Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus

Started by Court0830 , Aug 03 2011 09:25 AM

  • This topic is locked This topic is locked

#16
Court0830
Posted 05 August 2011 - 01:12 PM

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 11-08-05.01 - Courtney 08/05/2011 14:53:00.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3031.1875 [GMT -4:00]
Running from: c:\users\Courtney\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
S:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 18:59 . 2011-08-05 18:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 13:19 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B5FEA7F-6D13-48D1-9FC5-86630B08C163}\mpengine.dll
2011-08-04 19:35 . 2011-08-04 19:35 -------- d-----w- c:\programdata\WinZipEC
2011-08-04 19:01 . 2011-08-04 19:01 -------- d-----w- C:\_OTL
2011-08-01 01:49 . 2011-08-01 01:56 -------- d-----w- c:\users\Courtney\AppData\Local\Unzip Wizard
2011-08-01 01:41 . 2011-08-01 01:41 -------- d-----w- C:\extensions
2011-08-01 01:41 . 2011-08-01 01:49 -------- d-----w- c:\users\Courtney\AppData\Local\Conduit
2011-08-01 01:18 . 2011-08-01 01:18 -------- d-----w- C:\_OTM
2011-07-29 18:13 . 2011-07-29 18:13 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-26 20:46 . 2011-07-26 20:47 -------- d-----w- c:\users\Courtney\.scribus
2011-07-26 20:35 . 2011-07-26 20:35 -------- d-----w- c:\users\Courtney\AppData\Local\Easy_BioSolutions_Inc
2011-07-26 20:34 . 2011-07-26 20:40 -------- d-----w- c:\program files\Easy Trinity
2011-07-13 12:55 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 12:55 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 12:55 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 23:52 . 2010-11-09 15:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-11-09 15:07 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 06:08 . 2011-06-16 00:20 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 00:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 00:20 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 00:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 00:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 00:20 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 00:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 00:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 23:14 . 2009-10-03 15:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-13 20:03 . 2011-05-13 20:03 49016 ----a-w- c:\windows\system32\sirenacm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-22 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-22 153624]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-15 660768]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-04-15 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-10 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-10 177440]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-03-23 866784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-17 50688]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2009-9-15 2513264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Stardust Screen Saver Control 2003.lnk - c:\windows\SCMain.exe [2004-1-2 355328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-05-21 45424]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 19968]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 9472]
R3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-02-11 204800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-04 3347280]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-15 1120752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-01-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-15 66848]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-01-17 58448]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-20 249424]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2010-10-20 36432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-24 520192]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-08-15 220152]
S3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [2009-02-09 29232]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-09 3715072]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2010-12-15 689488]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;<local>;*.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/delicioustasteoffame/sis/gamehouseplayer.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://www.shockwave.com/content/nightshiftcode/sis/NightShiftCodeWeb.1.0.0.5.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.shockwave.com/content/bigcityadventuresf/sis/JBGamePlayer.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 15:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
.
**************************************************************************
.
Completion time: 2011-08-05 15:10:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 19:10
.
Pre-Run: 34,758,660,096 bytes free
Post-Run: 34,349,060,096 bytes free
.
- - End Of File - - 3C29F8FADA281E72C163A7393AE3BFE9
  • 0

Advertisements

#17
BlackOxide
Posted 05 August 2011 - 02:12 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
ComboFix log looks positive. It removed a few items, but nothing too concerning.

Do you use this site at all - http//search.qip.ru ?

Also, are you still being redirected when searching?


Can you do following scan with MBRCheck please...


Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#18
Court0830
Posted 05 August 2011 - 02:19 PM

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I haven't had any more redirects so far. I do not use that site at all; I don't know what that is. :) Here is the mbr log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 7439WD9
Logical Drives Mask: 0x00050014

Kernel Drivers (total 182):
0x8204D000 \SystemRoot\system32\ntkrnlpa.exe
0x8201A000 \SystemRoot\system32\hal.dll
0x80606000 \SystemRoot\system32\kdcom.dll
0x8060D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067D000 \SystemRoot\system32\PSHED.dll
0x8068E000 \SystemRoot\system32\BOOTVID.dll
0x80696000 \SystemRoot\system32\CLFS.SYS
0x806D7000 \SystemRoot\system32\CI.dll
0x82606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82677000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82685000 \SystemRoot\system32\drivers\acpi.sys
0x826CB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x826D4000 \SystemRoot\system32\drivers\msisadrv.sys
0x826DC000 \SystemRoot\system32\drivers\pci.sys
0x82703000 \SystemRoot\System32\drivers\partmgr.sys
0x82712000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82715000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8271F000 \SystemRoot\system32\drivers\volmgr.sys
0x8272E000 \SystemRoot\System32\drivers\volmgrx.sys
0x82778000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x827A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CE1000 \SystemRoot\system32\drivers\atapi.sys
0x82CE9000 \SystemRoot\system32\drivers\ataport.SYS
0x82D07000 \SystemRoot\system32\drivers\msahci.sys
0x82D11000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82D1F000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D51000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D61000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82D78000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82D82000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E08000 \SystemRoot\system32\drivers\ndis.sys
0x82F13000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A600000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A912000 \SystemRoot\system32\drivers\volsnap.sys
0x8A94B000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8A954000 \SystemRoot\System32\Drivers\spldr.sys
0x8A95C000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8A97C000 \SystemRoot\System32\Drivers\mup.sys
0x8A98B000 \SystemRoot\System32\drivers\ecache.sys
0x8A9B2000 \SystemRoot\system32\drivers\disk.sys
0x8A9C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A7EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A7F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F79000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E601000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EF31000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFD1000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFDD000 \SystemRoot\system32\DRIVERS\HECI.sys
0x82F88000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8EFE7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x82FC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x827B5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F004000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F20E000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8F5A3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8F5B3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8F5C1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F5D4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F091000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F5DF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F5E1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F5EC000 \SystemRoot\system32\drivers\tpm.sys
0x8F5FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F200000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8F205000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8F0CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F207000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F0E4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F0ED000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F11C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F15D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F168000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F17F000 \SystemRoot\system32\DRIVERS\mux.sys
0x8F1CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F1D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x827C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x827D3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x827E7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F80C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F895000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F8A5000 \SystemRoot\system32\DRIVERS\psadd.sys
0x8F8AB000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x8F8B3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F8B5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F8DF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F8E9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F8F6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F92B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F93C000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8F9B1000 \SystemRoot\system32\drivers\portcls.sys
0x807B7000 \SystemRoot\system32\drivers\drmk.sys
0x90207000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90244000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90346000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F9DE000 \SystemRoot\system32\drivers\modem.sys
0x8F800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90200000 \SystemRoot\System32\Drivers\Null.SYS
0x8F9EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F9F2000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8F9F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EFF2000 \SystemRoot\System32\drivers\vga.sys
0x807DC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A7E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x82E00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82DF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9040A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90418000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90421000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90437000 \SystemRoot\system32\DRIVERS\smb.sys
0x9044B000 \SystemRoot\system32\drivers\afd.sys
0x90493000 \SystemRoot\System32\DRIVERS\netbt.sys
0x904C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x904DB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x904E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904FC000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x90503000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x90518000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9052F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9056B000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x90575000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9057F000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x90581000 \SystemRoot\system32\drivers\csc.sys
0x905DC000 \SystemRoot\System32\Drivers\dfsc.sys
0x905F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90605000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90615000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9061E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90626000 \SystemRoot\system32\DRIVERS\point32.sys
0x9062F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9063C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81870000 \SystemRoot\System32\win32k.sys
0x90717000 \SystemRoot\System32\drivers\Dxapi.sys
0x90721000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81A90000 \SystemRoot\System32\TSDDD.dll
0x81AB0000 \SystemRoot\System32\cdd.dll
0x81AC0000 \SystemRoot\System32\ATMFD.DLL
0x90730000 \SystemRoot\system32\drivers\luafv.sys
0x9074B000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
0xABE01000 \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
0xABF45000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
0xABF91000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xABF9A000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xABFA5000 \SystemRoot\System32\DLA\DLADResM.SYS
0xABFA6000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xABFBE000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xABFC3000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xABFC5000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xABFCC000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xABFD3000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xABFE9000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x8A705000 \SystemRoot\system32\drivers\spsys.sys
0x90758000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90768000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90792000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9079C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAE409000 \SystemRoot\system32\drivers\HTTP.sys
0xAE476000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAE493000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAE4AC000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAE4C1000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE4E2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE501000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE53A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE552000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE57A000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE5E1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB0003000 \SystemRoot\system32\drivers\peauth.sys
0xB00E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB00EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB00F7000 \SystemRoot\system32\DRIVERS\tmcomm.sys
0xB0126000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB012E000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys
0xB013E000 \SystemRoot\system32\DRIVERS\tmactmon.sys
0xB0157000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB0174000 \??\C:\ComboFix\catchme.sys
0xB017C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77B70000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
552 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
684 csrss.exe
716 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\ibmpmsvc.exe
1072 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1412 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\SLsvc.exe
1484 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\svchost.exe
1868 C:\Windows\System32\wlanext.exe
1944 C:\Windows\System32\spoolsv.exe
1968 C:\Windows\System32\svchost.exe
636 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
668 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1252 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1592 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1632 C:\Program Files\Bonjour\mDNSResponder.exe
1752 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2080 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2204 C:\Windows\System32\svchost.exe
2264 C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
2316 C:\Windows\System32\svchost.exe
2336 C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
2368 C:\Windows\System32\svchost.exe
2384 C:\Windows\System32\PnkBstrA.exe
2400 C:\Windows\System32\PnkBstrB.exe
2412 C:\Windows\System32\svchost.exe
2440 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
2476 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2528 C:\Windows\System32\svchost.exe
2568 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2608 C:\Windows\System32\svchost.exe
2716 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2756 C:\Windows\System32\svchost.exe
2800 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2860 C:\Windows\System32\SearchIndexer.exe
2900 C:\Windows\System32\drivers\XAudio.exe
2916 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
2940 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3004 C:\Program Files\Lenovo\System Update\SUService.exe
3056 C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
3592 C:\Windows\System32\dwm.exe
3928 C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
3952 C:\Windows\System32\taskeng.exe
2784 WmiPrvSE.exe
1456 C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
1372 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
940 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
4656 C:\Windows\System32\igfxsrvc.exe
4816 C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
5116 C:\Windows\System32\taskeng.exe
5448 C:\Windows\System32\svchost.exe
5580 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
4796 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3444 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
6080 C:\Windows\System32\TPHDEXLG.exe
5156 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
6136 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
5820 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
5604 C:\Windows\explorer.exe
5284 C:\Windows\System32\wuauclt.exe
3628 C:\Program Files\Internet Explorer\iexplore.exe
4580 C:\Program Files\Internet Explorer\iexplore.exe
3712 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
4264 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
1228 C:\Program Files\Internet Explorer\iexplore.exe
4460 C:\Program Files\Internet Explorer\iexplore.exe
4504 C:\Windows\System32\SearchFilterHost.exe
3264 C:\Windows\System32\SearchProtocolHost.exe
4288 taskeng.exe
3744 dllhost.exe
4248 dllhost.exe
5320 C:\Users\Courtney\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000022`d2200000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DDE7F3E37DC0C693C94BC35606E4A0ACE9991E65


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#19
BlackOxide
Posted 05 August 2011 - 02:49 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey dokey, we'll get rid of that site that's put itself into the Internet Explorer registry keys.

Could you do the following please...



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again, copy and paste the following into the Custom Scans/Fixes area at the bottom

    SAVEMBR:0
  • Then click the Quick Scan button. Post the log it produces in your next reply.




2)
There is a file at this location C:\PhysicalMBR.bin. Could you navigate to this file for me please, Right click it, then choose Send To > Compressed (Zipped) Folder. This will then zip the file up. Could you then Attach this Zip file to your next reply. See below on how to attach a file.

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.




3)
We'll now do a Full Scan of your machine with Kaspersky's Virus Removal Tool, just to sweep for any leftovers. Please note, this may take a few hours to complete, depending on how much data you have on the Hard Drive.

Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




In your next reply
Please post the contents of...
OTL log
Attach the PhysicalMBR.zip file
Kaspersky log
  • 0

#20
Court0830
Posted 05 August 2011 - 07:05 PM

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 8/5/2011 5:42:32 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Courtney\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.53% Memory free
6.11 Gb Paging File | 4.83 Gb Available in Paging File | 79.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.82 Gb Total Space | 31.96 Gb Free Space | 23.19% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.66 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 46.99% Space Free | Partition Type: NTFS

Computer Name: COURTNEY-PC | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/03/23 19:02:18 | 000,866,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/11/25 11:59:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 12:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/07/10 14:43:24 | 000,177,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/10 14:43:20 | 000,435,488 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/10 14:13:38 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/05/28 15:30:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/21 07:48:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/04/15 13:50:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/04/14 06:51:38 | 000,015,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 17:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/01/02 21:15:19 | 000,355,328 | ---- | M] (Stardust Software) -- C:\Windows\SCMain.exe


========== Modules (SafeList) ==========

MOD - [2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/03/22 14:48:36 | 001,366,592 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2011/03/22 14:41:16 | 001,414,744 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2011/01/17 11:40:00 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/12/15 17:49:36 | 000,689,488 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/09/07 12:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/04 03:51:00 | 003,347,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/10 14:43:18 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/10 14:43:14 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/05/21 07:48:24 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/05/21 07:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/04/15 13:50:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/02/11 16:20:36 | 000,864,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/11 16:19:28 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2009/02/11 15:16:28 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/10/09 05:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/24 19:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/15 11:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 11:32:48 | 000,068,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/01/17 11:32:36 | 000,058,448 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2011/01/17 11:32:24 | 000,177,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 17:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/06/18 16:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 15:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/25 20:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/10/27 06:15:14 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/08/17 21:32:44 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/08/14 20:18:24 | 000,220,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2009/04/15 13:50:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mux.sys -- (MUXP)
DRV - [2009/02/09 14:26:38 | 000,029,232 | ---- | M] (Intel© Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mux.sys -- (MUXMP)
DRV - [2009/02/09 12:40:32 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/28 20:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/01/28 20:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/01/05 00:35:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/07/10 22:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/18 02:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Courtney\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Courtney\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Courtney\Program Files\DNA [2010/12/28 11:27:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Meep\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Courtney\AppData\Roaming\Move Networks [2010/03/22 19:09:36 | 000,000,000 | ---D | M]

[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2009/10/03 12:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/08/05 17:34:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CSolidBrowserObj Object) - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\Windows\System32\SolidStateNetworks\SolidStateION\solidax.dll (Solid State Networks)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstWeddingDasControl Object)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7D492D61-303A-45C3-8A55-63449339943D} http://www.shockwave...Web.1.0.0.5.cab (CPlayFirstNightShiftControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} http://www.shockwave...BGamePlayer.cab (Jolly Bear Games Player)
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://www.playwhat....lidstateion.cab (CSolidBrowserObj Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8DB0A570-5CBF-47A3-9F63-504CD9E2478B}
[2011/08/05 15:53:41 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4BB0465B-F947-439D-9B71-7561ADD23E5C}
[2011/08/05 15:10:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/05 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\temp
[2011/08/05 15:01:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/05 14:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/05 14:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/05 14:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/05 14:50:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/05 14:50:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 14:48:35 | 004,164,630 | R--- | C] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2011/08/04 20:13:08 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{75FF5D99-9349-4033-9C3B-7B2661A49031}
[2011/08/04 20:12:56 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9768462A-4ED4-4E9B-8F26-9B46AA976CC1}
[2011/08/04 15:38:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/04 15:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2011/08/04 15:01:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/04 13:09:19 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/03 11:27:28 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{84798EF1-1E09-47A3-A495-FB077B9E6AC3}
[2011/08/03 11:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3FB7178F-C0F5-4A7B-9598-06FF418AD547}
[2011/08/03 11:10:40 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/08/02 14:52:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0CBBB515-D4E1-4146-BD1F-E3B5F34A0049}
[2011/08/02 14:51:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{520B13A7-35D3-42F4-90A3-01795522D3BE}
[2011/08/01 15:15:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{EC5748C4-0CF8-4D7E-86E2-53CC548A002C}
[2011/08/01 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{00A0CEA9-8222-42EB-B0D9-6A1548C3722C}
[2011/07/31 21:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unzip Wizard
[2011/07/31 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Unzip Wizard
[2011/07/31 21:41:47 | 000,000,000 | ---D | C] -- C:\extensions
[2011/07/31 21:41:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Conduit
[2011/07/31 21:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/31 21:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/31 12:17:51 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{B1B53669-0037-4367-9EDF-D69AE1010FCC}
[2011/07/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{0B0EC17A-3F61-47C0-B011-1E18DDBF22F5}
[2011/07/30 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FBE3D3C6-49C3-4F19-AA48-49B28AB0C2E5}
[2011/07/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{6D604161-2DEF-49A8-9056-8A6FE51244DA}
[2011/07/29 14:14:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A37F53F3-47BB-45B0-BE12-12F95420C038}
[2011/07/29 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{481BBBB5-7CD1-483D-B4D5-EB5363F25FE1}
[2011/07/29 11:44:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AB597B62-CB8B-4B9E-B2FB-D8A2F06D8296}
[2011/07/28 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{25FC9962-3746-4193-BD70-01247A300A7F}
[2011/07/27 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{4FF7DDBC-46F8-47E0-BD3C-62A3C195BB95}
[2011/07/26 16:46:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\.scribus
[2011/07/26 16:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.3.3.14
[2011/07/26 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Easy_BioSolutions_Inc
[2011/07/26 16:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Trinity
[2011/07/26 15:53:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{FC171FAC-F099-4910-9098-0E789A21BB7F}
[2011/07/25 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{ABD99B6D-E87B-4DDF-8C00-A88368402656}
[2011/07/25 08:54:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{41BDD70C-9B7C-4835-8C9A-E832A1EE3973}
[2011/07/24 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A3D1BCFC-CE5C-4C21-ADA4-BBA23D9B9162}
[2011/07/22 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{E7EEB785-A977-4734-B172-A3C2B284226A}
[2011/07/21 16:25:45 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{A7631C61-6F0C-4372-9527-0E0BF6EE8B5C}
[2011/07/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{AE4EDE32-00A1-419A-8108-2AB311F66735}
[2011/07/18 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{418EC837-958B-4F66-950F-508072C08CA7}
[2011/07/13 21:17:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{7C2496DF-3247-4A6C-B6CC-0A69E7C88A27}
[2011/07/13 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{2318D173-FC5F-48D3-8C81-60F87B1BAAFC}
[2011/07/12 21:16:24 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1AF09E38-78AC-4238-AD95-612BA2857CC1}
[2011/07/12 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{8582BC79-EE4F-40D8-B37B-04A14F95749B}
[2011/07/11 17:01:36 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{10B78833-233A-4A6C-B2B5-D4390F95DB37}
[2011/07/10 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{43D26DE0-43A4-409A-8CD4-68952109155E}
[2011/07/09 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{3899AC11-6F9E-4D29-91FF-95B478393F88}
[2011/07/08 13:41:39 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9488FADA-96E5-4C43-BBC9-7975AABA0014}
[2011/07/07 13:04:38 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{9B7C2246-3089-410F-915B-F81ABE7B2BE4}
[2011/07/06 21:51:43 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\{1C549277-4A9B-42DD-82DC-7080067B1901}

========== Files - Modified Within 30 Days ==========

[2011/08/05 17:45:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/08/05 17:39:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 17:39:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/05 17:39:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/05 17:39:32 | 3177,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 17:34:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/08/05 16:16:08 | 000,080,384 | ---- | M] () -- C:\Users\Courtney\Desktop\MBRCheck.exe
[2011/08/05 14:48:51 | 004,164,630 | R--- | M] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2011/08/04 22:50:59 | 000,005,865 | ---- | M] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/04 16:34:29 | 001,404,515 | ---- | M] () -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2011/08/04 13:10:51 | 000,000,512 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/08/04 13:09:22 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2011/08/04 12:50:07 | 000,027,426 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/08/03 11:10:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2011/07/31 12:15:32 | 000,699,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/31 12:15:32 | 000,137,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/27 11:23:16 | 000,423,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/25 14:06:58 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/18 19:49:02 | 000,002,035 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/08/05 17:45:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/08/05 16:16:07 | 000,080,384 | ---- | C] () -- C:\Users\Courtney\Desktop\MBRCheck.exe
[2011/08/05 14:50:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/05 14:50:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/05 14:50:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/05 14:50:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/05 14:50:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/04 22:50:59 | 000,005,865 | ---- | C] () -- C:\Users\Courtney\.recently-used.xbel
[2011/08/04 16:34:24 | 001,404,515 | ---- | C] () -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2011/08/04 13:10:51 | 000,000,512 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.dat
[2011/07/18 19:49:02 | 000,002,035 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2011/01/08 17:05:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/23 12:34:42 | 000,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/01/23 12:34:18 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/01/05 21:07:02 | 000,001,356 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d9caps.dat
[2009/11/25 15:44:26 | 000,000,552 | ---- | C] () -- C:\Users\Courtney\AppData\Local\d3d8caps.dat
[2009/10/03 12:34:24 | 000,002,152 | ---- | C] () -- C:\Windows\unins000.dat
[2009/09/17 14:22:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 14:22:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 14:20:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/01 14:45:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/30 11:22:32 | 000,022,328 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\PnkBstrK.sys
[2009/08/30 11:22:19 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/08/30 11:22:17 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/08/30 11:22:16 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/08/30 01:50:27 | 000,008,704 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 00:15:24 | 000,027,426 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/17 21:29:12 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/08/17 21:29:12 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/17 21:27:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/17 21:27:23 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/17 21:27:23 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/17 21:27:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/17 21:27:23 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/17 21:19:32 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/17 21:19:32 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/17 21:19:32 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/17 21:19:31 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/17 20:50:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/17 20:47:09 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:43 | 000,423,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,699,680 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,137,916 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/21 10:43:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/30 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DNA
[2010/09/15 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Elluminate
[2011/06/01 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GetRightToGo
[2011/07/27 21:33:45 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\gtk-2.0
[2011/02/24 21:49:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Image Zone Express
[2009/10/02 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\InterVideo
[2010/12/07 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Jane s Hotel 3
[2009/08/29 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Lenovo
[2010/09/29 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Printer Info Cache
[2010/03/06 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SecondLife
[2011/05/30 14:23:28 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/05 17:38:25 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

========== Files - Unicode (All) ==========
[2010/02/16 22:27:37 | 000,010,746 | ---- | M] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx
[2009/12/04 14:15:38 | 000,010,746 | ---- | C] ()(C:\Users\Courtney\Documents\?.docx) -- C:\Users\Courtney\Documents\凸.docx

< End of report >

Attached File  PhysicalMBR.zip   576bytes   118 downloads
  • 0

#21
Court0830
Posted 05 August 2011 - 07:05 PM

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
kaslog:

Status: Deleted (events: 6)
8/5/2011 8:18:22 PM Deleted unknown threat UDS:DangerousObject.Multi.Generic C:\Windows\System32\GameMon.des High
8/5/2011 8:52:18 PM Deleted virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\08042011_150123\C_ProgramData\AudioEng32.exe High
8/5/2011 8:52:18 PM Deleted virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\08042011_150123\C_ProgramData\AudioEng32.exe//UPX High
8/5/2011 8:52:18 PM Deleted Trojan program Trojan.Win32.BHO.bpcg C:\_OTL\MovedFiles\08042011_150123\C_Windows\System32\AudioEng32.dll High
8/5/2011 8:52:18 PM Deleted virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\08042011_150123\C_Windows\System32\p2pnetsh32.exe High
8/5/2011 8:52:18 PM Deleted virus HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\08042011_150123\C_Windows\System32\p2pnetsh32.exe//UPX High

Edited by Court0830, 05 August 2011 - 07:06 PM.

  • 0

#22
BlackOxide
Posted 06 August 2011 - 06:51 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
The Kaspersky log has mainly found items that have already been quarantined. Your logs are looking good now. Can you confirm that you are still having no redirects, and just let me know if there are any other problems you'd like to run past me. :)
  • 0

#23
Court0830
Posted 06 August 2011 - 09:33 AM

Court0830

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I still haven't had any redirects. Thank you! I was wondering though, what do I do with all the logs and programs that you had me download to my desktop now that the virus is gone?
  • 0

#24
BlackOxide
Posted 06 August 2011 - 11:26 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

I was wondering though, what do I do with all the logs and programs that you had me download to my desktop now that the virus is gone?

That was my next step, you beat me to it :unsure:


As your logs are now clean and the redirect has gone, I'll post the cleanup steps along with some tips on staying safe :)


Good stuff, your logs now appear clean :)

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected


Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.


========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove aswMBR, TDSSKiller and MBRCheck from the Desktop (if present)

2)
Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

3)
Clear Old Restore Points
  • Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
    :Commands
[CLEARALLRESTOREPOINTS]
  • Then Click Run Fix

4)
OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

5)
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Spyware Blaster
Spyware Blaster is a useful program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.



========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates
  • Click the Start button
  • Click Control Panel
  • Double Click Java
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
Adobe Reader updates
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed



========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.


Have fun and stay safe online :yes:
BlackOxide
  • 0

#25
BlackOxide
Posted 10 August 2011 - 03:11 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP