 00,064,512 | ---- | M] () -- C:\WINDOWS\system32\a68mjd6V.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/29 11:05:18 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alison Kinchla\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/13 18:30:17 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/12/15 20:13:54 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2005/11/08 19:07:02 | 00,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe -- (ACS [On_Demand | Running])
[2005/12/15 20:14:46 | 00,143,360 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 04:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/07/21 18:55:08 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2005/09/28 02:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2007/01/03 21:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/09/30 04:32:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
[2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/02/19 14:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/10/05 04:00:00 | 00,073,728 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
[2003/06/20 02:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
[2005/05/04 03:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ [Auto | Running])
[2005/05/04 01:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 15:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
[2006/08/12 11:28:42 | 00,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv [On_Demand | Stopped])
[2005/05/04 00:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ [On_Demand | Stopped])
[2005/06/06 18:03:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])
[2005/08/02 21:17:30 | 00,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService [Auto | Running])
[2005/08/02 22:02:20 | 01,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2005/08/02 22:12:44 | 00,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2005/08/01 20:32:40 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService [Auto | Running])
[2005/07/12 12:40:08 | 00,040,551 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver [Auto | Running])
[2008/08/09 14:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 15:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2005/08/23 19:59:02 | 00,167,424 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/08/12 10:46:38 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 02:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/11/08 12:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [System | Running])
[2005/12/08 20:32:16 | 00,470,112 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211 [On_Demand | Running])
[2001/08/17 16:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 16:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/02/23 23:13:38 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
[2005/03/17 19:30:10 | 00,132,608 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2005/07/21 18:46:14 | 01,341,466 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2005/07/21 18:43:54 | 00,056,648 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001/08/17 16:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [On_Demand | Stopped])
[2001/08/17 16:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2005/03/24 06:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2005/03/24 05:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 15:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2008/10/26 13:59:58 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
[2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/03/08 08:52:26 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/03/08 08:52:27 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/03/08 08:52:28 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/05/12 19:05:44 | 00,178,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/05/12 19:06:40 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/09/09 17:08:32 | 01,050,300 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/08/02 21:15:38 | 00,013,184 | ---- | M] (IBM) -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter [Auto | Running])
[2005/09/30 04:32:00 | 00,013,456 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2005/11/08 12:27:20 | 00,002,432 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
[2003/09/11 02:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
[2004/03/17 15:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 16:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/04 02:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Running])
[2004/08/04 01:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2005/02/01 20:00:42 | 00,012,416 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio [On_Demand | Stopped])
[2000/05/31 23:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (pmem [Auto | Running])
[2005/06/28 11:26:02 | 00,046,142 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk [Auto | Running])
[2005/10/05 04:00:00 | 00,005,120 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD [Auto | Running])
[2006/08/12 11:28:42 | 00,016,256 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 16:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 16:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 16:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/04 08:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/06/06 14:59:00 | 00,004,736 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr [System | Running])
[2005/06/06 14:59:00 | 00,059,904 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf [Boot | Running])
[2004/08/04 02:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2005/08/10 04:50:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [System | Running])
[2005/08/02 20:47:20 | 00,003,968 | ---- | M] (IBM Corp.) -- C:\Program Files\SMI2\smi2.sys -- (smi2 [Auto | Running])
[2005/07/12 12:37:08 | 00,003,328 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (SmiHlp [Auto | Running])
[2001/08/17 17:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/12/02 14:04:20 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2008/08/09 14:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2008/08/09 14:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [Boot | Running])
[2008/08/09 14:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [Boot | Running])
[2004/12/02 14:04:10 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 17:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 17:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 17:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 17:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2005/08/01 13:43:46 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006/06/21 14:47:36 | 00,015,488 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
[2005/06/30 15:59:00 | 00,026,240 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2005/08/10 04:50:00 | 00,009,340 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
[2005/05/19 08:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2005/05/19 08:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2005/05/19 08:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2005/05/19 08:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2005/05/19 08:33:00 | 00,086,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2005/05/19 08:33:00 | 00,014,909 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2005/05/19 08:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2005/05/19 08:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2005/05/19 08:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2008/10/14 21:11:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2005/07/05 17:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
[2005/08/10 04:10:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [System | Running])
[2005/08/08 05:40:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
[2001/08/17 16:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2005/05/12 19:05:40 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/10/25 14:33:49 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Internet Explorer\Search]
"Default_Search_URL"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (265354 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9194 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{066cf65b-d305-4527-b1ca-bdf12e952bc7} (HKLM) -- C:\WINDOWS\system32\afzsxt.dll ()
{1C4254F3-8631-45BA-B3E3-D3A8C293D9B5} (HKLM) -- C:\WINDOWS\system32\urqPgeFU.dll ()
{500BCA15-57A7-4eaf-8143-8C619470B13D} (HKLM) -- C:\WINDOWS\system32\msxml71.dll ()
{56027902-F4C8-4F48-9D1A-3DC34C40B29C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AD43F34D-E83B-4220-84BC-76F1059476E5} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C1FEC19E-F893-4b56-9CC7-CFF71BB34693} (HKLM) -- C:\WINDOWS\system32\pbqgucwy.dll ()
{C2EDD277-E06B-4870-B003-4EBE5229B90E} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{D909718F-2EE3-4C73-B40E-46497A1F3594} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{FC0ED876-0C36-43A2-A55D-421ED3D26E3D} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A:Stardock TrayMonitor"= File not found
"4028d1a1"=rundll32.exe "C:\WINDOWS\system32\jecytbqj.dll",b ()
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
"C:\WINDOWS\system32\kdcbp.exe"=C:\WINDOWS\system32\kdcbp.exe File not found
"ControlCenter"="C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup (UPEK Inc.)
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" (Utimaco Safeware AG)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"suScheduler"=C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER ()
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"TP4EX"=tp4ex.exe (Lenovo Group Limited)
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
"TpShocks"=TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amsg"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
"Cognac"=C:\DOCUME~1\ALISON~1\LOCALS~1\Temp\~tmpc.exe ()
"MSFox"=C:\DOCUME~1\ALISON~1\LOCALS~1\Temp\a.exe ()
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amsg"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
"Cognac"=C:\DOCUME~1\ALISON~1\LOCALS~1\Temp\~tmpc.exe ()
"MSFox"=C:\DOCUME~1\ALISON~1\LOCALS~1\Temp\a.exe ()
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe /H (PC Tools)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) RunServices Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1A:Stardock TrayMonitor"= File not found

========== (O4) Startup Folders ==========

[2004/12/14 07:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/07/21 19:01:42 | 00,577,597 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2005/05/12 02:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/05/12 03:49:24 | 00,073,728 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2007/10/18 20:10:42 | 00,479,232 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
[2005/05/04 01:07:32 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"VqDrsHm01s"=C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"VqDrsHm01s"=C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe -- File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"VqDrsHm01s"=C:\Documents and Settings\All Users\Application Data\zuxwvkre\voncdmbu.exe -- File not found

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Send To &Bluetooth: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Send To &Bluetooth: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}: Button: Software Installer -- %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [2005/12/05 15:11:48 | 01,392,706 | ---- | M] (Lenovo Group Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKLM] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> [2005/12/05 15:11:48 | 01,392,706 | ---- | M] (Lenovo Group Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKLM] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> [2005/12/05 15:11:48 | 01,392,706 | ---- | M] (Lenovo Group Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKLM] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> [2005/12/05 15:11:48 | 01,392,706 | ---- | M] (Lenovo Group Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKLM] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> [2005/12/05 15:11:48 | 01,392,706 | ---- | M] (Lenovo Group Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\update: http in My Computer
microsoft.com\www.update: https in My Computer
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2077275953-1859188237-2199679856-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\update: http in My Computer
microsoft.com\www.update: https in My Computer
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish.com/SnapfishActivia.cab -- Snapfish Activia
{474F00F5-3853-492C-AC3A-476512BBC336}: http://picasaweb.google.com/s/v/30.66/uploader2.cab -- UploadListView Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_08
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DE0FB644-C59B-46D1-B650-88BA945BC98F}: http://entriq.vo.llnwd.net/o1/NBCUniversal...sal_1_0_0_3.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{1784C7FE-1682-419F-96B1-6F7F3BE7340D} (Servers: 85.255.112.16;85.255.112.79 | Description: Broadcom NetXtreme Gigabit Ethernet)
{5D6D7115-4346-4B3F-BBB9-126F4B8DDE87} (Servers: | Description: 1394 Net Adapter)
{A453B22D-DE6F-44F8-A030-3E07CFC9CFFD} (Servers: 85.255.112.16;85.255.112.79 | Description: 11a/b/g Wireless LAN Mini PCI Express Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=nwvbow.dll nvvjvn.dll sctbxy.dll mgwvfz.dll fjvvgv.dll wwejsf.dll afzsxt.dll
>[2008/09/22 13:06:28 | 00,119,808 | ---- | M] () -- C:\WINDOWS\system32\nwvbow.dll
>[2008/09/23 13:07:45 | 00,128,000 | ---- | M] () -- C:\WINDOWS\system32\nvvjvn.dll
>[2008/09/28 12:21:37 | 00,128,000 | ---- | M] () -- C:\WINDOWS\system32\sctbxy.dll
>[2008/09/29 12:20:39 | 00,123,904 | ---- | M] () -- C:\WINDOWS\system32\mgwvfz.dll
>[2008/09/30 13:09:53 | 00,123,904 | ---- | M] () -- C:\WINDOWS\system32\fjvvgv.dll
>[2008/10/04 05:22:54 | 00,123,904 | ---- | M] () -- C:\WINDOWS\system32\wwejsf.dll
>[2008/10/14 21:39:02 | 00,128,000 | ---- | M] () -- C:\WINDOWS\system32\afzsxt.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=kdcbp.exe
>File not found --

