Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Machine will not boot after attempting to remove malware

Started by Steve DeVore , Dec 11 2010 03:12 PM

  • This topic is locked This topic is locked

#1
Steve DeVore
Posted 11 December 2010 - 03:12 PM

Steve DeVore

    Member

  • Member
  • PipPipPip
  • 140 posts
I am working on a HP (compaq) 7400 laptop. It was infected with one of those fake anti-virus. The virus would not let the symantec anti-virus run on the laptop. It also prevented malwarebytes and spybot search and destroy from running.

I booted the laptop up in safemode and was able to run malwarebytes, malwarebytes found several malware instances and deleted them. I then rebooted the machine only to find out that the fake antivirus was still active. I then tried to reboot into safe mode and the machine would not boot it only shows a black screen with a cursor flashing in the upper left.

I'm stuck please help.
  • 0

Advertisements

#2
Salagubang
Posted 12 December 2010 - 09:39 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Steve Devore,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Ok we're going to need some logs, so lets try this.

On a clean XP machine

  • Please do the following:
  • Open "My Computer" on your desktop.
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders, find "Hide extension for known file types" and uncheck it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

Next

  • Insert your USB Flash Drive (UFD).
  • Download hpusbfw.exe to your Desktop.
  • Double click "hpusbfw.exe" to run HP USB Disk Storage Format Tool 2.0.6.0.
    • Choose your USB under "Device"
    • For "File system", choose "FAT"
    • Under "Volume label", type in the name "Bootloader"
    • Leave un-checked "Quick Format" and "Create a DOS startup disk"
    • Click "Start"
  • Copy these two files, from the root of the Windows drive (C:\) to the UFD:

    NTLDR
    Ntdetect.com

Next

  • Open Notepad (go to Start>All Programs>Accessories and click Notepad)
  • Copy the contents of the codebox below using CTRL+C (or selecting all the text in the box, and right clicking on it and selecting Copy)
    [boot loader]
timeout=-1
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="A) Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="B) Emergency Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(1)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="C) Alternate Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="D) Alternate Boot Loader 2nd Partition" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
  • Now return to Notepad and use CTRL + V (or rightclick on the whitespace and Paste) to paste the script
  • Verify that you have pasted the complete script
  • Save the Notepad file to the UFD as "boot.ini" using Save as Type: All files

Your Emergency Bootloader is now ready.

Booting using the Emergency Bootloader.
  • Insert the USB (UFD) to the ailing computer.
  • Reboot the system using the UFD Bootloader you just created.
  • Depending on how the harddisk is partitioned, choosing (A) Emergency Bootloader will most of the time do the trick. If however it doesnt work, please try options B,C and D

Note : If you do not know how to set your computer to boot from USB follow the steps here



Step Two

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Steve DeVore
Posted 13 December 2010 - 12:36 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thanks so much for the help, here is the otl report

OTL logfile created on: 12/13/2010 1:24:59 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Reeves\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 92.39 Gb Free Space | 82.65% Space Free | Partition Type: NTFS
Drive E: | 488.82 Mb Total Space | 488.52 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: REEVES-B863BFD2 | User Name: Reeves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Reeves\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe (Google Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Reeves\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101128.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101128.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (iastor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 46 25 99 F1 9A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPla2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/05/02 16:30:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/09 12:28:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/09 05:33:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Playdom Toolbar) - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPla2.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Playdom Toolbar) - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPla2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Playdom Toolbar) - {69D1A568-FFDF-4EF5-8919-7003582E0EE8} - C:\Program Files\Playdom\tbPla2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [xuri49tkd] C:\windows\andy145.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Reeves\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Reeves\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 06:58:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2010/12/13 13:20:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reeves\Desktop\OTL.exe
[2010/12/11 21:11:22 | 000,000,000 | ---D | C] -- C:\Temp
[2010/12/11 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/11 12:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/12/11 11:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reeves\Application Data\Malwarebytes
[2010/12/11 11:56:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/11 11:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/12/11 11:56:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/11 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 11:54:50 | 000,165,376 | -H-- | C] (G2iX2k) -- C:\WINDOWS\andy145_exe_1292168116.arl
[2010/11/29 14:39:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/13 13:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{855368AA-86D0-4604-B2D4-5B76380E584E}.job
[2010/12/13 13:20:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reeves\Desktop\OTL.exe
[2010/12/13 13:10:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/13 13:10:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/13 13:10:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1788223648-839522115-1004UA.job
[2010/12/13 13:09:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/13 13:09:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/12 00:01:30 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2010/12/11 12:43:24 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\1011201014697.xxe
[2010/12/11 12:42:55 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\10112010146103.xxe
[2010/12/11 12:28:08 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/11 12:00:43 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Reeves\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/11 12:00:43 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Reeves\Desktop\Spybot - Search & Destroy.lnk
[2010/12/11 11:56:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/11 11:54:50 | 000,165,376 | -H-- | M] (G2iX2k) -- C:\WINDOWS\andy145_exe_1292168116.arl
[2010/11/29 13:01:00 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/11/29 13:00:10 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 13:00:10 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 11:26:24 | 000,153,600 | -H-- | M] () -- C:\WINDOWS\andy143_exe_1292168116.arl
[2010/11/23 18:10:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1788223648-839522115-1004Core.job
[2010/11/19 13:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/11 12:43:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\1011201014697.xxe
[2010/12/11 12:42:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\10112010146103.xxe
[2010/12/11 12:28:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/12/11 12:00:43 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Reeves\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/11 12:00:43 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Reeves\Desktop\Spybot - Search & Destroy.lnk
[2010/12/11 11:56:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/29 11:26:24 | 000,153,600 | -H-- | C] () -- C:\WINDOWS\andy143_exe_1292168116.arl
[2010/05/09 11:48:46 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 14:11:00 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2010/02/17 23:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/02/17 08:41:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/02/17 01:49:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2006/02/15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/04 05:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 05:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 05:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 05:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 05:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/16 17:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
[2010/05/24 16:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2010/07/11 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
[2010/05/30 06:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Happyville__
[2010/05/29 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Mean Hamster
[2010/11/11 11:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom
[2010/11/11 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2010/05/24 17:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
[2010/11/13 13:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/11/11 16:03:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Reeves\Application Data\.#
[2010/11/06 21:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\alot
[2010/11/11 14:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Amaranth Games
[2010/11/06 11:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Big Fish Games
[2010/05/22 22:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\EleFun Games
[2010/11/02 22:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Leadertech
[2010/05/29 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Mean Hamster
[2010/11/11 11:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Merscom
[2010/05/16 16:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\My Games
[2010/07/13 18:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\NevoSoft Games
[2010/11/11 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\PlayFirst
[2010/12/13 13:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\PriceGong
[2010/05/02 17:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\V-Games
[2010/05/22 23:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\Virtual City
[2010/05/16 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reeves\Application Data\WeatherBug
[2010/12/13 13:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{855368AA-86D0-4604-B2D4-5B76380E584E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0BAA671C
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:38673444
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8B0F52E5
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:978345F0
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:579740A4
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A921E6B
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:779EE5FD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57648A0A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AAC11624
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1BA40D81
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:587BB6CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E1362456
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BE19F9B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:522EA216
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D23FAE12
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1512DC7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6C31E03
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:78CC8F21
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:904251FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1F714C1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04A2BA27

< End of report >
  • 0

#4
Salagubang
Posted 13 December 2010 - 10:02 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Steve Devore,

:D

Thank you for posting the log. Let me review it for a while to determine our next course of action. ;)
  • 0

#5
Steve DeVore
Posted 14 December 2010 - 01:47 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Still awaiting the next step
  • 0

#6
Salagubang
Posted 14 December 2010 - 02:59 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Steve Devore,

Here you go. :D

Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [xuri49tkd] C:\windows\andy145.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2010/12/11 11:54:50 | 000,165,376 | -H-- | C] (G2iX2k) -- C:\WINDOWS\andy145_exe_1292168116.arl
[2010/12/11 12:43:24 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\1011201014697.xxe
[2010/12/11 12:42:55 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\10112010146103.xxe
[2010/12/11 11:54:50 | 000,165,376 | -H-- | M] (G2iX2k) -- C:\WINDOWS\andy145_exe_1292168116.arl
[2010/11/29 11:26:24 | 000,153,600 | -H-- | M] () -- C:\WINDOWS\andy143_exe_1292168116.arl
[2010/12/11 12:43:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\1011201014697.xxe
[2010/12/11 12:42:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Reeves\Local Settings\Application Data\10112010146103.xxe
[2010/11/11 16:03:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Reeves\Application Data\.#
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0BAA671C
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:38673444
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8B0F52E5
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:978345F0
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:579740A4
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A921E6B
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:779EE5FD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:57648A0A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:AAC11624
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1BA40D81
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:587BB6CA
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:E1362456
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:8BE19F9B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:522EA216
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D23FAE12
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1512DC7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D6C31E03
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:78CC8F21
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:904251FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B1F714C1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:04A2BA27

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step Two

Restart the computer then remove the USB stick when performing the succeeding fixes

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Three


Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Steve DeVore
Posted 14 December 2010 - 08:26 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Ran Tdsskiller- still need the usb when i rebooted. the report is below, going to step 3 now

2010/12/14 21:12:37.0421 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/14 21:12:37.0421 ================================================================================
2010/12/14 21:12:37.0421 SystemInfo:
2010/12/14 21:12:37.0421
2010/12/14 21:12:37.0421 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/14 21:12:37.0421 Product type: Workstation
2010/12/14 21:12:37.0421 ComputerName: REEVES-B863BFD2
2010/12/14 21:12:37.0421 UserName: Reeves
2010/12/14 21:12:37.0421 Windows directory: C:\WINDOWS
2010/12/14 21:12:37.0421 System windows directory: C:\WINDOWS
2010/12/14 21:12:37.0421 Processor architecture: Intel x86
2010/12/14 21:12:37.0421 Number of processors: 2
2010/12/14 21:12:37.0421 Page size: 0x1000
2010/12/14 21:12:37.0421 Boot type: Normal boot
2010/12/14 21:12:37.0421 ================================================================================
2010/12/14 21:12:37.0796 Initialize success
2010/12/14 21:13:14.0046 ================================================================================
2010/12/14 21:13:14.0046 Scan started
2010/12/14 21:13:14.0046 Mode: Manual;
2010/12/14 21:13:14.0046 ================================================================================
2010/12/14 21:13:15.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/14 21:13:15.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/14 21:13:15.0515 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/12/14 21:13:15.0703 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/12/14 21:13:15.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/14 21:13:15.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/14 21:13:15.0921 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/14 21:13:16.0296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/14 21:13:16.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/14 21:13:16.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/14 21:13:16.0453 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/14 21:13:16.0515 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/14 21:13:16.0718 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/12/14 21:13:16.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/14 21:13:16.0875 btaudio (df74d51ba41ad84d72b2cb844337d3ed) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/14 21:13:16.0953 BTDriver (048f90a830e4dfbe050ea9f4c9f98ae3) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/14 21:13:17.0078 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/12/14 21:13:17.0312 BTWDNDIS (8aa19a3c1cbdfeef118f0e4ef874a8a7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/12/14 21:13:17.0406 BTWUSB (00c8988da469e4ac087539bd77420123) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/14 21:13:17.0453 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/14 21:13:17.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/14 21:13:17.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/14 21:13:17.0781 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/14 21:13:17.0843 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/14 21:13:17.0906 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/14 21:13:17.0953 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/14 21:13:18.0062 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/14 21:13:18.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/14 21:13:18.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/14 21:13:18.0406 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/14 21:13:18.0453 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/14 21:13:18.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/14 21:13:18.0640 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/14 21:13:18.0671 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/14 21:13:18.0906 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/14 21:13:18.0968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/14 21:13:19.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/14 21:13:19.0015 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/14 21:13:19.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/14 21:13:19.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/14 21:13:19.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/14 21:13:19.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/14 21:13:19.0250 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/12/14 21:13:19.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/14 21:13:19.0578 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/14 21:13:19.0671 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/14 21:13:19.0875 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/14 21:13:20.0218 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/14 21:13:20.0703 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/14 21:13:20.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/14 21:13:20.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/14 21:13:20.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/14 21:13:20.0984 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/14 21:13:21.0218 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/14 21:13:21.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/14 21:13:21.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/14 21:13:21.0343 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/14 21:13:21.0375 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/14 21:13:21.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/14 21:13:21.0640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/14 21:13:21.0703 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/14 21:13:21.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/14 21:13:21.0859 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/12/14 21:13:21.0921 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/12/14 21:13:22.0156 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/12/14 21:13:22.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/14 21:13:22.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/14 21:13:22.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/14 21:13:22.0343 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/14 21:13:22.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/14 21:13:22.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/14 21:13:22.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/14 21:13:22.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/14 21:13:22.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/14 21:13:22.0765 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/14 21:13:22.0812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/14 21:13:22.0968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/14 21:13:23.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/14 21:13:23.0140 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\naveng.sys
2010/12/14 21:13:23.0250 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101128.002\navex15.sys
2010/12/14 21:13:23.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/14 21:13:23.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/14 21:13:23.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/14 21:13:23.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/14 21:13:23.0656 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/14 21:13:23.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/14 21:13:23.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/14 21:13:24.0062 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/12/14 21:13:24.0281 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/14 21:13:24.0343 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/14 21:13:24.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/14 21:13:24.0515 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/14 21:13:24.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/14 21:13:24.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/14 21:13:24.0703 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/14 21:13:24.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/14 21:13:24.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/14 21:13:24.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/14 21:13:24.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/14 21:13:24.0984 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/14 21:13:25.0015 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/14 21:13:25.0156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/14 21:13:25.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/14 21:13:25.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/14 21:13:25.0343 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/14 21:13:25.0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/14 21:13:25.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/14 21:13:25.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/14 21:13:25.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/14 21:13:25.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/14 21:13:25.0718 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/14 21:13:25.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/14 21:13:25.0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/14 21:13:25.0953 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/12/14 21:13:25.0984 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/12/14 21:13:26.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/14 21:13:26.0218 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/14 21:13:26.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/14 21:13:26.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/14 21:13:26.0421 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/14 21:13:26.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/14 21:13:26.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/14 21:13:26.0734 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/14 21:13:26.0781 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/14 21:13:26.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/14 21:13:26.0843 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/14 21:13:27.0015 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS
2010/12/14 21:13:27.0250 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/14 21:13:27.0328 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/14 21:13:27.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/14 21:13:27.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/14 21:13:27.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/14 21:13:27.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/14 21:13:27.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/14 21:13:27.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/14 21:13:27.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/14 21:13:27.0984 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/14 21:13:28.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/14 21:13:28.0234 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/14 21:13:28.0296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/14 21:13:28.0343 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/14 21:13:28.0406 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/14 21:13:28.0593 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/14 21:13:28.0640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/14 21:13:28.0687 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/14 21:13:28.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/14 21:13:28.0796 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/14 21:13:29.0046 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/14 21:13:29.0093 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/14 21:13:29.0171 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/14 21:13:29.0625 ================================================================================
2010/12/14 21:13:29.0625 Scan finished
2010/12/14 21:13:29.0625 ================================================================================
2010/12/14 21:13:29.0640 Detected object count: 1
2010/12/14 21:14:34.0796 \HardDisk0 - will be cured after reboot
2010/12/14 21:14:34.0796 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/14 21:15:15.0453 Deinitialize success
  • 0

#8
Salagubang
Posted 14 December 2010 - 08:28 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Proceed with the next step.
  • 0

#9
Steve DeVore
Posted 14 December 2010 - 08:43 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
The machine will not reboot on it's own, I still have to us the usb, should I reset the bios to be rebooting from the HDD
  • 0

#10
Salagubang
Posted 14 December 2010 - 08:47 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Yes try that if you seeing error message like "Cannot find bootable media" or along those lines then yes, change the boot order to harddisk.

But if you're just seeing a blinking cursor, then just boot with the USB and proceed with the next step. :D

We will deal with the booting afterwards.


and oh, please do remove the USB before running the tool.

Edited by Salagubang, 14 December 2010 - 08:51 PM.

  • 0

Advertisements

#11
Steve DeVore
Posted 14 December 2010 - 08:49 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Thanks, no error message just the cursor. Combofix is still running/
  • 0

#12
Steve DeVore
Posted 14 December 2010 - 08:57 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
combofix log

ComboFix 10-12-14.01 - Reeves 12/14/2010 21:42:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.578 [GMT -5:00]
Running from: c:\documents and settings\Reeves\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ebonee\Application Data\alot
c:\documents and settings\Ebonee\Application Data\PriceGong
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Ebonee\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Reeves\Application Data\alot
c:\documents and settings\Reeves\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Reeves\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Reeves\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Reeves\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Reeves\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Reeves\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Reeves\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Reeves\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Reeves\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Reeves\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Reeves\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Reeves\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Reeves\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Reeves\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Reeves\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Reeves\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Reeves\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Reeves\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Reeves\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Reeves\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Reeves\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml
c:\documents and settings\Reeves\Application Data\alot\hideToolbarLayout\hideToolbarLayout.xml.backup
c:\documents and settings\Reeves\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Reeves\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Reeves\Application Data\alot\products\products.xml
c:\documents and settings\Reeves\Application Data\alot\products\products.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Reeves\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_10\images\default_2254_email.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_10\images\default_2254_email.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_10\images\icon_configure.JPG
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\alert-icon.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\clear.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\cloudy.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\default_1007_alot_weather_widget.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\foggy.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\mcloud.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\nclear.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\nmcloud.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\pcloud.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\rain.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\shower.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_11\images\tstorm.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_3\images\2302_icon.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_3\images\2302_icon.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_3\images\default_2302_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_3\images\default_2302_default_1379_alot_cas_playgames.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_4\images\default_2304_default_1379_alot_cas_playgames.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_5\images\default_2303_default_1379_alot_cas_playgames.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_6\images\default_2305_default_1613_alot_online_games_tetriz.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_7\images\default_2306_default_2080_frogger_button.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_8\images\3562_icon.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_8\images\3562_icon.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_9\images\3956_icon.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Button_9\images\3956_icon.png
c:\documents and settings\Reeves\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Reeves\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Reeves\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Reeves\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Reeves\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Reeves\Application Data\alot\toolbar.xml
c:\documents and settings\Reeves\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Reeves\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Reeves\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Reeves\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Reeves\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Reeves\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Reeves\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Reeves\Application Data\PriceGong
c:\documents and settings\Reeves\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Reeves\Application Data\PriceGong\Data\z.xml

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 01:56 . 2010-12-15 01:56 -------- d-----w- C:\_OTL
2010-12-14 20:28 . 2010-12-14 20:28 -------- d-----w- c:\documents and settings\Reeves\Local Settings\Application Data\Thinstall
2010-12-14 20:28 . 2010-12-14 20:28 -------- d-----w- c:\documents and settings\Reeves\Application Data\Thinstall
2010-12-12 02:11 . 2010-12-12 06:15 -------- d-----w- C:\Temp
2010-12-11 21:19 . 2009-03-19 19:07 169984 -c--a-w- c:\windows\system32\dllcache\msconfig.exe
2010-12-11 21:19 . 2009-03-19 19:07 14336 -c--a-w- c:\windows\system32\dllcache\svchost.exe
2010-12-11 21:19 . 2009-03-19 19:07 507904 -c--a-w- c:\windows\system32\dllcache\winlogon.exe
2010-12-11 21:19 . 2009-03-19 19:07 1414656 -c--a-w- c:\windows\system32\dllcache\mmc.exe
2010-12-11 21:19 . 2009-03-19 19:07 13312 -c--a-w- c:\windows\system32\dllcache\lsass.exe
2010-12-11 21:19 . 2009-03-19 19:07 514560 -c--a-w- c:\windows\system32\dllcache\logonui.exe
2010-12-11 21:19 . 2009-03-19 19:07 389120 -c--a-w- c:\windows\system32\dllcache\cmd.exe
2010-12-11 21:19 . 2009-03-19 19:07 146432 -c--a-w- c:\windows\system32\dllcache\regedit.exe
2010-12-11 21:19 . 2009-03-19 19:07 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2010-12-11 21:19 . 2009-03-19 19:07 26112 -c--a-w- c:\windows\system32\dllcache\userinit.exe
2010-12-11 21:19 . 2009-03-19 19:07 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe
2010-12-11 17:00 . 2010-12-13 20:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-11 17:00 . 2010-12-11 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-12-11 16:56 . 2010-12-11 16:56 -------- d-----w- c:\documents and settings\Reeves\Application Data\Malwarebytes
2010-12-11 16:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 16:56 . 2010-12-11 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-12-11 16:56 . 2010-12-11 16:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 16:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 16:49 . 2010-12-11 21:48 -------- d-----w- c:\documents and settings\Administrator.REEVES-B863BFD2
2010-11-29 19:39 . 2010-11-29 19:39 -------- d-----w- c:\windows\system32\NtmsData
2010-11-21 04:02 . 2010-11-21 04:16 -------- d-----w- c:\documents and settings\Ebonee\Local Settings\Application Data\WMTools Downloaded Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:47 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Playdom\tbPla2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{69D1A568-FFDF-4EF5-8919-7003582E0EE8}"= "c:\program files\Playdom\tbPla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
taskmgr.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]

c:\documents and settings\mrussell\Start Menu\Programs\Startup\
taskmgr.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]

c:\documents and settings\scagle\Start Menu\Programs\Startup\
taskmgr.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]

c:\documents and settings\Ebonee\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-11-2 813584]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
taskmgr.lnk - c:\windows\system32\taskmgr.exe [2004-8-4 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/2/2010 10:14 PM 10384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 7:04 PM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 9:11 AM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:11]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 14:11]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1788223648-839522115-1004Core.job
- c:\documents and settings\Ebonee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-17 19:00]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1788223648-839522115-1004UA.job
- c:\documents and settings\Ebonee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-17 19:00]

2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{855368AA-86D0-4604-B2D4-5B76380E584E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=9DBC5D0001CAF540097014F7&src_id=11231&camp_id=-3&tb_version=2.5.9001.490
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-HijackThis - c:\bwht202\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-14 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-12-14 21:52:52
ComboFix-quarantined-files.txt 2010-12-15 02:52

Pre-Run: 99,829,473,280 bytes free
Post-Run: 99,803,774,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30

- - End Of File - - 43BD55D503D8BB38FBAC66D6B86942C0
  • 0

#13
Salagubang
Posted 14 December 2010 - 09:19 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Ok remove the USB, set the BIOS to boot from HDD and try if it can boot on its own.

Edited by Salagubang, 14 December 2010 - 09:20 PM.

  • 0

#14
Steve DeVore
Posted 14 December 2010 - 10:11 PM

Steve DeVore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
No luck still back at the black screen with the blinking cursor
  • 0

#15
Salagubang
Posted 14 December 2010 - 10:25 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Steve Devore,

How's the computer running regardless?

I am reviewing the logs and going to need permission before I could post the next instruction. Please bear with the slight delay. :D
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP