Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with malware defender and can not remove it


  • This topic is locked This topic is locked
16 replies to this topic

#1 Travtastik

Travtastik

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 15 January 2010 - 11:31 AM

Ok so one of my comps got infected with this Malware defender 2009 and i am having no luck getting rid of it. I first tried to download the malwarebytes program but my searches were misdirected and/or dead links it seemed. I could download the program on another computer in my network and share it but the infected computer would not install malwarebytes. I found this site and read and tried to follow the instructions in the uninstall list but again I could not download the program malwarebytes. After some searching I found refrences to renaming the program and was able to get the install to start, but it would get to a full status bar during the install and freeze up. I have tried in and out of safe mode and have had no luck in getting the program to install.

here is the DDS file report

DDS (Ver_09-12-01.01) - NTFSx86
Run by sa001 at 9:28:55.89 on 2010-01-15
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.10 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\DOCUME~1\sa001\LOCALS~1\Temp\twunk_32x.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\imapi.exe
C:\Documents and Settings\sa001\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.chattanoogashooting.com/index.cfm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [twunk_32x.exe] c:\docume~1\sa001\locals~1\temp\twunk_32x.exe
uRun: [Malware Defense] "c:\program files\malware defense\mdefense.exe" -noscan
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\documents and settings\sa001\start menu\programs\startup\epcinterface.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mapcss.lnk - c:\mapcss.bat
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181282725281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: {1B39FB75-2458-4A1E-A5EF-FACC8D6D0DDE} = 192.168.1.1,0.0.0.0
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-12 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-6-7 109616]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-12 138680]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 gupdate1ca0ef0dbd49544;Google Update Service (gupdate1ca0ef0dbd49544);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-12 352920]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVENG.SYS [2008-6-7 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVEX15.SYS [2008-6-7 895408]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-8 1251720]

=============== Created Last 30 ================

2010-01-14 20:41:16 49152 ----a-w- c:\windows\system32\VFind.exe
2010-01-14 20:41:16 212480 ----a-w- c:\windows\system32\swxcacls.exe
2010-01-14 20:41:16 156160 ----a-w- c:\windows\system32\swreg.exe
2010-01-14 20:40:58 0 d-----w- C:\ComboFix
2010-01-14 18:21:27 0 d-----w- c:\program files\hopethiswillwork
2010-01-14 17:48:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 17:48:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 17:48:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 17:48:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-14 16:46:08 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-14 16:08:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-13 12:17:29 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:16:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-12 16:05:45 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-12 16:03:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 16:03:01 0 d-----w- c:\program files\Lavasoft
2010-01-12 15:50:53 0 d-----w- c:\program files\Malware Defense
2010-01-12 15:17:27 0 d-sh--w- c:\documents and settings\sa001\IECompatCache

==================== Find3M ====================

2010-01-11 11:46:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-12-17 20:29:32 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys
2007-05-11 14:03:28 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-06-08 03:34:14 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007060720070608\index.dat
2008-10-29 18:41:40 16384 --sh--w- c:\windows\temp\cookies\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 9:31:24.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:01:28 AM

Posted 21 January 2010 - 11:48 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 22 January 2010 - 09:06 AM

As stated before I can still not get malwarebytes to install on the computer. I have tried slaving the hard drive to another pc and running malwarebytes on that hard drive it says that it has found and cleared several items, but the computer is still infected when I put the hard drive back into the orginal computer. The computer will turn on but internet explorer with close right after. Add/remove programs still shows malware defender and will not allow me to unistall and I keep getting msgs saying that internet explorer has incounter a error and must close even when its just sitting there. I am also getting a msg saying that google updater could not update and I don't know what this is. I have gone into add/remove programs and removed google installer but I still get the msg.

Here is a second DDS report, it was run in safe mode. if that wont work let me know



DS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by sa001 at 20:53:16.98 on 2010-01-21
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.286 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
\\TERM11\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.chattanoogashooting.com/index.cfm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [twunk_32x.exe] c:\docume~1\sa001\locals~1\temp\twunk_32x.exe
uRun: [Malware Defense] "c:\program files\malware defense\mdefense.exe" -noscan
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\documents and settings\sa001\start menu\programs\startup\epcinterface.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mapcss.lnk - c:\mapcss.bat
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181282725281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: {1B39FB75-2458-4A1E-A5EF-FACC8D6D0DDE} = 192.168.1.1,0.0.0.0
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-12 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-12 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-12 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-12 138680]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 gupdate1ca0ef0dbd49544;Google Update Service (gupdate1ca0ef0dbd49544);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-12 352920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-6-7 109616]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVENG.SYS [2008-6-7 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVEX15.SYS [2008-6-7 895408]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-8 1251720]

=============== Created Last 30 ================

2010-01-20 13:07:56 0 d-----w- c:\program files\trythis
2010-01-20 04:49:43 0 d-----w- c:\program files\hopethisworks
2010-01-14 20:41:16 49152 ----a-w- c:\windows\system32\VFind.exe
2010-01-14 20:41:16 212480 ----a-w- c:\windows\system32\swxcacls.exe
2010-01-14 20:41:16 156160 ----a-w- c:\windows\system32\swreg.exe
2010-01-14 20:40:58 0 d-----w- C:\ComboFix
2010-01-14 17:48:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 17:48:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 17:48:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-14 16:46:08 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-14 16:08:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-13 12:17:29 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:16:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-12 16:05:45 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-12 16:03:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 16:03:01 0 d-----w- c:\program files\Lavasoft
2010-01-12 15:17:27 0 d-sh--w- c:\documents and settings\sa001\IECompatCache

==================== Find3M ====================

2010-01-19 20:04:38 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-12-17 20:29:32 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2007-05-11 14:03:28 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-06-08 03:34:14 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007060720070608\index.dat
2008-10-29 18:41:40 16384 --sh--w- c:\windows\temp\cookies\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 20:54:20.20 ===============


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 22 January 2010 - 11:56 AM

Hello,

I am thcbytes. I will be assisting you. First...... question's. Are you able to run in normal mode? In normal mode what are your limitations if any? For example...unable to see desktop icons, open regedit, open control panel, run Start> Run...etc.

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 22 January 2010 - 03:08 PM

Yes I got the dds to run in regular mode. As of right now the computer will turn on and boot up. If I open IE and try to leave the homepage it tells me I am leaving a secured site and it gives this warning everytime you go some where. If you google anything about malware it will redirect your links to other sites or close IE altogether. after that everytime I open IE it closes with in about 10 secs or so. After about 3 to 54 mins the computer will kinda look up if you let it set idel. The mouse will move but you can not click on any desktop items or start menu. Ctrl + Alt + Delete will also do nothing it just sits there and you have to turn the power off. If I try to install malwarebytes after changing the name and the .exe it will start to install but freeze once the status bar fills and it says that its finilizing install. I have left this sit on this screen for a hour and nothing happens. Once it reaches this point it will lock the computer up to where the mouse will move but you can not click on anything. If you try to click on the instaler window it will just sound a loud thunk from the computer. I have gotten Avast and ad-aware to run on the infected pc but I am still having problems. Here is a dds report ran on a regular start up. Thanks for all the help



DDS (Ver_09-12-01.01) - NTFSx86
Run by sa001 at 2:32:56.28 on 2010-01-22
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.120 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sa001\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://www.chattanoogashooting.com/index.cfm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [twunk_32x.exe] c:\docume~1\sa001\locals~1\temp\twunk_32x.exe
uRun: [Malware Defense] "c:\program files\malware defense\mdefense.exe" -noscan
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\documents and settings\sa001\start menu\programs\startup\epcinterface.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mapcss.lnk - c:\mapcss.bat
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181282725281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://www.kohlerplus.com/_bin/AWSDrawingViewer.cab
TCP: {1B39FB75-2458-4A1E-A5EF-FACC8D6D0DDE} = 192.168.1.1,0.0.0.0
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-12 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-6-7 109616]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-12 138680]
S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 gupdate1ca0ef0dbd49544;Google Update Service (gupdate1ca0ef0dbd49544);c:\program files\google\update\GoogleUpdate.exe [2009-7-27 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-12 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-12 352920]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVENG.SYS [2008-6-7 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080607.003\NAVEX15.SYS [2008-6-7 895408]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-8 1251720]

=============== Created Last 30 ================

2010-01-20 13:07:56 0 d-----w- c:\program files\trythis
2010-01-20 04:49:43 0 d-----w- c:\program files\hopethisworks
2010-01-14 20:41:16 49152 ----a-w- c:\windows\system32\VFind.exe
2010-01-14 20:41:16 212480 ----a-w- c:\windows\system32\swxcacls.exe
2010-01-14 20:41:16 156160 ----a-w- c:\windows\system32\swreg.exe
2010-01-14 20:40:58 0 d-----w- C:\ComboFix
2010-01-14 17:48:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 17:48:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 17:48:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-14 16:46:08 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-14 16:08:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-13 12:17:29 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:16:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-12 16:05:45 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-12 16:03:59 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 16:03:01 0 d-----w- c:\program files\Lavasoft
2010-01-12 15:17:27 0 d-sh--w- c:\documents and settings\sa001\IECompatCache

==================== Find3M ====================

2010-01-19 20:04:38 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-12-17 20:29:32 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2007-05-11 14:03:28 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-06-08 03:34:14 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007060720070608\index.dat
2008-10-29 18:41:40 16384 --sh--w- c:\windows\temp\cookies\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-10-29 18:41:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 2:34:17.20 ===============


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 22 January 2010 - 10:22 PM

Hello,
I have edited my post. If you have downloaded Combofix delete it immediately and let me know if you still desire help.
Thanks,
~ t


Edited by thcbytes, 24 January 2010 - 06:21 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 25 January 2010 - 08:09 AM

OK I have got rid of the the combofix file. When I tried to install it off a old disk it said it was expired and I never knew it made a folder or anything. Anyways I got rid of it and I am still having the same issues.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 25 January 2010 - 03:20 PM

Well done. thumbup2.gif

Let's begin...

RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 26 January 2010 - 08:46 AM

ok I can not get to this site at all from the infected computer so I am having to DL this info on another computer and share the files in my network. I got the rkill to run, and I have combofix downloaded and transfered over to the infected computer. When I try to open combofix all I get is a grey box that says combofix and a status bar. When the bar fills the program shuts down. It does this in normal and in safe mode.

#10 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 26 January 2010 - 11:46 AM

ok after a a few attempts I got combofix to run and here is the log

ComboFix 10-01-25.06 - sa001 2010-01-25 22:54:50.1.2 - x86
Running from: c:\documents and settings\sa001\Desktop\thcbytes.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\recycler\S-1-5-21-2158152542-3165420761-3016197450-1005
c:\recycler\S-1-5-21-492782825-100411765-2802895850-500
c:\windows\system32\drivers\H8SRTlqgrndjbpj.sys
c:\windows\system32\H8SRTbirptjisns.dll
c:\windows\system32\H8SRTducfnxtvxo.dll
c:\windows\system32\H8SRTgtqlxjmome.dat
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTnadewtakyu.dll
c:\windows\system32\H8SRTrydupkrpql.dll
c:\windows\system32\h8srtshsyst.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-20 13:07 . 2010-01-20 13:08 -------- d-----w- c:\program files\trythis
2010-01-20 04:49 . 2010-01-21 02:24 -------- d-----w- c:\program files\hopethisworks
2010-01-14 17:48 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 17:48 . 2010-01-14 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 17:48 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 16:46 . 2010-01-14 16:46 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-14 16:08 . 2010-01-14 16:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-13 12:17 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 20:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 20:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 20:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-12 20:53 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 20:53 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 20:53 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-12 20:53 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-12 20:53 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-12 20:53 . 2010-01-12 20:53 -------- d-----w- c:\program files\Alwil Software
2010-01-12 20:16 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-12 16:05 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-12 16:03 . 2010-01-12 16:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 16:03 . 2010-01-12 16:03 -------- d-----w- c:\program files\Lavasoft
2010-01-12 16:03 . 2010-01-12 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-12 15:17 . 2010-01-12 15:17 -------- d-sh--w- c:\documents and settings\sa001\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 00:50 . 2010-01-21 02:14 751 ----a-w- c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-25 00:59 . 2007-05-11 14:18 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-20 04:54 . 2009-07-27 19:29 -------- d-----w- c:\program files\Google
2010-01-20 04:47 . 2007-05-11 14:07 -------- d---a-w- c:\program files\PCDR5
2010-01-08 11:42 . 2007-05-11 14:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-21 19:14 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 20:29 . 2007-08-01 13:55 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-17 20:29 . 2007-08-17 13:18 168 --sh--r- c:\windows\system32\F6189F6349.sys
2009-12-16 12:03 . 2009-12-16 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-29 149280]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\sa001\Start Menu\Programs\Startup\
epcinterface.exe [2006-12-11 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
mapcss.lnk - C:\mapcss.bat [2007-6-8 95]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-01-12 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-01-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-12 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1184912]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-06-07 109616]
S2 gupdate1ca0ef0dbd49544;Google Update Service (gupdate1ca0ef0dbd49544);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-26 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 19:31]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 19:31]

2008-11-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - sa001.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-01-08 c:\windows\Tasks\PartSmartUpdateManager.job
- c:\program files\ARI\PartSmartUpdate\Ari.PartSmart.Update.Launcher.exe [2008-03-28 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.chattanoogashooting.com/index.cfm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: {1B39FB75-2458-4A1E-A5EF-FACC8D6D0DDE} = 192.168.1.1,0.0.0.0
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
AddRemove-c-Systems Operations Manual - c:\program files\c-Systems Software
AddRemove-c-Systems Workstation Revision 5 - c:\program files\c-Systems Software
AddRemove-Malware Defense - c:\program files\Malware Defense\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-25 23:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1408)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PSIService.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\FSRremoS.EXE
c:\windows\system32\Pelmiced.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2010-01-25 23:39:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 04:39

Pre-Run: 111,564,963,840 bytes free
Post-Run: 113,376,747,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - DFE10AA24887303E75BA0AF56D252518


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 26 January 2010 - 04:30 PM

Well done. thumbup2.gif

Nasty little rootkit!

excl.gif P2P Warning excl.gif

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Norton.

==========


excl.gif Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! excl.gif

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat
c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\F6189F6349.sys

If you get...
QUOTE
This file has been scanned before. The results for this previous scan are listed below.

Please choose "Scan Again"!!!!!!!!!

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

==========

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

==========

With your next post please provide:

* Which Antivirus did you uninstall?
* Combofix.txt
* Upload results
* ESET log
* How is your computer running now?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 27 January 2010 - 01:46 PM

ok, I unistalled Norton and left the advast on the machine. I was wanting to know what you would recomend to use.

Here is the combofix log:

ComboFix 10-01-25.06 - sa001 2010-01-27 9:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.141 [GMT -5:00]
Running from: c:\documents and settings\sa001\Desktop\thcbytes.exe
Command switches used :: \\Term11\dds\cfscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100127-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-20 13:07 . 2010-01-20 13:08 -------- d-----w- c:\program files\trythis
2010-01-20 04:49 . 2010-01-21 02:24 -------- d-----w- c:\program files\hopethisworks
2010-01-14 17:48 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 17:48 . 2010-01-14 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 17:48 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 12:17 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 20:54 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-12 20:54 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-12 20:54 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-12 20:54 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-12 20:53 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-12 20:53 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-12 20:53 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-12 20:53 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-12 20:53 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-12 20:53 . 2010-01-12 20:53 -------- d-----w- c:\program files\Alwil Software
2010-01-12 20:16 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-12 16:05 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-12 16:04 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-12 16:03 . 2010-01-12 16:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-12 16:03 . 2010-01-12 16:03 -------- d-----w- c:\program files\Lavasoft
2010-01-12 16:03 . 2010-01-12 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-12 15:17 . 2010-01-12 15:17 -------- d-sh--w- c:\documents and settings\sa001\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 14:15 . 2007-05-11 14:07 -------- d---a-w- c:\program files\PCDR5
2010-01-27 14:14 . 2007-06-08 17:46 -------- d---a-w- c:\program files\Common Files\Symantec Shared
2010-01-27 14:07 . 2007-05-11 14:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-25 00:59 . 2007-05-11 14:18 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-01-20 04:54 . 2009-07-27 19:29 -------- d-----w- c:\program files\Google
2009-12-21 19:14 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 20:29 . 2007-08-01 13:55 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-17 20:29 . 2007-08-17 13:18 168 --sh--r- c:\windows\system32\F6189F6349.sys
2009-12-16 12:03 . 2009-12-16 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-21 16:36 . 2006-04-30 06:55 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-29 149280]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\sa001\Start Menu\Programs\Startup\
epcinterface.exe [2006-12-11 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
mapcss.lnk - C:\mapcss.bat [2007-6-8 95]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-01-12 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-01-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-01-12 20560]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S2 gupdate1ca0ef0dbd49544;Google Update Service (gupdate1ca0ef0dbd49544);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1184912]
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-01-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 19:31]

2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-27 19:31]

2010-01-08 c:\windows\Tasks\PartSmartUpdateManager.job
- c:\program files\ARI\PartSmartUpdate\Ari.PartSmart.Update.Launcher.exe [2008-03-28 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.chattanoogashooting.com/index.cfm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: {1B39FB75-2458-4A1E-A5EF-FACC8D6D0DDE} = 192.168.1.1,0.0.0.0
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-01-27 09:43:43
ComboFix-quarantined-files.txt 2010-01-27 14:43
ComboFix2.txt 2010-01-26 04:39

Pre-Run: 114,487,046,144 bytes free
Post-Run: 114,458,189,824 bytes free

- - End Of File - - FFB514D4E7A2F2899FF8E101C830ABD3


The Jotti scan found nothing.


ESET scan results

C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTbirptjisns.dll.vir a variant of Win32/Kryptik.BUA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTducfnxtvxo.dll.vir Win32/Olmarik.KT trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTnadewtakyu.dll.vir a variant of Win32/Kryptik.BXQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTrydupkrpql.dll.vir a variant of Win32/Kryptik.BUA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTlqgrndjbpj.sys.vir Win32/Olmarik.SR trojan cleaned by deleting - quarantined


Computer seems to be working well. Is still a bit slow and you can really hear the computer "working" when you try to run a program. Other then that seems good. Before I was not able to vist this site or search for malwarebytes with out IE shuting down and I am having to problems now. I will try it for a bit and keep you up dated. Thanks for the help


#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 27 January 2010 - 04:28 PM

Looking good thumbup2.gif

Avast is good. I will provide you with more specific recommendations when were finished.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

With your next post please provide:

* MBAM log
* OTL.txt
* Extra.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 28 January 2010 - 10:03 PM

Are you still there?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Travtastik

Travtastik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 29 January 2010 - 09:20 AM

Sorry I have not been able to get on since my last post. Ok so here is the malwarebytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3657
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-01-29 8:47:57 AM
mbam-log-2010-01-29 (08-47-57).txt

Scan type: Quick Scan
Objects scanned: 116946
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\sa001\Favorites\Malware Defender 2009 (Removal Guide).url (Rogue.Link) -> Quarantined and deleted successfully.


Here is the OTL.txt file
[/color]


OTL logfile created on: 2010-01-29 9:05:07 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\sa001\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

502.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.51 Gb Total Space | 105.91 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
Drive D: | 4.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 144.53 Gb Total Space | 134.51 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
Drive F: | 144.53 Gb Total Space | 134.51 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERM12
Current User Name: sa001
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========


PRC - [2010-01-29 09:03:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sa001\Desktop\OTL.exe
PRC - [2009-12-02 08:19:02 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-12-02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-11-24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-09-29 06:51:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-29 06:51:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008-01-29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007-06-13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-17 03:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006-11-13 13:10:00 | 00,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006-11-02 22:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006-09-11 03:56:24 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006-08-14 01:41:28 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006-08-14 01:38:08 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006-07-14 20:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006-07-14 20:05:32 | 00,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006-07-14 20:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006-07-14 20:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006-07-14 19:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006-07-14 19:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006-07-03 11:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2006-05-23 23:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006-05-18 18:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2005-09-13 00:22:44 | 00,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
PRC - [2005-04-13 16:34:28 | 00,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2004-08-04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003-11-06 17:51:32 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (SafeList) ==========

MOD - [2010-01-29 09:03:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sa001\Desktop\OTL.exe
MOD - [2006-08-25 10:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006-01-16 16:40:38 | 00,073,728 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELHOOKS.DLL
MOD - [2005-12-30 15:36:38 | 00,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELSCRLL.DLL
MOD - [2004-02-20 12:37:24 | 00,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELCOMM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2009-12-02 08:19:01 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-11-24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-09-29 06:51:33 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-27 14:31:05 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca0ef0dbd49544) Google Update Service (gupdate1ca0ef0dbd49544)
SRV - [2009-07-27 14:29:27 | 00,190,448 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-01-29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006-11-17 03:07:00 | 00,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006-11-16 18:14:14 | 00,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006-11-02 22:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006-07-14 20:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006-07-14 20:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006-07-14 19:24:52 | 00,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006-05-23 23:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005-11-14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-08-11 02:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004-08-10 23:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)


========== Driver Services (SafeList) ==========

DRV - [2010-01-24 19:59:38 | 00,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2009-12-02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-11-24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-11-20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-06-08 00:56:17 | 00,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007-05-11 09:18:18 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2006-08-14 03:00:24 | 01,109,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-07-14 19:27:22 | 00,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006-07-14 19:03:04 | 00,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006-07-14 17:55:12 | 00,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006-05-17 22:43:16 | 00,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006-05-10 02:00:16 | 00,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-10-11 19:07:12 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005-01-07 19:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005-01-07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004-08-04 01:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004-08-03 17:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-02-11 15:25:14 | 00,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003-01-10 15:55:32 | 00,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001-08-17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001-08-17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001-08-17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000desktop [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000desktop [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-477052938-2222188342-442336120-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.chattanoogashooting.com/index.cfm
IE - HKU\S-1-5-21-477052938-2222188342-442336120-1005\S-1-5-21-477052938-2222188342-442336120-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010-01-25 23:14:14 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-477052938-2222188342-442336120-1005..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-477052938-2222188342-442336120-1005..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mapcss.lnk = C:\mapcss.bat ()
O4 - Startup: C:\Documents and Settings\sa001\Start Menu\Programs\Startup\epcinterface.exe (c-Systems Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-477052938-2222188342-442336120-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-477052938-2222188342-442336120-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1181282725281 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplus.com/_bin/AWSDrawingViewer.cab (ActiveWebParts Illustration Viewer)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sa001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sa001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-04-30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-06-14 12:51:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 30 Days ==========

[2010-01-29 09:03:17 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sa001\Desktop\OTL.exe
[2010-01-29 08:27:34 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-29 08:27:32 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-29 08:27:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-01-29 08:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sa001\Application Data\Malwarebytes
[2010-01-29 08:14:51 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sa001\Desktop\mbam-setup.exe
[2010-01-28 06:46:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010-01-27 10:11:36 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-01-27 10:06:38 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010-01-27 09:31:04 | 00,000,000 | ---D | C] -- C:\thcbytes
[2010-01-27 08:59:52 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010-01-25 22:39:12 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010-01-25 22:38:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-01-25 22:38:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-01-25 22:38:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-01-25 22:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-01-25 20:49:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010-01-19 23:49:43 | 00,000,000 | ---D | C] -- C:\Program Files\hopethisworks
[2010-01-15 10:44:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sa001\Desktop\virus reports
[2010-01-15 10:21:50 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\sa001\Desktop\RootRepeal.exe
[2010-01-14 15:41:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NirCmd.exe
[2010-01-14 12:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-01-13 07:17:29 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-01-12 15:54:02 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-01-12 15:54:02 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-01-12 15:54:01 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-01-12 15:54:00 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010-01-12 15:53:59 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010-01-12 15:53:59 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-01-12 15:53:59 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010-01-12 15:53:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-01-12 15:53:41 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010-01-12 15:53:38 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-01-12 15:48:23 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\sa001\Desktop\avast_home_setup.exe
[2010-01-12 11:05:45 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010-01-12 11:03:59 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010-01-12 11:03:01 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-01-12 11:03:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010-01-12 10:17:27 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\sa001\IECompatCache
[2010-01-11 15:43:17 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010-01-08 13:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2009-11-04 08:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009-07-27 14:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008-04-04 12:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macrovision
[2008-04-04 12:00:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007-07-11 09:06:04 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2007-05-11 09:07:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007-05-11 08:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007-05-11 08:41:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-01-29 09:03:18 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sa001\Desktop\OTL.exe
[2010-01-29 08:53:02 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-29 08:53:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-01-29 08:50:58 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-29 08:50:23 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-29 08:50:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-29 08:50:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-29 08:48:56 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\sa001\NTUSER.DAT
[2010-01-29 08:48:56 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\sa001\ntuser.ini
[2010-01-29 08:48:50 | 04,298,688 | -H-- | M] () -- C:\Documents and Settings\sa001\Local Settings\Application Data\IconCache.db
[2010-01-29 08:27:37 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-29 08:14:51 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sa001\Desktop\mbam-setup.exe
[2010-01-29 07:50:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010-01-27 09:39:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-01-26 08:39:14 | 03,837,063 | R--- | M] () -- C:\Documents and Settings\sa001\Desktop\thcbytes.exe
[2010-01-25 23:14:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-25 22:39:18 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010-01-25 20:35:32 | 00,236,544 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\pev.exe
[2010-01-25 20:35:32 | 00,009,231 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\ncmd.cfxxe
[2010-01-25 20:35:32 | 00,000,476 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\rkill.reg
[2010-01-24 19:59:38 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010-01-22 08:49:31 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\dds.scr
[2010-01-15 10:21:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\sa001\Desktop\RootRepeal.exe
[2010-01-14 06:50:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-12 15:54:02 | 00,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010-01-12 15:53:59 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-01-12 15:48:23 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\sa001\Desktop\avast_home_setup.exe
[2010-01-12 15:41:38 | 00,000,513 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-01-12 11:03:56 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010-01-11 14:33:31 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010-01-08 13:04:48 | 00,000,314 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\Tecumseh engine parts .url
[2010-01-08 13:00:01 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\PartSmartUpdateManager.job
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-30 15:43:55 | 00,001,581 | ---- | M] () -- C:\Documents and Settings\sa001\Desktop\yanmar.rtf
[2009-12-30 15:38:57 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-29 08:27:37 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-25 22:39:18 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010-01-25 22:39:13 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010-01-25 22:38:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-01-25 22:38:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-01-25 22:38:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-01-25 22:38:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-01-25 22:38:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-01-25 21:49:33 | 03,837,063 | R--- | C] () -- C:\Documents and Settings\sa001\Desktop\thcbytes.exe
[2010-01-25 20:15:39 | 00,236,544 | ---- | C] () -- C:\Documents and Settings\sa001\Desktop\pev.exe
[2010-01-25 20:15:39 | 00,009,231 | ---- | C] () -- C:\Documents and Settings\sa001\Desktop\ncmd.cfxxe
[2010-01-25 20:15:39 | 00,000,476 | ---- | C] () -- C:\Documents and Settings\sa001\Desktop\rkill.reg
[2010-01-22 02:32:47 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\sa001\Desktop\dds.scr
[2010-01-12 15:54:02 | 00,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2010-01-12 15:53:41 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010-01-12 15:16:49 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-01-12 11:16:58 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-01-12 11:03:56 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010-01-11 14:33:31 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009-04-13 07:49:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-02-27 13:30:08 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\sa001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-04 12:00:14 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007-08-17 08:18:06 | 00,000,168 | RHS- | C] () -- C:\WINDOWS\System32\F6189F6349.sys
[2007-08-01 08:55:35 | 00,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007-07-17 16:14:07 | 00,299,454 | ---- | C] () -- C:\WINDOWS\ALLSIM.INI
[2007-07-17 16:14:07 | 00,061,268 | ---- | C] () -- C:\WINDOWS\BIUTILSM.INI
[2007-07-17 16:14:07 | 00,057,969 | ---- | C] () -- C:\WINDOWS\SIMSIM.INI
[2007-07-17 16:14:07 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\ngprtserv.dll
[2007-07-17 16:14:07 | 00,000,581 | ---- | C] () -- C:\WINDOWS\Common.ini
[2007-07-17 16:14:06 | 00,000,645 | ---- | C] () -- C:\WINDOWS\Setupwizard.ini
[2007-07-11 09:06:01 | 00,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2007-06-08 01:17:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007-06-08 01:17:39 | 00,000,018 | ---- | C] () -- C:\WINDOWS\Ugi32.ini
[2007-06-07 22:38:16 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\sa001\Local Settings\Application Data\fusioncache.dat
[2007-05-11 09:25:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-05-11 09:09:30 | 01,398,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
[2007-05-11 09:08:28 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007-05-11 09:06:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007-05-11 09:06:50 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007-05-11 09:06:50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007-05-11 09:06:50 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007-05-11 09:06:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007-05-11 09:06:50 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007-05-11 09:06:35 | 00,000,040 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007-05-11 09:01:20 | 00,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007-05-11 09:01:20 | 00,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007-05-11 09:01:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007-05-11 08:50:13 | 00,459,664 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007-05-11 08:50:13 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006-06-19 10:36:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-04-30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-04-30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2007-06-08 00:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2007-05-11 09:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2007-06-22 15:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ari Network Services
[2007-05-11 09:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007-05-11 09:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010-01-12 11:04:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007-06-08 00:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2007-05-11 09:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2007-08-10 13:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Esker
[2009-06-10 07:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\InterVideo
[2007-06-08 00:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Lenovo
[2007-05-11 09:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\ThinkVantage
[2010-01-29 08:53:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-01-29 07:50:00 | 00,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010-01-08 13:00:01 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\PartSmartUpdateManager.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2008-06-12 07:08:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007-06-22 15:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ari Network Services
[2007-05-11 09:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2007-05-11 09:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2007-05-11 09:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010-01-12 11:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007-05-11 09:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2007-08-10 07:29:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2010-01-14 12:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007-07-06 13:48:02 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009-12-16 07:03:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2007-05-11 08:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010-01-27 09:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007-05-11 08:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010-01-12 11:04:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2007-05-11 09:09:30 | 01,398,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
[2009-12-07 09:10:33 | 02,953,352 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
[2007-03-29 14:41:28 | 00,992,176 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\agent.exe
[2007-03-20 14:25:36 | 00,205,744 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\dwusplay.exe
[2007-03-29 14:41:28 | 00,287,664 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISDM.exe
[2007-03-29 14:41:26 | 00,086,960 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\issch.exe

< %APPDATA%\*. >
[2008-06-28 07:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Adobe
[2008-06-12 07:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\AdobeUM
[2009-02-23 16:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Corel
[2007-08-10 13:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Esker
[2009-07-27 14:39:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Google
[2007-05-11 08:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Identities
[2007-06-22 15:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\InstallShield
[2009-06-10 07:19:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\InterVideo
[2007-06-08 00:59:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Lenovo
[2007-06-22 15:42:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Macromedia
[2009-01-23 13:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Macrovision
[2010-01-29 08:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Malwarebytes
[2007-06-27 07:27:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\sa001\Application Data\Microsoft
[2007-08-10 13:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Sun
[2007-06-08 00:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\Symantec
[2007-05-11 09:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sa001\Application Data\ThinkVantage

< %APPDATA%\*.exe /s >
[2007-06-23 08:04:35 | 21,277,080 | ---- | M] ( ) -- C:\Documents and Settings\sa001\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008-06-03 12:43:16 | 19,900,192 | ---- | M] ( ) -- C:\Documents and Settings\sa001\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2009-06-04 13:30:19 | 01,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\sa001\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004-08-04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004-08-04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004-08-04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004-08-04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004-08-04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004-08-04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004-08-04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004-08-04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004-08-04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005-10-11 19:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009-02-06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009-02-06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009-02-06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004-08-04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004-08-04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


Here is the extra.txt

OTL Extras logfile created on: 2010-01-29 9:05:07 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\sa001\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

502.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.51 Gb Total Space | 105.91 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
Drive D: | 4.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 144.53 Gb Total Space | 134.51 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
Drive F: | 144.53 Gb Total Space | 134.51 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TERM12
Current User Name: sa001
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4CA52274-4043-4CF4-ADC5-0BBC4624EF69}" = PartSmartUpdate
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{83E1916D-0D14-43F2-B3E6-1BCB7E831704}" = PartSmart 8
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{928AAC91-57E8-473D-AEC0-C8AE0DED8EEC}" = PartSmart
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CA69D44A-2CFA-4ADF-9882-D2A0CA728D4B}" = PartSmart
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DA320635-F48C-4613-8325-D75A933C549E}" = Lenovo Care System Update Toolbar Button for IE
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"Dell_HostCD" = Dell Software Uninstall
"Digital Media LE" = Roxio Digital Media LE
"ESET Online Scanner" = ESET Online Scanner v3
"Esker-Persona Win32 Client-5.0" = Persona Windows 32-bit Client - 5.0a
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa 3" = Picasa 3
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2010-01-14 10:43:04 AM | Computer Name = TERM12 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 2010-01-14 10:43:04 AM | Computer Name = TERM12 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 2010-01-14 10:43:14 AM | Computer Name = TERM12 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

[ Application Events ]
Error - 2010-01-25 8:56:04 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.3099, fault address 0x00010f88.

Error - 2010-01-25 9:05:25 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2010-01-25 10:01:45 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2010-01-25 10:46:24 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2010-01-25 11:38:04 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x00001000.

Error - 2010-01-25 11:38:10 PM | Computer Name = TERM12 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x00001000.

Error - 2010-01-26 12:23:16 AM | Computer Name = TERM12 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 2010-01-27 9:44:07 AM | Computer Name = TERM12 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 2010-01-27 9:59:47 AM | Computer Name = TERM12 | Source = MsiInstaller | ID = 11705
Description = Product: SPBBC 32bit -- Error 1705. A previous installation for this
product is in progress. You must undo the changes made by that installation to
continue. Do you want to undo those changes?

Error - 2010-01-27 10:14:17 AM | Computer Name = TERM12 | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ System Events ]
Error - 2010-01-27 9:42:01 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 2010-01-27 9:43:10 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 2010-01-27 9:43:10 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 2010-01-27 9:44:01 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 2010-01-27 9:44:01 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 2010-01-27 9:44:01 AM | Computer Name = TERM12 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 2010-01-27 9:44:12 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7023
Description = The avast! Web Scanner service terminated with the following error:
%%2147500053

Error - 2010-01-27 10:32:42 AM | Computer Name = TERM12 | Source = Service Control Manager | ID = 7034
Description = The ProtexisLicensing service terminated unexpectedly. It has done
this 1 time(s).

Error - 2010-01-27 2:53:40 PM | Computer Name = TERM12 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 9042 minutes. NtpClient has no source of accurate
time.

Error - 2010-01-29 9:50:15 AM | Computer Name = TERM12 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users