"UserInit"=C:\WINDOWS\system32\userinit.exe,
>[2008/10/14 20:49:24 | 00,008,192 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe

"GinaDLL"=vrlogon.dll
>[2005/07/12 12:44:42 | 00,169,060 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ACNotify: "DllName" = ACNotify.dll -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
psfus: "DllName" = C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll -- C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll (UPEK Inc.)
tpfnf2: "DllName" = notifyf2.dll -- C:\WINDOWS\system32\notifyf2.dll ()
tphotkey: "DllName" = tphklock.dll -- C:\WINDOWS\system32\tphklock.dll ()

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2F15709E-261B-4EC5-B2E7-2592C879B4F8}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\urqPgeFU,
>[2008/09/16 17:21:05 | 00,314,368 | ---- | M] () -- C:\WINDOWS\system32\urqPgeFU.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/08/19 02:11:41 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com c:" | shell\Open\command="resycled\boot.com c:" | shell=Open | ]
[2008/10/29 11:10:42 | 00,000,103 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c6-98c1-11dd-a0fa-0016cf193d17}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c6-98c1-11dd-a0fa-0016cf193d17}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c6-98c1-11dd-a0fa-0016cf193d17}\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c7-98c1-11dd-a0fa-0016cf193d17}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c7-98c1-11dd-a0fa-0016cf193d17}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c7-98c1-11dd-a0fa-0016cf193d17}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 23:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0514d2c7-98c1-11dd-a0fa-0016cf193d17}\Shell\Open\command]
""=F:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b20c764a-2f47-11db-9fbd-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b20c764a-2f47-11db-9fbd-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b20c764a-2f47-11db-9fbd-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/10/25 23:34:01 | 08,460,288 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b20c764a-2f47-11db-9fbd-806d6172696f}\Shell\Open\command]
""=C:\resycled\boot.com -- [2008/10/23 09:09:30 | 00,032,768 | RHS- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
""=E:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/10/29 11:08:22 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\RSIT.exe
[2008/10/29 11:08:19 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alison Kinchla\Desktop\OTViewIt.exe
[2008/10/27 13:50:37 | 01,043,864 | -HS- | C] () -- C:\WINDOWS\System32\jqbtycej.ini
[2008/10/27 13:50:32 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\jecytbqj.dll
[2008/10/27 13:47:33 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\hiwxfmxk.exe
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2008/10/26 15:45:52 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2008/10/26 15:45:51 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2008/10/26 15:45:51 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2008/10/26 15:45:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2008/10/26 15:45:49 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2008/10/26 15:45:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2008/10/26 15:45:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2008/10/26 15:45:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2008/10/26 15:45:47 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2008/10/26 15:45:47 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2008/10/26 15:45:47 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2008/10/26 15:45:47 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2008/10/26 15:45:47 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2008/10/26 15:45:46 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2008/10/26 15:45:45 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2008/10/26 15:45:45 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2008/10/26 15:45:44 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2008/10/26 15:45:44 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2008/10/26 15:45:41 | 00,079,876 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/25 14:33:49 | 00,027,904 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/10/24 12:43:33 | 00,128,000 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\DeShaney Memo.doc
[2008/10/23 08:50:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\~$laughlin.doc
[2008/10/22 14:38:31 | 00,013,747 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\Winter2009ULSchedule.pdf
[2008/10/15 11:08:26 | 00,000,103 | RHS- | C] () -- C:\autorun.inf
[2008/10/15 11:08:26 | 00,000,000 | RHSD | C] -- C:\resycled
[2008/10/15 10:30:38 | 52,683,1616 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/15 00:06:20 | 00,006,076 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/15 00:05:17 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/10/15 00:05:17 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/15 00:05:17 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/10/15 00:05:17 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/15 00:05:17 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/15 00:05:17 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/15 00:05:17 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/10/15 00:05:17 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/15 00:05:17 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/10/15 00:05:17 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/10/15 00:05:17 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/10/15 00:05:17 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/10/15 00:05:17 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/10/15 00:05:17 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/10/15 00:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alison Kinchla\Desktop\SmitfraudFix
[2008/10/15 00:03:30 | 01,661,141 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\SmitfraudFix.exe
[2008/10/14 23:11:47 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\HijackThis.lnk
[2008/10/14 23:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/14 23:06:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Alison Kinchla\Desktop\HJTInstall.exe
[2008/10/14 23:04:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/14 22:59:49 | 00,210,416 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\zaSetup_en.exe
[2008/10/14 22:56:38 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\Alison Kinchla\Desktop\stinger.opt
[2008/10/14 21:39:03 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\afzsxt.dll
[2008/10/14 21:39:01 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\yyeyxfvu.dll
[2008/10/14 21:38:19 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\rjhujwur.exe
[2008/10/14 21:24:41 | 02,482,695 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Alison Kinchla\Desktop\stinger.exe
[2008/10/14 21:17:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\a68mjd6V.exe.a_a
[2008/10/14 20:50:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\zuxwvkre
[2008/10/14 20:49:56 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\a68mjd6V.exe
[2008/10/14 20:49:27 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stus.exe
[2008/10/13 21:36:36 | 01,091,057 | -HS- | C] () -- C:\WINDOWS\System32\bgsqkblv.ini
[2008/10/13 21:36:35 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\vlbkqsgb.dll
[2008/10/13 21:33:35 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\ebijpywh.dll
[2008/10/13 18:29:23 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/13 18:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/13 18:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/13 18:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebRoot
[2008/10/13 17:13:23 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/13 17:13:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/10/13 17:13:16 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/10/13 17:12:29 | 07,507,296 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Alison Kinchla\Desktop\rminstall.exe
[2008/10/13 16:56:39 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/13 11:40:09 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2008/10/13 11:38:48 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/10/12 22:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2008/10/12 21:34:41 | 01,091,057 | -HS- | C] () -- C:\WINDOWS\System32\mcueuriq.ini
[2008/10/12 21:32:04 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\bwenvf.dll
[2008/10/12 21:32:03 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\grqygijw.dll
[2008/10/12 20:51:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alison Kinchla\Application Data\U3
[2008/10/12 20:47:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/10/12 19:48:53 | 00,000,021 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/10/12 19:39:08 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/10/12 19:18:47 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/10/12 19:18:07 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Alison Kinchla\Desktop\VirtumundoBeGone.exe
[2008/10/12 18:38:28 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/12 18:38:27 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/12 10:11:36 | 01,145,401 | -HS- | C] () -- C:\WINDOWS\System32\dqegcctj.ini
[2008/10/12 10:11:27 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\jtccgeqd.dll
[2008/10/12 10:08:29 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\bezngg.dll
[2008/10/12 10:08:27 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\mvrkvyih.dll
[2008/10/11 10:10:04 | 01,145,401 | -HS- | C] () -- C:\WINDOWS\System32\mryocsit.ini
[2008/10/11 10:07:36 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\zfhouj.dll
[2008/10/11 10:07:35 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\kdilivlf.dll
[2008/10/10 10:13:04 | 01,143,818 | -HS- | C] () -- C:\WINDOWS\System32\igecnrvm.ini
[2008/10/10 10:10:04 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\wxaule.dll
[2008/10/10 10:10:03 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\ovgsqsqw.dll
[2008/10/10 10:07:04 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\pbqgucwy.dll
[2008/10/09 11:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alison Kinchla\Application Data\BitTorrent
[2008/10/09 10:09:26 | 01,143,819 | -HS- | C] () -- C:\WINDOWS\System32\ocveeeaa.ini
[2008/10/09 10:06:26 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\zwiqdm.dll
[2008/10/09 10:06:26 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\sroebpef.dll
[2008/10/08 09:58:36 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\olnhwe.dll
[2008/10/08 09:58:36 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\oaepnujj.dll
[2008/10/08 09:55:38 | 01,079,214 | -HS- | C] () -- C:\WINDOWS\System32\qsykywor.ini
[2008/10/08 08:55:37 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\ptezoz.dll
[2008/10/08 08:55:36 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\mxsvlbvi.dll
[2008/10/08 08:52:37 | 01,079,214 | -HS- | C] () -- C:\WINDOWS\System32\tohgxuni.ini
[2008/10/06 08:48:06 | 01,031,208 | -HS- | C] () -- C:\WINDOWS\System32\uorooqkv.ini
[2008/10/06 08:48:00 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\pifmtgkj.dll
[2008/10/06 08:48:00 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\myfvfj.dll
[2008/10/06 07:45:05 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\tincvf.dll
[2008/10/06 07:45:03 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\uemeqpmi.dll
[2008/10/06 07:42:02 | 01,030,906 | -HS- | C] () -- C:\WINDOWS\System32\jcnjhqjq.ini
[2008/10/06 07:39:08 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\lcacowau.dll
[2008/10/04 19:29:30 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\bhqmhj.dll
[2008/10/04 19:29:29 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\dmtnrxkq.dll
[2008/10/04 19:26:35 | 01,030,906 | -HS- | C] () -- C:\WINDOWS\System32\xqwkfggx.ini
[2008/10/04 19:23:30 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\ihcmkran.dll
[2008/10/04 05:22:54 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\wwejsf.dll
[2008/10/04 05:22:53 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\sjkxipgi.dll
[2008/10/04 05:20:05 | 01,109,204 | -HS- | C] () -- C:\WINDOWS\System32\ftdmnxfv.ini
[2008/10/04 05:20:04 | 00,067,072 | ---- | C] () -- C:\WINDOWS\System32\vfxnmdtf.dll
[2008/10/04 05:17:02 | 00,063,956 | ---- | C] () -- C:\WINDOWS\System32\uujtithb.dll
[2008/10/02 18:20:25 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\cilnnn.dll
[2008/10/02 18:20:24 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\kkowqipd.dll
[2008/10/02 18:17:27 | 01,096,904 | -HS- | C] () -- C:\WINDOWS\System32\jpwioevf.ini
[2008/10/02 18:17:15 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\maiihvro.dll
[2008/10/01 16:16:30 | 00,980,086 | -HS- | C] () -- C:\WINDOWS\System32\hqjtxqpr.ini
[2008/10/01 16:13:30 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\wcvnyw.dll
[2008/10/01 16:13:30 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\nxevoalu.dll
[2008/10/01 16:11:04 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\bdyuoigk.dll
[2008/09/30 13:12:53 | 00,974,682 | -HS- | C] () -- C:\WINDOWS\System32\kknsishc.ini
[2008/09/30 13:09:54 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\fjvvgv.dll
[2008/09/30 13:09:52 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\vqnnjxfw.dll
[2008/09/30 13:06:51 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\dekespnf.dll
[2008/09/29 12:20:39 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\mgwvfz.dll
[2008/09/29 12:20:38 | 00,123,904 | ---- | C] () -- C:\WINDOWS\System32\rijcpvbo.dll
[2008/09/29 12:17:53 | 00,972,076 | -HS- | C] () -- C:\WINDOWS\System32\tpmyssnp.ini
[2008/09/29 12:17:38 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\xdieinwa.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[31 C:\Documents and Settings\Alison Kinchla\My Documents\*.tmp files]
[2008/10/29 11:11:16 | 00,910,835 | -HS- | M] () -- C:\WINDOWS\System32\UFegPqru.ini
[2008/10/29 11:10:42 | 00,000,103 | RHS- | M] () -- C:\autorun.inf
[2008/10/29 11:10:20 | 00,910,835 | -HS- | M] () -- C:\WINDOWS\System32\UFegPqru.ini2
[2008/10/29 11:06:12 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\RSIT.exe
[2008/10/29 11:05:18 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alison Kinchla\Desktop\OTViewIt.exe
[2008/10/29 11:04:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008/10/29 10:51:58 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2008/10/29 09:03:39 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008/10/29 08:49:46 | 00,006,076 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/29 08:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2008/10/29 07:57:36 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/10/27 15:16:07 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008/10/27 13:50:42 | 01,043,864 | -HS- | M] () -- C:\WINDOWS\System32\jqbtycej.ini
[2008/10/27 13:50:33 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\jecytbqj.dll
[2008/10/27 13:47:33 | 00,002,048 | ---- | M] () -- C:\WINDOWS\System32\hiwxfmxk.exe
[2008/10/27 13:03:36 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008/10/27 12:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008/10/27 10:03:35 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008/10/27 09:44:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/27 08:19:26 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008/10/27 07:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2008/10/27 06:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2008/10/27 05:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2008/10/27 04:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2008/10/27 03:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2008/10/27 02:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2008/10/27 01:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2008/10/27 00:08:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2008/10/26 23:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008/10/26 22:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008/10/26 21:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008/10/26 19:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008/10/26 18:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008/10/26 17:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008/10/26 16:03:39 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008/10/26 15:45:42 | 00,064,512 | ---- | M] () -- C:\WINDOWS\System32\a68mjd6V.exe
[2008/10/26 15:45:41 | 00,079,876 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/25 17:58:11 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\stinger.opt
[2008/10/25 14:33:49 | 00,027,904 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\ndisprot.sys
[2008/10/24 12:43:34 | 00,128,000 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\DeShaney Memo.doc
[2008/10/24 12:12:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/24 12:11:55 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/24 12:09:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/24 12:08:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/24 12:08:54 | 52,683,1616 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/23 08:50:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\~$laughlin.doc
[2008/10/22 14:38:32 | 00,013,747 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\Winter2009ULSchedule.pdf
[2008/10/17 13:31:46 | 10,485,7600 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\My Documents\SecureDrive.vol
[2008/10/17 11:53:41 | 01,746,944 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2008/10/17 11:53:39 | 01,436,672 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2008/10/15 00:22:16 | 03,712,656 | -H-- | M] () -- C:\Documents and Settings\Alison Kinchla\Local Settings\Application Data\IconCache.db
[2008/10/15 00:03:35 | 01,661,141 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\SmitfraudFix.exe
[2008/10/14 23:11:47 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\HijackThis.lnk
[2008/10/14 23:06:36 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Alison Kinchla\Desktop\HJTInstall.exe
[2008/10/14 22:59:49 | 00,210,416 | ---- | M] () -- C:\Documents and Settings\Alison Kinchla\Desktop\zaSetup_en.exe
[2008/10/14 21:39:02 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\yyeyxfvu.dll
[2008/10/14 21:39:02 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\afzsxt.dll
[2008/10/14 21:38:19 | 00,002,048 | ---- | M] () -- C:\WINDOWS\System32\rjhujwur.exe
[2008/10/14 21:25:01 | 02,482,695 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Alison Kinchla\Desktop\stinger.exe
[2008/10/14 21:17:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\a68mjd6V.exe.a_a
[2008/10/14 21:11:06 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/10/14 20:49:24 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2008/10/13 21:36:46 | 01,091,057 | -HS- | M] () -- C:\WINDOWS\System32\bgsqkblv.ini
[2008/10/13 21:36:36 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\vlbkqsgb.dll
[2008/10/13 21:33:36 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\ebijpywh.dll
[2008/10/13 18:29:23 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/13 18:23:14 | 01,091,057 | -HS- | M] () -- C:\WINDOWS\System32\mcueuriq.ini
[2008/10/13 17:13:23 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2008/10/13 17:12:39 | 07,507,296 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Alison Kinchla\Desktop\rminstall.exe
[2008/10/13 15:46:38 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/13 11:38:49 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/10/13 11:15:05 | 00,112,984 | ---- | M] () -- C:\WINDOWS\BM431be23d.xml
[2008/10/13 11:14:57 | 00,000,021 | ---- | M] () -- C:\WINDOWS\pskt.ini
[2008/10/12 21:32:04 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\grqygijw.dll
[2008/10/12 21:32:04 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\bwenvf.dll
[2008/10/12 20:44:33 | 00,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2008/10/12 19:18:07 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Alison Kinchla\Desktop\VirtumundoBeGone.exe
[2008/10/12 18:38:28 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/12 10:11:27 | 00,067,584 | ---- | M] () -- C:\WINDOWS\System32\jtccgeqd.dll
[2008/10/12 10:11:09 | 01,145,401 | -HS- | M] () -- C:\WINDOWS\System32\mryocsit.ini
[2008/10/12 10:11:09 | 01,145,401 | -HS- | M] () -- C:\WINDOWS\System32\dqegcctj.ini
[2008/10/12 10:08:28 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\mvrkvyih.dll
[2008/10/12 10:08:28 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\bezngg.dll
[2008/10/11 10:07:36 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\zfhouj.dll
[2008/10/11 10:07:36 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\kdilivlf.dll
[2008/10/10 10:13:27 | 01,143,818 | -HS- | M] () -- C:\WINDOWS\System32\igecnrvm.ini
[2008/10/10 10:11:38 | 01,143,819 | -HS- | M] () -- C:\WINDOWS\System32\ocveeeaa.ini
[2008/10/10 10:10:04 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\wxaule.dll
[2008/10/10 10:10:04 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\ovgsqsqw.dll
[2008/10/10 10:07:04 | 00,088,064 | ---- | M] () -- C:\WINDOWS\System32\pbqgucwy.dll
[2008/10/10 08:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 08:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/09 10:06:26 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\zwiqdm.dll
[2008/10/09 10:06:26 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\sroebpef.dll
[2008/10/08 09:58:36 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\olnhwe.dll
[2008/10/08 09:58:36 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\oaepnujj.dll
[2008/10/08 09:55:45 | 01,079,214 | -HS- | M] () -- C:\WINDOWS\System32\qsykywor.ini
[2008/10/08 08:55:37 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\ptezoz.dll
[2008/10/08 08:55:37 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\mxsvlbvi.dll
[2008/10/08 08:53:10 | 01,079,214 | -HS- | M] () -- C:\WINDOWS\System32\tohgxuni.ini
[2008/10/06 08:48:12 | 01,031,208 | -HS- | M] () -- C:\WINDOWS\System32\uorooqkv.ini
[2008/10/06 08:48:00 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\pifmtgkj.dll
[2008/10/06 08:48:00 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\myfvfj.dll
[2008/10/06 07:45:05 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\uemeqpmi.dll
[2008/10/06 07:45:05 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\tincvf.dll
[2008/10/06 07:42:22 | 01,030,906 | -HS- | M] () -- C:\WINDOWS\System32\jcnjhqjq.ini
[2008/10/06 07:39:08 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\lcacowau.dll
[2008/10/04 19:29:30 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\dmtnrxkq.dll
[2008/10/04 19:29:30 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\bhqmhj.dll
[2008/10/04 19:26:38 | 01,030,906 | -HS- | M] () -- C:\WINDOWS\System32\xqwkfggx.ini
[2008/10/04 19:23:30 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\ihcmkran.dll
[2008/10/04 05:22:54 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\wwejsf.dll
[2008/10/04 05:22:54 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\sjkxipgi.dll
[2008/10/04 05:20:32 | 01,109,204 | -HS- | M] () -- C:\WINDOWS\System32\ftdmnxfv.ini
[2008/10/04 05:20:04 | 00,067,072 | ---- | M] () -- C:\WINDOWS\System32\vfxnmdtf.dll
[2008/10/04 05:17:05 | 00,063,956 | ---- | M] () -- C:\WINDOWS\System32\uujtithb.dll
[2008/10/02 18:20:25 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\kkowqipd.dll
[2008/10/02 18:20:25 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\cilnnn.dll
[2008/10/02 18:18:23 | 01,096,904 | -HS- | M] () -- C:\WINDOWS\System32\jpwioevf.ini
[2008/10/02 18:17:15 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\maiihvro.dll
[2008/10/01 16:17:09 | 00,980,086 | -HS- | M] () -- C:\WINDOWS\System32\hqjtxqpr.ini
[2008/10/01 16:13:30 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\wcvnyw.dll
[2008/10/01 16:13:30 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\nxevoalu.dll
[2008/10/01 16:11:04 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\bdyuoigk.dll
[2008/10/01 15:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/09/30 13:13:14 | 00,974,682 | -HS- | M] () -- C:\WINDOWS\System32\kknsishc.ini
[2008/09/30 13:09:53 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\vqnnjxfw.dll
[2008/09/30 13:09:53 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\fjvvgv.dll
[2008/09/30 13:06:52 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\dekespnf.dll
[2008/09/29 12:20:39 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\rijcpvbo.dll
[2008/09/29 12:20:39 | 00,123,904 | ---- | M] () -- C:\WINDOWS\System32\mgwvfz.dll
[2008/09/29 12:18:10 | 00,972,076 | -HS- | M] () -- C:\WINDOWS\System32\tpmyssnp.ini
[2008/09/29 12:17:40 | 00,101,888 | ---- | M] () -- C:\WINDOWS\System32\xdieinwa.dll
< End of report >



Extras Report:

OTViewIt Extras logfile created on: 10/29/2008 11:09:43 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Alison Kinchla\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.36 Mb Total Physical Memory | 123.58 Mb Available Physical Memory | 24.60% Memory free
1.57 Gb Paging File | 0.21 Gb Available in Paging File | 13.34% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.25 Gb Total Space | 13.65 Gb Free Space | 19.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ALISONCOMPUTER
Current User Name: Alison Kinchla
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/06/09 06:39:52 | 00,042,032 | ---- | M] (IBM) -- C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/06/09 06:39:52 | 00,042,032 | ---- | M] (IBM) -- C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update
[2005/11/04 18:04:48 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger
[2008/02/19 14:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
File not found -- C:\Documents and Settings\Alison Kinchla\Desktop\install_flash_player.exe:*:Enabled:install_flash_player
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
File not found -- C:\Program Files\DNA\btdna.exe:*:Disabled:DNA
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 21:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/06/03 03:36:20 | 07,252,672 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 16:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}"=PhotoGallery
"{075473F5-846A-448B-BCB3-104AA1760205}"=RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}"=Destinations
"{1007F41F-7D69-468E-8017-3849A5A973C2}"=ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}"=ThinkPad EasyEject Utility
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}"=HP Software Update
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}"=Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}"=CP_Panorama1Config
"{2A43FF29-0D97-4445-B82D-9324F176AED5}"=ThinkVantage System Update
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}"=Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150080}"=J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}"=InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}"=CP_CalendarTemplates1
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=ThinkPad Bluetooth with Enhanced Data Rate Software
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade
"{56EE8B17-8274-418d-89AC-C057C5DB251E}"=RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}"=CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}"=PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}"=SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6CE96A14-61E2-48CC-837E-22710A953ADE}"=XP Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}"=ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{79546A5F-AE7C-4693-8670-A3401B43ABD2}"=HP Deskjet 5900 series
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}"=CP_AtenaShokunin1Config
"{7EB114D8-207F-45AE-BABD-1669715F2630}"=ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}"=InterVideo WinDVD Creator 3
"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}"=ThinkPad UltraNav Wizard
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver for Mobile
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{8F55B163-7B42-42A3-9307-C7FCB9655225}"=PC-Doctor for Windows
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}"=Help Center
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}"=System Migration Assistant 5.0
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9E936417-55D6-402D-97AA-07C7FEF07444}"=ThinkVantage Fingerprint Software 4.6.0
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}"=ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager
"{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}"=HPDeskjet5900Series
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}"=CueTour
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}"=HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}"=Adobe Reader 7.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=RecordNow Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}"=BufferChm
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}"=Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"=Rescue and Recovery - Client Security Solution
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}"=Access Help
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}"=PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}"=ThinkVantage Productivity Center
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}"=Windows Resource Kit Tools - SubInAcl.exe
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}"=ArcSoft Panorama Maker 4
"{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}"=Diskeeper Lite
"{D728E945-256D-4477-B377-6BBA693714AC}"=Productivity Center Supplement for ThinkPad
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}"=Message Center
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}"=IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}"=Nikon Transfer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F2655391-0C83-4360-A1A3-E93AB80FE07B}"=Fingerprint Tutorial
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}"=Wallpapers
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AwayTask"=ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem
"FrRefEng"=French Spelling Settings
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 5.0
"HP Photo & Imaging"=HP Image Zone 5.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}"=iPod for Windows 2006-03-23
"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}"=PC-Doctor for Windows
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}"=IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveReg"=LiveReg (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PCMCIAPW"=ThinkPad PC Card Power Policy
"Picasa2"=Picasa 2
"Power Management Driver"=ThinkPad Power Management Driver
"Presentation Director"=ThinkPad Presentation Director
"RealPlayer 6.0"=RealPlayer
"Registry Mechanic_is1"=Registry Mechanic 8.0
"Remove Multimedia Center"=Remove Multimedia Center
"SynTPDeinstKey"=ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller"=Software Installer
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2008 8:50:51 PM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 10/16/2008 10:47:15 AM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application DfrgNTFS.exe, version 9.0.533.0, faulting module
unknown, version 0.0.0.0, fault address 0x0213e1f1.

Error - 10/22/2008 9:08:35 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/22/2008 9:09:18 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/22/2008 9:10:37 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/25/2008 2:24:54 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application lpmgr.exe, version 1.0.0.1, faulting module unknown,
version 0.0.0.0, fault address 0x01205d4d.

Error - 10/25/2008 5:53:47 PM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2008 3:47:37 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02fbe357.

Error - 10/26/2008 3:48:11 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x0106e357.

Error - 10/27/2008 11:01:02 AM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 10/14/2008 8:50:51 PM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 10/16/2008 10:47:15 AM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application DfrgNTFS.exe, version 9.0.533.0, faulting module
unknown, version 0.0.0.0, fault address 0x0213e1f1.

Error - 10/22/2008 9:08:35 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/22/2008 9:09:18 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/22/2008 9:10:37 AM | Computer Name = ALISONCOMPUTER | Source = Diskeeper | ID = 25
Description = RPC error. Diskeeper failed to connect to the service. Error code
is 1.

Error - 10/25/2008 2:24:54 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application lpmgr.exe, version 1.0.0.1, faulting module unknown,
version 0.0.0.0, fault address 0x01205d4d.

Error - 10/25/2008 5:53:47 PM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/26/2008 3:47:37 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x02fbe357.

Error - 10/26/2008 3:48:11 PM | Computer Name = ALISONCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x0106e357.

Error - 10/27/2008 11:01:02 AM | Computer Name = ALISONCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/24/2008 4:55:46 AM | Computer Name = ALISONCOMPUTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 129.10.172.132
on the Network Card with network address 0016CF193D17.

Error - 10/24/2008 12:10:13 PM | Computer Name = ALISONCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 10/24/2008 12:10:13 PM | Computer Name = ALISONCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 10/29/2008 7:53:32 AM | Computer Name = ALISONCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 10/29/2008 7:53:32 AM | Computer Name = ALISONCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053


< End of report >

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 29 October 2008 - 02:53 PM

Hi again.

Glad you are still here.

FYI - also can't download the latest Microsoft Update (the urgent October 2008 one).

Don't worry about now, we will do that as soon as we clear up the infection.

You have a very infected machine I must say.

I am still here, but I have been unable to open the bleepingcomputer website from my computer.

Therefore I assume you have another computer? If so then please download the tools that I tell you to download onto your flash-drive and then copy and paste it to your infected computer and follow the instructions there.

As for the Kaspersky's... I was able to run it, but no log popped-up at the end of the scan, and IE promptly closed itself down.

Don't worry about that for now.

Lets get to work you have a tough infection here.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.
Link 1,Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It
is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click NO to skip the ComboFix scan for now.
  • Save all document or windows that are open because when running combofix you won't have internet connection and everything will be closed.
  • Click on your Start Menu, then Run, In the run box type:
    "%userprofile%\desktop\combofix.exe" /killall
  • Combofix will now run
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Please post back with:
-Combofix log
-Fresh OTviewit logs


Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 03 November 2008 - 06:11 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:03 PM

Posted 04 November 2008 - 01:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users