[krhaller]

I had already started a malwarebytes full system scan. The results are below. I ran TFC and it found nothing. I am running Kaspersky currently - it looks like it still some hours to go. I will post the results in the AM.

Thanks.

-Karl

-----------------
malwarebytes log
-----------------

Malwarebytes' Anti-Malware 1.42
Database version: 3450
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/29/2009 7:02:52 PM
mbam-log-2009-12-29 (19-02-52).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 303586
Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP393\A0079750.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP393\A0079752.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP393\A0079759.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP393\A0079754.sys (Malware.Packer) -> Quarantined and deleted successfully.

[Advertisements]

Here is the kaspersky log file.

Thanks.

-Karl

-------------
Kaspersky
-------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 30, 2009 00:56:17
Records in database: 3417124
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 152057
Threats found: 3
Infected objects found: 5
Suspicious objects found: 1
Scan duration: 04:54:29


File name / Threat / Threats count
C:\Documents and Settings\Karl Haller\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Usbankfraud.p 2
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\JCS Backup.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\JCS Backup.pst Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\Outlook Backups - Jan08\KRH Inbox - 012808.pst Infected: Trojan-Spy.HTML.Usbankfraud.p 2

Selected area has been scanned.

[krhaller]

Here is the kaspersky log file.

Thanks.

-Karl

-------------
Kaspersky
-------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 30, 2009 00:56:17
Records in database: 3417124
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 152057
Threats found: 3
Infected objects found: 5
Suspicious objects found: 1
Scan duration: 04:54:29


File name / Threat / Threats count
C:\Documents and Settings\Karl Haller\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Usbankfraud.p 2
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\JCS Backup.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\JCS Backup.pst Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Karl Haller\My Documents\KRH Home\Outlook Backups - Jan08\KRH Inbox - 012808.pst Infected: Trojan-Spy.HTML.Usbankfraud.p 2

Selected area has been scanned.

[Rorschach112]

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[krhaller]

Here is the log from the OTL scan.

Thanks.

-Karl

---------------
OTL Quick Scan
---------------

OTL logfile created on: 12/30/2009 6:03:40 PM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Karl Haller\Desktop\Anti-Malware (Geeks To Go)\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.27 Gb Total Space | 8.86 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 203.94 Gb Free Space | 43.79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T60
Current User Name: Karl Haller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/24 00:55:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Haller\Desktop\Anti-Malware (Geeks To Go)\OTL\OTL.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/13 16:21:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/13 16:21:14 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/11 17:24:16 | 00,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/10/25 15:37:32 | 02,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2007/10/25 15:33:22 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/10/25 15:32:58 | 00,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/17 15:13:00 | 00,094,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/04/17 15:12:26 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/04/17 15:09:10 | 00,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2006/04/17 14:59:10 | 00,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/03/09 18:14:12 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/02/17 17:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/02/17 17:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/17 17:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/01/25 03:03:00 | 00,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/12/21 20:34:58 | 00,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 20:27:00 | 00,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 20:20:56 | 01,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 20:13:20 | 02,369,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
PRC - [2005/12/21 20:08:02 | 01,996,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
PRC - [2005/12/21 19:17:54 | 00,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/20 23:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/12/15 16:19:22 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/12/02 05:03:00 | 00,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2005/11/17 04:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2005/11/15 15:13:24 | 00,049,152 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005/11/14 17:23:22 | 00,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2005/11/11 03:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/11/07 13:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/11/01 17:04:02 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/26 02:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 15:57:42 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/15 15:57:18 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/08/12 16:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/08/01 19:33:04 | 00,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\PipeServer.exe
PRC - [2005/08/01 19:32:40 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/08/01 07:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 16:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/09 05:39:52 | 00,042,032 | ---- | M] (IBM) -- C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe
PRC - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/12/12 17:55:06 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PRC - [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/10/20 13:47:00 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2009/12/24 00:55:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Haller\Desktop\Anti-Malware (Geeks To Go)\OTL\OTL.exe
MOD - [2007/10/19 12:19:10 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/09/15 15:57:36 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/22 01:32:54 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/13 16:21:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/04 10:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/05/03 17:47:48 | 00,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2008/02/09 19:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/10/19 12:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 12:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 12:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 15:12:26 | 00,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/02/17 17:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/02/17 17:52:24 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/02/17 17:51:46 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/12/21 20:34:58 | 00,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 20:20:56 | 01,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 19:17:54 | 00,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/20 23:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/12/14 13:51:12 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/11 03:33:00 | 00,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/11/01 17:04:02 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 19:32:40 | 00,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/30 12:49:36 | 00,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/08/11 02:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 23:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/10/20 13:47:00 | 00,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (gearsec)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 18:37:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 18:37:31 | 00,000,000 | ---D | M]

[2008/06/19 21:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Mozilla\Extensions
[2009/12/29 20:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Mozilla\Firefox\Profiles\zy238s1v.default\extensions
[2009/12/12 11:06:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Mozilla\Firefox\Profiles\zy238s1v.default\extensions\[email protected]
[2009/05/25 18:52:33 | 00,002,749 | ---- | M] () -- C:\Documents and Settings\Karl Haller\Application Data\Mozilla\Firefox\Profiles\zy238s1v.default\searchplugins\cuil.xml
[2009/05/25 18:53:20 | 00,002,275 | ---- | M] () -- C:\Documents and Settings\Karl Haller\Application Data\Mozilla\Firefox\Profiles\zy238s1v.default\searchplugins\wolframalpha.xml
[2009/12/30 17:59:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} http://duanereade.st...geUpload1_4.CAB (SFImageUpload1_4.ImageUpload)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/04 01:31:42 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/29 19:43:42 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/29 19:43:30 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karl Haller\Desktop\TFC.exe
[2009/12/29 14:23:03 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/29 14:22:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/29 14:22:15 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/29 14:22:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/29 14:22:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/29 14:22:01 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/12/29 14:12:23 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/29 13:04:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/12/27 18:31:02 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 15:28:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/27 15:28:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/27 15:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\MB
[2009/12/27 15:14:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/27 15:08:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karl Haller\Application Data\Lenovo
[2009/12/27 15:01:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/27 15:00:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/27 14:59:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karl Haller\Application Data\Malwarebytes
[2009/12/27 14:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/27 14:43:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Karl Haller\Desktop\Anti-Malware (Geeks To Go)
[2009/12/11 18:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/07/06 21:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/28 05:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/04/28 04:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/03/21 12:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/11 12:38:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/11 12:38:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/05/11 12:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/11 12:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/11 12:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[2008/05/11 12:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM

========== Files - Modified Within 14 Days ==========

[2009/12/30 18:01:30 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/12/30 18:00:18 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 17:59:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 17:59:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 17:59:52 | 16,089,62048 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/30 17:58:31 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\Karl Haller\NTUSER.DAT
[2009/12/30 17:58:31 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Karl Haller\ntuser.ini
[2009/12/29 21:06:17 | 15,663,93344 | ---- | M] () -- C:\Documents and Settings\Karl Haller\My Documents\KH Outlook Backup - All - 111408.pst
[2009/12/29 14:35:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/29 14:34:29 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/29 14:23:10 | 00,000,264 | RHS- | M] () -- C:\BOOT.INI
[2009/12/29 14:18:51 | 03,868,680 | R--- | M] () -- C:\Documents and Settings\Karl Haller\Desktop\ComboFix.exe
[2009/12/29 13:23:11 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Karl Haller\Desktop\Malwarebytes Anti-Malware.lnk
[2009/12/27 15:00:48 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Karl Haller\Desktop\NTREGOPT.lnk
[2009/12/27 15:00:48 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Karl Haller\Desktop\ERUNT.lnk
[2009/12/24 10:31:32 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karl Haller\Desktop\TFC.exe
[2009/12/24 10:16:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/12/24 10:16:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/12/23 00:34:31 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/20 20:41:25 | 00,028,691 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini

========== Files Created - No Company Name ==========

[2009/12/29 14:23:10 | 00,000,194 | ---- | C] () -- C:\Boot.bak
[2009/12/29 14:23:05 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/29 14:22:15 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/29 14:22:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/29 14:22:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/29 14:22:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/29 14:22:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/29 14:15:37 | 03,868,680 | R--- | C] () -- C:\Documents and Settings\Karl Haller\Desktop\ComboFix.exe
[2009/12/29 13:23:11 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Desktop\Malwarebytes Anti-Malware.lnk
[2009/12/27 18:35:52 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Desktop\svchost (GMER).exe
[2009/12/27 15:00:48 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Desktop\NTREGOPT.lnk
[2009/12/27 15:00:48 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Desktop\ERUNT.lnk
[2009/12/24 00:21:40 | 16,089,62048 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/23 00:34:31 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/07 19:47:43 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/12/07 19:47:43 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/06/15 23:13:33 | 00,067,584 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/16 19:32:19 | 00,028,691 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2008/05/11 16:51:15 | 00,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/11 16:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/05/11 16:02:45 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2008/05/04 02:16:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/04 01:31:35 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Karl Haller\Local Settings\Application Data\fusioncache.dat
[2008/05/03 17:50:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/03 17:49:46 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/05/03 17:49:32 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/05/03 17:40:00 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/03 17:40:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/03 17:40:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/03 17:39:59 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/03 17:39:59 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/03 17:39:59 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/03 17:39:22 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2008/05/03 17:39:03 | 00,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/03 17:27:18 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008/05/03 17:26:25 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2008/05/03 17:23:48 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/05/03 17:07:28 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/03 17:03:26 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2008/05/03 17:03:26 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2008/05/03 17:01:07 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2007/10/11 17:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/11/01 16:59:16 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 17:22:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/09/06 12:05:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 13:03:43 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 00:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/05/11 16:02:47 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/05/11 12:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/01/30 23:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2008/05/11 12:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2009/09/12 19:55:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/07 19:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/08 22:05:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Amazon
[2009/10/12 20:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Axara
[2009/12/17 22:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Canon
[2008/05/11 12:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\IBM
[2008/12/20 18:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\InterVideo
[2008/09/01 21:07:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\J River
[2008/06/12 21:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Leadertech
[2009/12/27 15:08:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Lenovo
[2009/09/07 18:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\Research In Motion
[2008/05/11 12:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Karl Haller\Application Data\ThinkVantage
[2009/12/30 18:01:30 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========


< End of report >

[Rorschach112]

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html


Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[krhaller]

Thanks again for your help.

-Karl

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.