Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Redirects and Script Errors

Started by ElliotFriend , May 05 2011 11:01 AM

  • This topic is locked This topic is locked

#1
ElliotFriend
Posted 05 May 2011 - 11:01 AM

ElliotFriend

    Member

  • Member
  • PipPip
  • 28 posts
I've got an IBM ThinkPad, running Windows 7 Pro. It's been having Search engine redirects, both in Firefox and Internet Explorer. Also, randomly a script error from http://some.random.site/blahblahblah pops up on the desktop, even when no browser is open. Whether I click yes or no doesn't really seem to make a difference. I tried following the instructions in this post, but I am unable to run TDSSKiller. Looking in the task manager, I see the process begin, but it ends shortly with nothing being accomplished. Changing the name of it doesn't help, running as administrator doesn't help, rkill doesn't help, I'm really at a loss here.

Another weird issue, is that there randomly appears to be some kind of internet radio station that begins playing (no pop-up or anything, just audio).

While I was away on a trip, I had an automatic response e-mail being sent out. Is it possible that responding to some spam and junkmail has brought this on?

Here is my OTL log, thanks to anyone/everyone who is able to help!

OTL logfile created on: 5/5/2011 11:53:52 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.84 Gb Total Space | 9.29 Gb Free Space | 33.37% Space Free | Partition Type: NTFS

Computer Name: MCHAMBERSLAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 12:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2009/03/27 15:45:32 | 000,030,992 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/05 08:27:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/03/27 15:44:56 | 000,027,160 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2009/03/27 15:44:30 | 000,022,552 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009/03/27 15:44:22 | 000,110,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009/03/27 15:43:44 | 000,054,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2009/03/27 15:43:38 | 000,082,456 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2009/03/27 15:43:34 | 000,091,160 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2007/03/07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 22 97 39 26 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 07:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 11:47:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/05 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 09:37:58 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:34:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/05/05 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/05/05 08:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 08:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/05 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/05 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lspfix
[2011/05/05 07:55:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2011/05/05 07:53:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/05/05 07:42:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/05/05 07:42:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/05/05 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-5-2011
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/05/04 16:46:47 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2011/05/04 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2011/05/04 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-4-2011
[2011/05/04 16:46:26 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/04 16:45:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/05/04 16:45:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/05/04 16:44:31 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/05/04 16:23:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 07:59:44 | 000,000,000 | -H-D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2011/05/05 11:47:47 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 11:47:47 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 11:40:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 11:39:50 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 09:45:55 | 000,001,957 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:39:41 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:27:09 | 001,280,815 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:07 | 001,006,778 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:20 | 000,201,030 | ---- | M] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:57:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.new
[2011/05/05 07:54:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:50:19 | 000,709,456 | ---- | M] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | M] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | M] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:34:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 16:19:53 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/03 07:48:01 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/04/19 08:33:31 | 000,000,392 | -H-- | M] () -- C:\ProgramData\31973128
[2011/04/19 08:31:23 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~31973128
[2011/04/19 08:31:23 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~31973128r
[2011/04/18 07:39:19 | 000,451,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 16:41:28 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/15 16:41:28 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/05 09:45:55 | 000,001,957 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:26:50 | 001,280,815 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:02 | 001,006,778 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:18 | 000,201,030 | ---- | C] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:50:19 | 000,709,456 | ---- | C] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | C] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | C] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:45:42 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/04 16:44:31 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/04 16:44:31 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/04 16:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 16:20:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 08:31:22 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~31973128
[2011/04/19 08:31:22 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~31973128r
[2011/04/19 08:31:13 | 000,000,392 | -H-- | C] () -- C:\ProgramData\31973128
[2011/01/14 18:19:18 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~pdLczHx11FzuCaYr
[2011/01/14 18:19:17 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~pdLczHx11FzuCaY
[2011/01/14 18:19:14 | 000,000,536 | -H-- | C] () -- C:\ProgramData\pdLczHx11FzuCaY
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,451,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/27 15:45:32 | 000,030,992 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2009/03/27 15:45:28 | 000,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2009/03/27 15:45:12 | 000,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/03/27 15:44:32 | 000,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2009/03/27 15:44:30 | 000,022,552 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2009/03/27 15:44:22 | 000,110,616 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2009/03/27 15:44:00 | 000,910,608 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2009/03/27 15:43:56 | 000,517,392 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/03/27 15:43:52 | 000,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2009/03/27 15:43:34 | 000,091,160 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2009/03/27 15:43:32 | 000,210,192 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/03/27 15:43:28 | 000,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/03/27 15:43:22 | 000,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2009/03/27 15:43:16 | 000,024,848 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2009/03/27 15:43:04 | 000,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

========== LOP Check ==========

[2009/07/13 23:53:46 | 000,028,112 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by ElliotFriend, 05 May 2011 - 11:10 AM.

  • 0

Advertisements

#2
Essexboy
Posted 05 May 2011 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets see if we can resolve this for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/04/19 08:33:31 | 000,000,392 | -H-- | M] () -- C:\ProgramData\31973128
    [2011/04/19 08:31:23 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~31973128
    [2011/04/19 08:31:23 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~31973128r
    [2011/04/19 08:31:22 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~31973128
    [2011/04/19 08:31:22 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~31973128r
    [2011/04/19 08:31:13 | 000,000,392 | -H-- | C] () -- C:\ProgramData\31973128
    [2011/01/14 18:19:18 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~pdLczHx11FzuCaYr
    [2011/01/14 18:19:17 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~pdLczHx11FzuCaY
    [2011/01/14 18:19:14 | 000,000,536 | -H-- | C] () -- C:\ProgramData\pdLczHx11FzuCaY

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
ElliotFriend
Posted 06 May 2011 - 07:28 AM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you, thank you, Essexboy!!

Here is the log from the OTL scan, after the fix. Following that is the log from aswMBR. I saved the log, but it also created a file "MBR.dat," what is that?

Thanks again!

OTL logfile created on: 5/6/2011 8:18:39 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.84 Gb Total Space | 9.62 Gb Free Space | 34.55% Space Free | Partition Type: NTFS

Computer Name: MCHAMBERSLAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 12:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2009/03/27 15:45:32 | 000,030,992 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/05 08:27:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/03/27 15:44:56 | 000,027,160 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2009/03/27 15:44:30 | 000,022,552 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009/03/27 15:44:22 | 000,110,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009/03/27 15:43:44 | 000,054,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2009/03/27 15:43:38 | 000,082,456 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2009/03/27 15:43:34 | 000,091,160 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2007/03/07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 22 97 39 26 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 07:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/06 08:11:37 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 08:11:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 08:09:20 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 11:47:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/05 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 09:37:58 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:34:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/05/05 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/05/05 08:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 08:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/05 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/05 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lspfix
[2011/05/05 07:55:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2011/05/05 07:53:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/05/05 07:42:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/05/05 07:42:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/05/05 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-5-2011
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/05/04 16:46:47 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2011/05/04 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2011/05/04 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-4-2011
[2011/05/04 16:46:26 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/04 16:45:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/05/04 16:45:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/05/04 16:44:31 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/05/04 16:41:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/05/04 16:41:39 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/05/04 16:41:38 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/05/04 16:41:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/05/04 16:41:29 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/04 16:41:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/04 16:23:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 07:59:44 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2011/04/15 12:15:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 12:15:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 12:15:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 12:15:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 12:15:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 12:15:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 12:15:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 12:15:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 12:15:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 12:15:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 12:15:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 12:15:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 12:15:29 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:15:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 12:15:00 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 12:15:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 12:14:26 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 12:14:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/15 12:14:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/15 12:14:01 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 12:14:00 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

========== Files - Modified Within 30 Days ==========

[2011/05/06 08:21:45 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 08:21:45 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 08:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 08:13:27 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 08:11:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/06 08:09:35 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 12:48:28 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2011/05/05 12:19:58 | 000,302,080 | ---- | M] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:39:41 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:27:09 | 001,280,815 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:07 | 001,006,778 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:20 | 000,201,030 | ---- | M] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:54:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:50:19 | 000,709,456 | ---- | M] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | M] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | M] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:34:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 16:19:53 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/03 07:48:01 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/04/18 07:39:19 | 000,451,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 16:41:28 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/15 16:41:28 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/05 12:19:42 | 000,302,080 | ---- | C] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:26:50 | 001,280,815 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:02 | 001,006,778 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:18 | 000,201,030 | ---- | C] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:50:19 | 000,709,456 | ---- | C] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | C] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | C] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:45:42 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/04 16:44:31 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/04 16:44:31 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/04 16:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 16:20:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,451,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/27 15:45:32 | 000,030,992 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2009/03/27 15:45:28 | 000,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2009/03/27 15:45:12 | 000,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/03/27 15:44:32 | 000,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2009/03/27 15:44:30 | 000,022,552 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2009/03/27 15:44:22 | 000,110,616 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2009/03/27 15:44:00 | 000,910,608 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2009/03/27 15:43:56 | 000,517,392 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/03/27 15:43:52 | 000,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2009/03/27 15:43:34 | 000,091,160 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2009/03/27 15:43:32 | 000,210,192 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/03/27 15:43:28 | 000,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/03/27 15:43:22 | 000,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2009/03/27 15:43:16 | 000,024,848 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2009/03/27 15:43:04 | 000,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

< End of report >


aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-06 08:24:41
-----------------------------
08:24:41.349 OS Version: Windows 6.1.7600
08:24:41.349 Number of processors: 1 586 0xD06
08:24:41.349 ComputerName: MCHAMBERSLAP UserName:
08:24:43.352 Initialize success
08:24:50.752 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:24:50.762 Disk 0 Vendor: HTS424030M9AT00 MAAIA75A Size: 28615MB BusType: 3
08:24:52.785 Disk 0 MBR read successfully
08:24:52.795 Disk 0 MBR scan
08:24:52.805 Disk 0 Windows 7 default MBR code
08:24:54.818 Disk 0 scanning sectors +58601472
08:24:54.848 Disk 0 scanning C:\Windows\system32\drivers
08:25:02.159 Service scanning
08:25:03.781 Disk 0 trace - called modules:
08:25:03.821 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halacpi.dll >>UNKNOWN [0x8564b1ed]<<
08:25:03.841 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855907a0]
08:25:03.851 3 CLASSPNP.SYS[882b459e] -> nt!IofCallDriver -> [0x850f6940]
08:25:03.871 5 ACPI.sys[87a1c3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8481f610]
08:25:03.881 \Driver\atapi[0x850ee940] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8564b1ed
08:25:03.911 Scan finished successfully
08:25:16.960 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
08:25:17.090 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 06 May 2011 - 10:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The dat file is a backup copy for your MBR I will remove later if we do not need it... WHat are your current problems ?

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts
.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
ElliotFriend
Posted 06 May 2011 - 10:56 AM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
My current symptoms are still search engine redirects (it doesn't seem to matter which browser or which search engine). TDSSKiller wouldn't run, either.

Periodic audio begins playing in the background. There's no player, and it comes and goes randomly.

Alos, Script errors appear from random pages, like this one "http://www.hitfix.co...=1003&ch=4&f1=" (probably don't click on that), saying object expeced, syntax error, or something else. The particular page changes with each error.

I've downloaded ComboFix and will post the log next.

Thanks you!!
  • 0

#6
Essexboy
Posted 06 May 2011 - 11:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you zip the MBR dat file on your desktop please and attach it to your next post
  • 0

#7
ElliotFriend
Posted 06 May 2011 - 11:36 AM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks again for your help. Here's my ComboFix log. All symptoms currently remain.

Here are the things you asked for. Thanks again!!!

ComboFix 11-05-04.04 - Administrator 05/06/2011 12:03:51.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1270.839 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Optimizer
c:\users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Optimizer\Disk Optimizer.lnk
c:\users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Optimizer\Uninstall Disk Optimizer.lnk
c:\windows\system32\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 17:15 . 2011-05-06 17:15 -------- d-----w- c:\users\mchambers\AppData\Local\temp
2011-05-06 17:15 . 2011-05-06 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 13:11 . 2011-05-06 13:11 -------- d-----w- C:\_OTL
2011-05-06 12:49 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{3C8D7CAA-E8A0-41EF-9F1C-7FCABDEBCC55}\mpengine.dll
2011-05-05 14:45 . 2011-05-05 14:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-05 14:45 . 2011-05-05 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-05 14:34 . 2011-05-05 14:34 -------- d--h--w- c:\windows\PIF
2011-05-05 13:29 . 2011-05-05 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 13:17 . 2011-05-05 13:17 -------- d-----w- c:\program files\CCleaner
2011-05-05 12:50 . 2011-05-05 12:50 709456 ----a-w- c:\windows\is-D5AKC.exe
2011-05-04 21:44 . 2011-05-04 21:45 -------- d-----w- c:\users\Administrator
2011-05-04 21:23 . 2011-05-04 21:23 -------- d-----w- C:\_OTM
2011-05-04 21:20 . 2011-05-04 21:20 -------- d-----w- c:\users\mchambers\AppData\Local\Mozilla
2011-04-18 12:59 . 2011-04-18 12:59 -------- d--h--w- c:\windows\Sun
2011-04-15 17:14 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 17:14 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 17:14 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 17:14 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 17:14 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 17:14 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 17:13 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 17:13 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 17:13 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 17:13 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2009-11-03 15:41 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-23 14:44 . 2011-03-23 14:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 05:33 . 2011-03-09 04:15 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 04:15 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:15 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-14 16:26 . 2011-05-04 21:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2009-03-27 30992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-04 45424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1343400]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2009-03-27 91160]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2009-03-27 110616]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2009-03-27 22552]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2011-01-08 16896]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-03-27 82456]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-03-27 54296]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-03-27 16656]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-03-07 2595840]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se5hzqex.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,23,46,f0,89,8c,46,4a,b9,77,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,23,46,f0,89,8c,46,4a,b9,77,59,\
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\nwtray.exe
c:\windows\System32\TpShocks.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2011-05-06 12:28:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-06 17:28
.
Pre-Run: 10,175,954,944 bytes free
Post-Run: 9,879,527,424 bytes free
.
- - End Of File - - 5061EC181F82F59BA62CF757361E0A5C

Attached Files

  • Attached File  MBR.zip   560bytes   97 downloads

  • 0

#8
Essexboy
Posted 06 May 2011 - 11:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I would like to check out one file as I believe I may know the culprit

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
ElliotFriend
Posted 09 May 2011 - 09:11 AM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks for your instructions! Sorry it's been a bit, I had some other things to attend to this weekend.

The scan only produced OTL.txt. There was no Extras log to post along with it. That being said, here is OTL.txt. Thanks again!

OTL logfile created on: 5/9/2011 9:55:08 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.84 Gb Total Space | 9.46 Gb Free Space | 33.96% Space Free | Partition Type: NTFS

Computer Name: MCHAMBERSLAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 12:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2009/03/27 15:45:32 | 000,030,992 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/05 08:27:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/03/27 15:44:56 | 000,027,160 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2009/03/27 15:44:30 | 000,022,552 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009/03/27 15:44:22 | 000,110,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009/03/27 15:43:44 | 000,054,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2009/03/27 15:43:38 | 000,082,456 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2009/03/27 15:43:34 | 000,091,160 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2007/03/07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-180086783-2785503739-614038441-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-180086783-2785503739-614038441-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-180086783-2785503739-614038441-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 22 97 39 26 0B CC 01 [binary data]
IE - HKU\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 07:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/06 12:18:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-180086783-2785503739-614038441-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-180086783-2785503739-614038441-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-180086783-2785503739-614038441-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-180086783-2785503739-614038441-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 12:28:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/06 12:19:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/06 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2011/05/06 12:01:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/06 12:01:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/06 12:01:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/06 12:01:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 11:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/06 11:58:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/06 08:11:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 08:09:20 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 11:47:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/05 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 09:37:58 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:34:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/05/05 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/05/05 08:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 08:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/05 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/05 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lspfix
[2011/05/05 07:55:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2011/05/05 07:53:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/05/05 07:42:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/05/05 07:42:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/05/05 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-5-2011
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/05/04 16:46:47 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2011/05/04 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2011/05/04 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-4-2011
[2011/05/04 16:46:26 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/04 16:45:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/05/04 16:45:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/05/04 16:44:31 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/05/04 16:23:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 07:59:44 | 000,000,000 | -H-D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2011/05/09 09:57:49 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 09:57:49 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 09:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 09:48:20 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 12:35:43 | 000,000,560 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 12:18:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/06 11:53:28 | 004,342,022 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/06 08:25:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/06 08:09:35 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 12:48:28 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2011/05/05 12:19:58 | 000,302,080 | ---- | M] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:39:41 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:27:09 | 001,280,815 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:07 | 001,006,778 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:20 | 000,201,030 | ---- | M] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:54:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:50:19 | 000,709,456 | ---- | M] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | M] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | M] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:34:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 16:19:53 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/03 07:48:01 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/04/18 07:39:19 | 000,451,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 16:41:28 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/15 16:41:28 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/06 12:35:43 | 000,000,560 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 12:01:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 12:01:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 12:01:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 12:01:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 12:01:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/06 11:51:19 | 004,342,022 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/06 08:25:16 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/05 12:19:42 | 000,302,080 | ---- | C] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:26:50 | 001,280,815 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:02 | 001,006,778 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:18 | 000,201,030 | ---- | C] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:50:19 | 000,709,456 | ---- | C] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | C] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | C] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:45:42 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/04 16:44:31 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/04 16:44:31 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/04 16:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 16:20:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,451,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/27 15:45:32 | 000,030,992 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2009/03/27 15:45:28 | 000,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2009/03/27 15:45:12 | 000,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/03/27 15:44:32 | 000,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2009/03/27 15:44:30 | 000,022,552 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2009/03/27 15:44:22 | 000,110,616 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2009/03/27 15:44:00 | 000,910,608 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2009/03/27 15:43:56 | 000,517,392 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/03/27 15:43:52 | 000,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2009/03/27 15:43:34 | 000,091,160 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2009/03/27 15:43:32 | 000,210,192 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/03/27 15:43:28 | 000,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/03/27 15:43:22 | 000,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2009/03/27 15:43:16 | 000,024,848 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2009/03/27 15:43:04 | 000,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

========== LOP Check ==========

[2011/05/07 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\mchambers\AppData\Roaming\Dropbox
[2011/04/19 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\mchambers\AppData\Roaming\W Photo Studio Viewer
[2009/07/13 23:53:46 | 000,030,348 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: VOLSNAP.INF >
[2009/07/13 23:51:31 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\inf\volsnap.inf
[2009/07/13 15:21:39 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.inf
[2009/07/13 15:21:39 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\winsxs\x86_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_6d76054c9136060d\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2009/07/13 21:04:26 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2009/07/13 21:04:26 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_13398118e291963b\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2009/11/03 01:55:51 | 000,005,096 | ---- | M] () MD5=DF2A743FD96AE6B44FDB877FD7CCF5A8 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.PNF
[2009/11/03 01:55:52 | 000,005,096 | ---- | M] () MD5=EE7FB84D064F2EA30F260BD3F25A39DF -- C:\Windows\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2009/07/13 20:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 20:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2009/07/13 20:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2009/07/13 21:03:18 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747EC73A2F1046431763323C1E26F017 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2009/07/13 21:03:18 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747EC73A2F1046431763323C1E26F017 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7afca05c2148f2a6\volsnap.sys.mui

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#10
Essexboy
Posted 09 May 2011 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep it looks like that file - I see you have combofix on your system - could you delete the current copy and download a fresh one
Link 1
Link 2

THEN

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

TDL::
C:\Windows\System32\drivers\volsnap.sys


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

Advertisements

#11
ElliotFriend
Posted 09 May 2011 - 02:13 PM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks, Essexboy!

Symptoms still seem to persist. Here is my ComboFix log (it didn't ask for a reboot), followed by my most recent OTL log. Thanks again!


ComboFix 11-05-04.04 - Administrator 05/09/2011 14:07:40.2.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1270.735 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Forefront Client Security *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Client Security *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 19:19 . 2011-05-09 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 14:58 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{52341339-B798-427F-A372-EE4491206611}\mpengine.dll
2011-05-06 13:11 . 2011-05-06 13:11 -------- d-----w- C:\_OTL
2011-05-05 14:45 . 2011-05-05 14:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-05 14:45 . 2011-05-05 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-05 14:34 . 2011-05-05 14:34 -------- d--h--w- c:\windows\PIF
2011-05-05 13:29 . 2011-05-05 13:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 13:17 . 2011-05-05 13:17 -------- d-----w- c:\program files\CCleaner
2011-05-05 12:50 . 2011-05-05 12:50 709456 ----a-w- c:\windows\is-D5AKC.exe
2011-05-04 21:44 . 2011-05-04 21:45 -------- d-----w- c:\users\Administrator
2011-05-04 21:23 . 2011-05-04 21:23 -------- d-----w- C:\_OTM
2011-05-04 21:20 . 2011-05-04 21:20 -------- d-----w- c:\users\mchambers\AppData\Local\Mozilla
2011-04-18 12:59 . 2011-04-18 12:59 -------- d--h--w- c:\windows\Sun
2011-04-15 17:14 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 17:14 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 17:14 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 17:14 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-15 17:14 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 17:14 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 17:13 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 17:13 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 17:13 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 17:13 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2009-11-03 15:41 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-23 14:44 . 2011-03-23 14:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 05:33 . 2011-03-09 04:15 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 04:15 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:15 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-14 16:26 . 2011-05-04 21:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2009-03-27 30992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2011-02-02 1033600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\mchambers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [2011-01-08 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 73120]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-04 45424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-05 1343400]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2009-03-27 91160]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2009-03-27 110616]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2009-03-27 22552]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-03-27 82456]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-03-27 54296]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-03-27 16656]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-03-07 2595840]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\DRIVERS\VSTICH3.SYS [2009-07-13 242176]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\se5hzqex.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,23,46,f0,89,8c,46,4a,b9,77,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,23,46,f0,89,8c,46,4a,b9,77,59,\
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-180086783-2785503739-614038441-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-09 14:24:22
ComboFix-quarantined-files.txt 2011-05-09 19:24
.
Pre-Run: 9,808,695,296 bytes free
Post-Run: 9,818,759,168 bytes free
.
- - End Of File - - 114D052315330A98C06D1A9652156F53


OTL logfile created on: 5/9/2011 2:51:59 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.84 Gb Total Space | 9.19 Gb Free Space | 33.02% Space Free | Partition Type: NTFS

Computer Name: MCHAMBERSLAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2009/03/27 15:45:32 | 000,030,992 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/05 08:27:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/03/27 15:44:56 | 000,027,160 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2009/03/27 15:44:30 | 000,022,552 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009/03/27 15:44:22 | 000,110,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009/03/27 15:43:44 | 000,054,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2009/03/27 15:43:38 | 000,082,456 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2009/03/27 15:43:34 | 000,091,160 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2007/03/07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 22 97 39 26 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 07:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/06 12:18:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 14:24:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/09 14:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 14:03:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/06 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2011/05/06 12:01:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/06 12:01:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/06 12:01:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/06 12:01:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 11:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/06 08:11:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 08:09:20 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 11:47:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/05 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 09:37:58 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:34:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/05/05 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/05/05 08:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 08:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/05 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/05 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lspfix
[2011/05/05 07:55:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2011/05/05 07:53:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/05/05 07:42:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/05/05 07:42:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/05/05 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-5-2011
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/05/04 16:46:47 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2011/05/04 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2011/05/04 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-4-2011
[2011/05/04 16:46:26 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/04 16:45:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/05/04 16:45:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/05/04 16:44:31 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/05/04 16:41:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/05/04 16:41:39 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/05/04 16:41:38 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/05/04 16:41:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/05/04 16:41:29 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/04 16:41:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/04 16:23:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 07:59:44 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2011/04/15 12:15:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 12:15:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 12:15:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 12:15:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 12:15:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 12:15:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 12:15:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 12:15:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 12:15:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 12:15:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 12:15:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 12:15:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 12:15:29 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/15 12:15:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 12:15:00 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 12:15:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 12:14:26 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 12:14:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/04/15 12:14:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/04/15 12:14:01 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 12:14:00 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

========== Files - Modified Within 30 Days ==========

[2011/05/09 13:59:42 | 004,342,022 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/09 13:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/09 09:57:49 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 09:57:49 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/09 09:48:20 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 12:35:43 | 000,000,560 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 12:18:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/06 08:25:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/06 08:09:35 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 12:48:28 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2011/05/05 12:19:58 | 000,302,080 | ---- | M] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:39:41 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:27:09 | 001,280,815 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:07 | 001,006,778 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:20 | 000,201,030 | ---- | M] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:54:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:50:19 | 000,709,456 | ---- | M] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | M] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | M] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:34:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 16:19:53 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/03 07:48:01 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/04/18 07:39:19 | 000,451,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 16:41:28 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/15 16:41:28 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/09 13:57:34 | 004,342,022 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/06 12:35:43 | 000,000,560 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 12:01:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 12:01:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 12:01:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 12:01:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 12:01:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/06 08:25:16 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/05 12:19:42 | 000,302,080 | ---- | C] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:26:50 | 001,280,815 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:02 | 001,006,778 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:18 | 000,201,030 | ---- | C] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:50:19 | 000,709,456 | ---- | C] () -- C:\Windows\is-D5AKC.exe
[2011/05/05 07:50:19 | 000,010,562 | ---- | C] () -- C:\Windows\is-D5AKC.msg
[2011/05/05 07:50:19 | 000,000,351 | ---- | C] () -- C:\Windows\is-D5AKC.lst
[2011/05/04 16:45:42 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/04 16:44:31 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/04 16:44:31 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/04 16:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 16:20:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,451,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/27 15:45:32 | 000,030,992 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2009/03/27 15:45:28 | 000,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2009/03/27 15:45:12 | 000,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/03/27 15:44:32 | 000,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2009/03/27 15:44:30 | 000,022,552 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2009/03/27 15:44:22 | 000,110,616 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2009/03/27 15:44:00 | 000,910,608 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2009/03/27 15:43:56 | 000,517,392 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/03/27 15:43:52 | 000,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2009/03/27 15:43:34 | 000,091,160 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2009/03/27 15:43:32 | 000,210,192 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/03/27 15:43:28 | 000,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/03/27 15:43:22 | 000,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2009/03/27 15:43:16 | 000,024,848 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2009/03/27 15:43:04 | 000,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

< End of report >
  • 0

#12
Essexboy
Posted 09 May 2011 - 03:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are a series of files that I am suspicious about and can find no reference for - do you recognise this one ?


File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\is-D5AKC.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#13
ElliotFriend
Posted 13 May 2011 - 11:46 AM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks, Essexboy! I do apologize again for the late reply. I haven't had much free time this week to work on this. Thanks again!

This file doesn't look familiar to me. I don't have it there for any particular reason. Here are the results from VirSCAN.org. Thanks!



VirSCAN.org Scanned Report :
Scanned time : 2011/05/13 12:41:54 (CDT)
Scanner results: Scanners did not find malware!
File Name : is-D5AKC.exe
File Size : 709456 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c88c64609de58fa3d8637c4866c7c6bb
SHA1 : b1484070813fe2910385ab92167199d5784ea3ef
Online report : http://file.virscan....d372458fce.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110514011930 2011-05-14 5.20 -
AhnLab V3 2011.05.10.00 2011.05.10 2011-05-10 2.08 -
AntiVir 8.2.4.228 7.11.8.21 2011-05-13 0.33 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201105080215 2011-05-08 0.10 -
Authentium 5.1.1 201105130950 2011-05-13 5.87 -
AVAST! 4.7.4 110513-0 2011-05-13 0.07 -
AVG 8.5.850 271.1.1/3635 2011-05-13 0.28 -
BitDefender 7.90123.7306149 7.37455 2011-05-13 5.82 -
ClamAV 0.96.5 13076 2011-05-13 0.01 -
Comodo 4.0 8688 2011-05-13 1.10 -
CP Secure 1.3.0.5 2011.05.13 2011-05-13 0.12 -
Dr.Web 5.0.2.3300 2011.05.13 2011-05-13 12.35 -
F-Prot 4.4.4.56 20110513 2011-05-13 5.48 -
F-Secure 7.02.73807 2011.05.13.04 2011-05-13 0.29 -
Fortinet 4.2.257 13.215 2011-05-12 0.17 -
GData 22.307/22.90 20110511 2011-05-11 8.81 -
ViRobot 20110513 2011.05.13 2011-05-13 0.35 -
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.01 -
JiangMin 13.0.900 2011.05.11 2011-05-11 1.49 -
Kaspersky 5.5.10 2011.05.13 2011-05-13 0.11 -
KingSoft 2009.2.5.15 2011.5.13.18 2011-05-13 0.96 -
McAfee 5400.1158 6340 2011-05-08 9.22 -
Microsoft 1.6802 2011.05.12 2011-05-12 10.56 -
NOD32 3.0.21 6108 2011-05-09 0.09 -
Norman 6.07.08 6.07.00 2011-05-13 16.02 -
Panda 9.05.01 2011.05.13 2011-05-13 2.03 -
Trend Micro 9.200-1012 8.154.12 2011-05-13 0.05 -
Quick Heal 11.00 2011.05.13 2011-05-13 1.11 -
Rising 20.0 23.57.03.05 2011-05-12 2.58 -
Sophos 3.19.1 4.65 2011-05-13 3.77 -
Sunbelt 3.9.2492.2 9238 2011-05-09 0.68 -
Symantec 1.3.0.24 20110512.002 2011-05-12 0.11 -
nProtect 20110513.01 3449737 2011-05-13 6.75 -
The Hacker 6.7.0.1 v00176 2011-04-18 0.50 -
VBA32 3.12.16.0 20110511.2137 2011-05-11 4.76 -
VirusBuster 5.2.0.28 13.6.353.0/51691622011-05-13 0.00 -
  • 0

#14
Essexboy
Posted 13 May 2011 - 12:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What I will do is move them to a quarantine folder so that they can be replaced if necessary.

On completion could you let me know what the current state of play is

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/05/05 07:50:19 | 000,709,456 | ---- | M] () -- C:\Windows\is-D5AKC.exe
    [2011/05/05 07:50:19 | 000,010,562 | ---- | M] () -- C:\Windows\is-D5AKC.msg
    [2011/05/05 07:50:19 | 000,000,351 | ---- | M] () -- C:\Windows\is-D5AKC.lst

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
ElliotFriend
Posted 13 May 2011 - 12:38 PM

ElliotFriend

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks for the quick reply, Essexboy!!

Currently, all symptoms seem to persist. Search results are still redirected. Random Script Errors continue to pop-up. I don't know whether or not the "online radio" is still going, because I haven't heard it (yet).

When the computer rebooted, the volume icon had a red circle with a white x icon on it. The Windows Audio Service needed to be restarted. This is the first time that's happened. Now that it's restarted, audio seems to work fine, though.

I've not tried to re-run TDSSKiller since we've begun. Is now a good time to try that? Thanks again for all your help!

Following are the OTL Quick Scan Results


OTL logfile created on: 5/13/2011 1:23:10 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.84 Gb Total Space | 9.31 Gb Free Space | 33.44% Space Free | Partition Type: NTFS

Computer Name: MCHAMBERSLAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 12:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/08/20 10:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
PRC - [2009/03/27 15:45:32 | 000,030,992 | ---- | M] () -- C:\Windows\System32\nwtray.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/08 18:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/03/05 08:27:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/03 19:47:08 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/03/27 15:46:28 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe -- (XTSvcMgr)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/04/06 05:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/06/29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/06/29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/03/27 15:44:56 | 000,027,160 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM)
DRV - [2009/03/27 15:44:30 | 000,022,552 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCUncFilter.sys -- (NCUncFilter)
DRV - [2009/03/27 15:44:22 | 000,110,616 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCRecognizer.sys -- (NCRecognizer)
DRV - [2009/03/27 15:43:44 | 000,054,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL)
DRV - [2009/03/27 15:43:38 | 000,082,456 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD)
DRV - [2009/03/27 15:43:34 | 000,091,160 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\NCFilter.sys -- (NCFilter)
DRV - [2007/03/07 03:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 22 97 39 26 0B CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 16:20:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/05 07:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/04 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/13 13:16:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.0.9 172.31.0.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 07:08:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2011/05/09 14:24:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/09 14:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/09 14:03:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/06 12:15:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2011/05/06 12:01:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/06 12:01:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/06 12:01:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/06 12:01:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/06 11:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/06 08:11:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 08:09:20 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 11:47:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/05 09:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/05 09:45:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/05 09:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/05 09:37:58 | 011,008,200 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:34:56 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/05/05 09:27:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\tdsskiller
[2011/05/05 08:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 08:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 08:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/05/05 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/05 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lspfix
[2011/05/05 07:55:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2011/05/05 07:53:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/05 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2011/05/05 07:42:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011/05/05 07:42:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/05/05 07:29:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-5-2011
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2011/05/04 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2011/05/04 16:46:47 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2011/05/04 16:46:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\erunt
[2011/05/04 16:46:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\5-4-2011
[2011/05/04 16:46:26 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2011/05/04 16:45:39 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/04 16:45:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/04 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2011/05/04 16:45:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2011/05/04 16:44:32 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2011/05/04 16:44:31 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\My Documents
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2011/05/04 16:44:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2011/05/04 16:44:31 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Roaming
[2011/05/04 16:44:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2011/05/04 16:23:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/04 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 07:59:44 | 000,000,000 | -H-D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2011/05/13 13:26:59 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 13:26:59 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 13:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/13 13:18:32 | 999,153,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 13:16:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/09 13:59:42 | 004,342,022 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/06 12:35:43 | 000,000,560 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 08:25:17 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/06 08:09:35 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/05 12:48:28 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2011/05/05 12:19:58 | 000,302,080 | ---- | M] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 11:47:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | M] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:39:41 | 011,008,200 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/05/05 09:27:09 | 001,280,815 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:07 | 001,006,778 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:20 | 000,201,030 | ---- | M] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/05 07:54:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2011/05/04 16:34:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Administrator\Desktop\GooredFix.exe
[2011/05/04 16:20:57 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/04 16:19:53 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2011/05/03 07:48:01 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/04/18 07:39:19 | 000,451,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/15 16:41:28 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/15 16:41:28 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/05/09 13:57:34 | 004,342,022 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011/05/06 12:35:43 | 000,000,560 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.zip
[2011/05/06 12:01:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/06 12:01:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/06 12:01:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/06 12:01:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/06 12:01:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/06 08:25:16 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011/05/05 12:19:42 | 000,302,080 | ---- | C] () -- C:\Users\Administrator\Desktop\x36chp3k.exe
[2011/05/05 09:45:55 | 000,001,957 | ---- | C] () -- C:\Users\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/05 09:26:50 | 001,280,815 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2011/05/05 08:56:02 | 001,006,778 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2011/05/05 08:13:05 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 08:04:18 | 000,201,030 | ---- | C] () -- C:\Users\Administrator\Desktop\lspfix.zip
[2011/05/04 16:45:42 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/04 16:44:31 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/04 16:44:31 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/04 16:20:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/04 16:20:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 16:20:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,451,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/03/27 15:45:32 | 000,030,992 | ---- | C] () -- C:\Windows\System32\nwtray.exe
[2009/03/27 15:45:28 | 000,238,864 | ---- | C] () -- C:\Windows\System32\nwshlxnt.dll
[2009/03/27 15:45:12 | 000,279,824 | ---- | C] () -- C:\Windows\System32\noveap.dll
[2009/03/27 15:44:32 | 000,025,360 | ---- | C] () -- C:\Windows\System32\ncv1_0.dll
[2009/03/27 15:44:30 | 000,022,552 | ---- | C] () -- C:\Windows\System32\drivers\ncuncfilter.sys
[2009/03/27 15:44:22 | 000,110,616 | ---- | C] () -- C:\Windows\System32\drivers\ncrecognizer.sys
[2009/03/27 15:44:00 | 000,910,608 | ---- | C] () -- C:\Windows\System32\ncnetprovider.dll
[2009/03/27 15:43:56 | 000,517,392 | ---- | C] () -- C:\Windows\System32\ncloginui.dll
[2009/03/27 15:43:52 | 000,111,888 | ---- | C] () -- C:\Windows\System32\nclangid.dll
[2009/03/27 15:43:34 | 000,091,160 | ---- | C] () -- C:\Windows\System32\drivers\ncfilter.sys
[2009/03/27 15:43:32 | 000,210,192 | ---- | C] () -- C:\Windows\System32\nccredprovider.dll
[2009/03/27 15:43:28 | 000,013,072 | ---- | C] () -- C:\Windows\System32\nccredlogonext.dll
[2009/03/27 15:43:22 | 000,165,136 | ---- | C] () -- C:\Windows\System32\mapbase.dll
[2009/03/27 15:43:16 | 000,024,848 | ---- | C] () -- C:\Windows\System32\loginw32.exe
[2009/03/27 15:43:04 | 000,189,712 | ---- | C] () -- C:\Windows\System32\lgnwnt32.dll

========== LOP Check ==========

[2009/07/13 23:53:46 | 000,031,348 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP