Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lenovo Ideapad S12 - Lost/broken os etc..

Started by j994 , Dec 27 2010 03:32 PM

  • This topic is locked This topic is locked

#31
j994
Posted 01 February 2011 - 06:38 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
And the log of the other one

Attached Files


  • 0

Advertisements

#32
Salagubang
Posted 01 February 2011 - 08:04 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Did AVP find any infections during the scan. Can you post that log as well.
  • 0

#33
j994
Posted 01 February 2011 - 08:16 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Looking for it now..
  • 0

#34
j994
Posted 01 February 2011 - 08:20 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Now it already uninstalled, is there a place to find the log or do I have to reinstall and rescan my system?
  • 0

#35
Salagubang
Posted 01 February 2011 - 08:22 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Its alright.

How is the machine running now? Is there other issues we can address?
  • 0

#36
j994
Posted 01 February 2011 - 08:26 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The netbook boots on its own, like usual. Yet i still have a problem with tasks like connecting to the internet... certain startup programs dont startup when the system boots.
  • 0

#37
Salagubang
Posted 01 February 2011 - 08:42 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Have a try unintalling/reinstalling application that dont work right.

Open OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    ipconfig /flushdns /c

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log in your next reply


Next

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#38
j994
Posted 01 February 2011 - 08:43 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Nevermind somewhere along the line my connections got deleted. Ill get it back up. I beileve it's fixed now. Thank you so much Salagubang, I appreciate your help and patience the past few weeks haha. I know where to go for help from now on. Once again thanks so much
  • 0

#39
j994
Posted 01 February 2011 - 08:44 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Okay Ill try that
  • 0

#40
Salagubang
Posted 01 February 2011 - 08:52 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Follow up instruction:

To repair internet connection:

Download Winsockfix.
Run the application and see if that fixes the issue with internet connection.
  • 0

Advertisements

#41
j994
Posted 01 February 2011 - 08:59 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL logfile created on: 2/1/2011 11:49:41 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 550.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 103.89 Gb Total Space | 5.69 Gb Free Space | 5.48% Space Free | Partition Type: FAT32
Drive D: | 18.61 Gb Total Space | 17.64 Gb Free Space | 94.82% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.67 Gb Free Space | 97.54% Space Free | Partition Type: FAT32

Computer Name: JONSLAPTOP | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/01 21:45:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe
PRC - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/07/07 12:27:24 | 000,323,584 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/01/17 14:59:02 | 000,234,160 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/01/04 12:57:28 | 004,462,464 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008/12/26 10:05:46 | 001,277,952 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


========== Modules (SafeList) ==========

MOD - [2011/02/01 21:45:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/12 09:49:28 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/09/10 07:01:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 08:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe -- (NAV)
SRV - [2009/03/26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/01/17 15:17:46 | 000,164,528 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/01/17 14:59:28 | 000,185,008 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2005/11/18 13:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)


========== Driver Services (SafeList) ==========

DRV - [2011/02/01 21:30:06 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqxmtmz.sys -- (utqxmtmz)
DRV - [2010/10/20 04:36:24 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101104.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/10/08 09:44:34 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/08 09:44:34 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101106.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/08 09:44:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/08 09:26:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 00:00:02 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/10/01 07:44:08 | 000,000,000 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2010/05/22 23:47:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/06 12:02:00 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 13:03:52 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 11:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 10:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 10:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 08:22:58 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2009/08/30 08:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/05/08 09:06:10 | 000,203,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/11 15:30:44 | 001,225,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/02/03 14:42:32 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/09/10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/02 14:00:02 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 14:00:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/02 14:00:02 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008/02/15 13:12:08 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/01/10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/09/17 13:00:12 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/05/23 16:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 13:54:34 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010/10/11 15:30:42 | 000,000,000 | ---D | M]

[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2010/03/15 08:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/01/13 12:07:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/28 10:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 19:19:20 | 000,000,000 | -HSD | C] -- C:\FOUND.048
[2011/01/14 00:28:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/14 00:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011/01/14 00:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Local Settings\Application Data\Apps
[2011/01/14 00:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\Windows 7 Ultimate (32 Bit)
[2011/01/13 23:05:36 | 000,000,000 | -HSD | C] -- C:\FOUND.047
[2011/01/13 18:39:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/13 18:39:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/13 18:39:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/13 18:39:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/13 18:38:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\tdsskiller
[2011/01/13 12:07:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/12 23:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Desktop\13oct2010
[2011/01/12 23:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\GetRightToGo
[2011/01/12 10:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/01/12 10:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

========== Files - Modified Within 30 Days ==========

[2011/02/01 23:46:30 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2011/02/01 23:36:24 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2011/02/01 23:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/01 21:30:06 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utqxmtmz.sys
[2011/02/01 21:08:22 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_01.02.2011_18-49drv.spi
[2011/01/31 19:13:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 00:17:56 | 000,002,411 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/01/13 20:20:44 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/13 16:37:46 | 004,154,145 | R--- | M] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2011/01/13 16:29:40 | 001,231,390 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\tdsskiller.zip
[2011/01/13 12:06:14 | 000,482,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/13 12:06:14 | 000,086,140 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/13 12:01:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/01/13 12:01:40 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/01/12 21:06:02 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1917736239-2159755504-3346137428-1008Core.job
[2011/01/12 12:28:56 | 003,594,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/12 10:38:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/01/12 10:33:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/12 10:32:32 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Jon\Desktop\Google Chrome.lnk
[2011/01/12 10:32:32 | 000,002,150 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/02/01 21:30:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqxmtmz.sys
[2011/02/01 21:04:02 | 000,000,326 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_01.02.2011_18-49drv.spi
[2011/01/14 00:17:54 | 000,002,411 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Windows 7 USB DVD Download Tool.lnk
[2011/01/13 20:20:43 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/13 18:39:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/13 18:39:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/13 18:39:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/13 18:39:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/13 18:39:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/13 18:30:03 | 001,231,390 | ---- | C] () -- C:\Documents and Settings\Jon\Desktop\tdsskiller.zip
[2011/01/13 16:37:46 | 004,154,145 | R--- | C] () -- C:\Documents and Settings\Jon\Desktop\ComboFix.exe
[2011/01/12 10:38:50 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2010/11/15 10:11:36 | 000,000,183 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/15 11:20:13 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/30 08:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\adfs.sys
[2010/09/19 11:27:53 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\.mpid
[2010/06/17 01:49:33 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/22 23:47:01 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/19 07:34:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\winscp.rnd
[2010/04/06 11:06:56 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 21:39:46 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ba479ac0.dat
[2010/01/11 15:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/07 14:09:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/07 12:27:25 | 009,338,880 | ---- | C] () -- C:\WINDOWS\System32\Facev.dll
[2009/07/07 12:27:25 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\picn.dll
[2009/07/07 12:27:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\image.dll
[2009/07/07 12:27:23 | 001,564,672 | ---- | C] () -- C:\WINDOWS\System32\MainOp.dll
[2009/07/07 12:27:23 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\EncIcons.dll
[2009/07/07 12:27:23 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\SimpleExt.dll
[2009/07/07 12:27:23 | 000,241,752 | ---- | C] () -- C:\WINDOWS\System32\IcnOvrly.dll
[2009/07/07 12:27:23 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SetDev.dll
[2009/07/07 12:27:23 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\VideoOp.dll
[2009/07/07 12:27:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\FunFrm.dll
[2009/07/07 12:27:22 | 009,502,720 | ---- | C] () -- C:\WINDOWS\System32\FaceVerify.dll
[2009/07/07 12:27:22 | 001,974,272 | ---- | C] () -- C:\WINDOWS\System32\Imagereog.dll
[2009/07/07 12:27:22 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\PicNotify.dll
[2009/07/07 12:27:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\Apblend.dll
[2009/07/07 12:27:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Momo.dll
[2009/07/07 12:27:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DevFilt.dll
[2009/07/07 12:27:19 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\3DImageRenderer.dll
[2009/07/07 11:54:44 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2009/07/07 11:43:35 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/11/07 18:08:20 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2006/07/28 09:57:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2009/07/07 12:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/07/07 12:15:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DDNI
[2009/07/07 12:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VeriFace
[2010/03/13 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GuardID Systems
[2010/03/13 10:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2010/03/13 23:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2010/03/15 07:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 09:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2010/05/02 08:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/05 03:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/05/05 03:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/05/05 03:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2010/05/07 03:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/22 02:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/05/22 23:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/22 11:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/09/10 06:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/09/10 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup
[2010/10/06 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/21 07:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/09 05:55:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/11/09 05:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/19 14:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/07/07 12:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ID Vault
[2010/03/14 09:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\uTorrent
[2010/04/22 07:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\WeatherBug
[2010/04/23 08:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Styler
[2010/04/26 06:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\SystemRequirementsLab
[2010/04/26 07:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\My Games
[2010/05/22 02:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ooVoo Details
[2010/05/22 23:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\DAEMON Tools Lite
[2010/06/07 10:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/16 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Raptr
[2010/06/16 11:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Azureus
[2010/08/19 09:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\ManyCam
[2010/08/19 09:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\OxelonMC
[2010/08/24 01:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\oovootb
[2010/09/29 07:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\.minecraft
[2010/10/13 04:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\Tific
[2010/10/29 09:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\FrostWire
[2010/11/09 05:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\TuneUp Software
[2010/12/08 22:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\943A16318CC132DA28B265B3236ED9A6
[2011/01/12 23:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jon\Application Data\GetRightToGo
[2011/01/13 12:01:40 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011/01/13 12:01:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) MD5=DEDB237CA07F66F40C9BA321EF10E4A9 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,540,608 | ---- | M] (Microsoft Corporation) MD5=DEDB237CA07F66F40C9BA321EF10E4A9 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=A55B8899D2EA2E800061BCFD456E34DC -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=A55B8899D2EA2E800061BCFD456E34DC -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2011/02/01 23:36:04 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/07/07 11:30:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/15 12:10:14 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2010/10/15 10:04:22 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2006/07/28 10:06:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/28 10:06:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/28 10:06:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/01 23:46:30 | 000,000,330 | -H-- | M] () -- C:\dvmexp.idx
[2011/02/01 23:53:52 | 000,196,388 | ---- | M] () -- C:\HeadNotify.log
[2011/02/01 23:36:24 | 000,105,411 | ---- | M] () -- C:\sysiclog.txt
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/13 18:32:24 | 000,062,436 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_13.01.2011_18.30.19_log.txt
[2010/10/15 10:55:44 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2010/12/08 22:31:14 | 000,001,202 | ---- | M] () -- C:\rkill.log
[2011/02/01 23:36:24 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

< %systemroot%\*. /mp /s >

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

< End of report >
  • 0

#42
j994
Posted 01 February 2011 - 09:13 PM

j994

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-02 00:11:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: gmer.exe; Driver: C:\DOCUME~1\Jon\LOCALS~1\Temp\pwdoikog.sys


---- System - GMER 1.0.15 ----

SSDT 83B98050 ZwAlertResumeThread
SSDT 856E6050 ZwAlertThread
SSDT 83B159B8 ZwAllocateVirtualMemory
SSDT 83B88050 ZwAssignProcessToJobObject
SSDT 86497A48 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA186210]
SSDT 83B12C58 ZwCreateMutant
SSDT 83B11C60 ZwCreateSymbolicLinkObject
SSDT 85D6A3E8 ZwCreateThread
SSDT 83B8B050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA186490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA1869F0]
SSDT 83B15B10 ZwDuplicateObject
SSDT spkh.sys ZwEnumerateKey [0xF7322DA4]
SSDT spkh.sys ZwEnumerateValueKey [0xF7323132]
SSDT 83B15818 ZwFreeVirtualMemory
SSDT 83B91050 ZwImpersonateAnonymousToken
SSDT 83B93050 ZwImpersonateThread
SSDT 85D99248 ZwLoadDriver
SSDT 83B15738 ZwMapViewOfSection
SSDT 83B90050 ZwOpenEvent
SSDT spkh.sys ZwOpenKey [0xF730A0C0]
SSDT 83B15CB0 ZwOpenProcess
SSDT 856EC050 ZwOpenProcessToken
SSDT 83B8D050 ZwOpenSection
SSDT 83B15BE0 ZwOpenThread
SSDT 83B12200 ZwProtectVirtualMemory
SSDT spkh.sys ZwQueryKey [0xF732320A]
SSDT spkh.sys ZwQueryValueKey [0xF732308A]
SSDT 856E7050 ZwResumeThread
SSDT 83B9D050 ZwSetContextThread
SSDT 83B155E0 ZwSetInformationProcess
SSDT 83B8C050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA186C40]
SSDT 83B8F050 ZwSuspendProcess
SSDT 856E9050 ZwSuspendThread
SSDT 83B9F050 ZwTerminateProcess
SSDT 83B9C050 ZwTerminateThread
SSDT 85D41050 ZwUnmapViewOfSection
SSDT 83B158E8 ZwWriteVirtualMemory

INT 0x62 ? 86FD6BF8
INT 0x63 ? 86F65BF8
INT 0x83 ? 8643EF00
INT 0xA4 ? 8643EF00
INT 0xB4 ? 8643EF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 4 Bytes CALL 88D3FA31
? spkh.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F44EB8AC 5 Bytes JMP 8643E4E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F730B042] spkh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F730B13E] spkh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F730B0C0] spkh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F730B800] spkh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F730B6D6] spkh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F731AB90] spkh.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\winlogon.exe[872] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!DialogBoxParamW] [1003695B] C:\WINDOWS\system32\PicNotify.dll

---- Devices - GMER 1.0.15 ----

Device 83A97500
Device Ntfs.SYS (NT File System Driver/Microsoft Corporation)
Device 86F641F8
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbehci \Device\USBPDO-0 8640E1F8
Device \Driver\usbuhci \Device\USBPDO-1 8643C1F8
Device \Driver\usbuhci \Device\USBPDO-2 8643C1F8
Device \Driver\usbuhci \Device\USBPDO-3 8643C1F8
Device \Driver\usbuhci \Device\USBPDO-4 8643C1F8

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86F661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F661F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F661F8
Device \Driver\iaStor \Device\Ide\iaStor0 [F71CCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7266B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F71CCA60] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F661F8
Device \Driver\USBSTOR \Device\000000a7 85D64500
Device \Driver\Ftdisk \Device\HarddiskVolume5 86F661F8
Device \Driver\USBSTOR \Device\000000a8 85D64500
Device \Driver\NetBT \Device\NetBt_Wins_Export 85D821F8
Device \Driver\NetBT \Device\NetbiosSmb 85D821F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{EDD0F5CB-5992-4CE6-A10E-481D95720878} 85D821F8

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8643C1F8
Device \Driver\usbuhci \Device\USBFDO-1 8643C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{07F15199-2FDD-4EEC-B6F7-9B61A7270A95} 85D821F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85D151F8
Device \Driver\usbuhci \Device\USBFDO-2 8643C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85D151F8
Device \Driver\usbuhci \Device\USBFDO-3 8643C1F8
Device \Driver\usbehci \Device\USBFDO-4 8640E1F8
Device \Driver\Ftdisk \Device\FtControl 86F661F8
Device \FileSystem\Fastfat \Fat 86F641F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x52 0xFE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0x23 0x2B 0xE4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8E 0x6B 0x1E 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x52 0xFE 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x52 0xFE 0xB3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
  • 0

#43
Salagubang
Posted 01 February 2011 - 10:54 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi j994,

=====================================

Some reminders:

µTorrent, Frostwire are Peer-to-peer (P2P) programs. These applications can provide medium for entry of unverified data which tend to corrupt your system - a great way to infect your computer. Those who participate in P2P file sharing both provide files for others to download by uploading them onto their computers. They also download the files of others who have uploaded music and videos onto their own computers. Many times, however, networks will make it so your own files can be uploaded by others.

You may consider that P2P downloads are one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

======================================


Step One

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
Click Submit/Send File
Please post back, to let me know the results.


Step Two

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - [2011/02/01 21:30:06 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqxmtmz.sys -- (utqxmtmz)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PicNotify: DllName - PicNotify.dll - C:\WINDOWS\System32\PicNotify.dll ()

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = DWORD:2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = DWORD:1 


:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#44
Salagubang
Posted 08 February 2011 - 08:33 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP