Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Operating memory - Win32/Olmarik.TDL4 [Solved]

Started by JulieJean , Jan 17 2012 09:14 AM

  • This topic is locked This topic is locked

#1
JulieJean
Posted 17 January 2012 - 09:14 AM

JulieJean

    Member

  • Member
  • PipPip
  • 48 posts
I am working on our business computer and the machine ran way too long with out updated virus protection. I have restored the system to a state from 3 years ago which took care of 46 of the 47 viruses and i am left with 1 in the subject line.

I have followed the steps to another topic and have gotten to step 4 and I am not sure what to do for the custom scan.

Here are all the files from the scans.

Many thanks in advance for your help.

OTL logfile created on: 1/17/2012 9:42:38 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.20 Mb Total Physical Memory | 348.29 Mb Available Physical Memory | 34.61% Memory free
2.37 Gb Paging File | 1.85 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 29.26 Gb Free Space | 41.23% Space Free | Partition Type: NTFS
Drive D: | 410.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRONTDSKTHKCTR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 09:39:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/06 17:53:56 | 000,532,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2007/09/06 17:53:54 | 000,302,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2006/11/17 03:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/10/30 03:53:26 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/10/30 03:53:14 | 000,400,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2006/10/30 03:53:14 | 000,179,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/06/18 12:06:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/06/18 12:06:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/03/13 18:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/01/05 21:03:44 | 002,142,301 | ---- | M] () -- C:\Program Files\Staples\easyprint\dsfhost.exe
PRC - [2005/11/10 15:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 15:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/04/13 16:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2008/06/21 07:55:47 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a13bd69c\mscorlib.dll
MOD - [2008/06/21 07:55:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_d0d6823e\system.dll
MOD - [2008/06/21 07:55:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2006/07/14 19:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 11:11:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2006/04/30 02:31:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/01/05 21:03:44 | 002,142,301 | ---- | M] () -- C:\Program Files\Staples\easyprint\dsfhost.exe
MOD - [2005/09/17 20:53:36 | 000,208,896 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdftyphoon.dll
MOD - [2005/09/17 20:53:32 | 000,815,104 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfeye.dll
MOD - [2005/09/17 20:53:18 | 000,126,976 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfwind.dll
MOD - [2005/07/19 13:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/06/29 13:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/08/29 13:20:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/06 17:53:54 | 000,302,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2006/11/17 03:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/16 18:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/10/30 03:53:26 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2006/10/30 03:53:14 | 000,179,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/06/18 12:06:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2008/06/07 04:20:54 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/08/10 02:11:34 | 000,014,336 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/08/10 02:11:34 | 000,011,264 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/10/30 03:53:32 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/06/18 12:06:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/03/13 18:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/02/11 15:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 15:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 09:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 09:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/17 08:23:01 | 000,000,000 | ---D | M]

[2012/01/16 18:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/06/20 20:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zpczbbce.default\extensions
[2012/01/17 09:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DSFHost] C:\Program Files\Staples\easyprint\dsfhost.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 166.102.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1854673F-72BA-404D-987F-DC73A5BE4CE2}: DhcpNameServer = 192.168.1.1 166.102.165.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 01:48:56 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/01/17 09:00:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data\yahoo!
[2012/01/17 08:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/01/17 08:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2012/01/17 08:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/01/17 08:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2012/01/17 07:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/17 09:33:44 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/17 09:33:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/17 09:11:18 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/01/17 09:03:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/01/17 08:30:31 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2012/01/17 08:27:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 08:27:17 | 1055,154,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 08:06:15 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/01/17 07:45:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 09:33:43 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/17 09:10:17 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/01/17 07:47:07 | 1055,154,176 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/10 11:28:08 | 000,000,260 | R--- | C] () -- C:\WINDOWS\DSF.ini
[2008/06/21 10:13:57 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr07.dat
[2008/06/21 10:11:07 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/06/20 20:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/18 22:59:20 | 000,003,216 | ---- | C] () -- C:\WINDOWS\System32\encobject.dat
[2008/06/07 04:37:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/07 04:27:40 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2008/06/07 04:20:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2008/06/07 04:16:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2008/06/07 04:13:27 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/07 04:12:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/07 04:12:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/07 04:12:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/07 04:12:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/07 04:12:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/07 04:12:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/07 04:07:27 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/07 04:07:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/06/07 04:07:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/06/07 04:07:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/06/07 04:07:06 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2008/06/07 04:07:06 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2008/06/07 04:02:37 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/16 18:14:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/06/27 04:57:45 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/06/27 04:57:41 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/06/14 11:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,472,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,087,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/31 12:36:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 03:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2012/01/16 18:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/16 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/01/16 17:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/01/16 18:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/01/16 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lenovo
[2012/01/16 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThinkVantage
[2012/01/17 08:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/01/17 09:03:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/17 07:45:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/07 04:13:01 | 000,002,280 | ---- | M] () -- C:\drivez.log
[2012/01/17 08:27:17 | 1055,154,176 | -HS- | M] () -- C:\hiberfil.sys
[2008/06/07 04:16:47 | 003,839,384 | ---- | M] () -- C:\install.log
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/21 15:17:29 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2012/01/17 08:27:16 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2008/06/07 03:56:50 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2008/10/22 18:15:47 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2008/07/09 09:45:55 | 000,000,146 | ---- | M] () -- C:\YServer.txt


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/21 15:14:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/21 15:14:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/21 15:14:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/21 15:14:13 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/11 19:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 19:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/04/29 19:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/04/29 19:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB24417$] -> -> Unknown point type

< End of report >

Attached Files

  • Attached File  gmer.log   175.58KB   130 downloads
  • Attached File  Extras.Txt   48.25KB   122 downloads
  • Attached File  OTL.Txt   71.89KB   85 downloads

  • 0

Advertisements

#2
JulieJean
Posted 17 January 2012 - 02:11 PM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Or, if maybe someone could point me in the right direction and tell me what i am looking for in the log files, that would help.
  • 0

#3
Essexboy
Posted 17 January 2012 - 03:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I think I can see the problem but I will need confirmation

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [C:\WINDOWS\$NtUninstallKB24417$] -> -> Unknown point type

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log.

  • 0

#4
JulieJean
Posted 17 January 2012 - 04:39 PM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Many Thanks! Here are the files from the scan and final OTL step.Attached File  aswMBR.txt   994bytes   100 downloadsAttached File  OTL.Txt   81.35KB   104 downloads

OTL logfile created on: 1/17/2012 5:14:53 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.20 Mb Total Physical Memory | 390.39 Mb Available Physical Memory | 38.80% Memory free
2.37 Gb Paging File | 1.87 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.97 Gb Total Space | 29.57 Gb Free Space | 41.66% Space Free | Partition Type: NTFS
Drive D: | 410.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FRONTDSKTHKCTR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 09:39:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/06 17:53:56 | 000,532,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSTrayApp.exe
PRC - [2007/09/06 17:53:54 | 000,302,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Home Server\WHSConnector.exe
PRC - [2006/11/17 03:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/10/30 03:53:26 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/10/30 03:53:14 | 000,400,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2006/10/30 03:53:14 | 000,179,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/06/18 12:06:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/06/18 12:06:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/03/13 18:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/01/05 21:03:44 | 002,142,301 | ---- | M] () -- C:\Program Files\Staples\easyprint\dsfhost.exe
PRC - [2005/11/10 15:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 15:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/04/13 16:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/06/21 07:55:47 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a13bd69c\mscorlib.dll
MOD - [2008/06/21 07:55:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_d0d6823e\system.dll
MOD - [2008/06/21 07:55:25 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2006/07/14 19:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 11:11:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2006/04/30 02:31:02 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/01/05 21:03:44 | 002,142,301 | ---- | M] () -- C:\Program Files\Staples\easyprint\dsfhost.exe
MOD - [2005/09/17 20:53:36 | 000,208,896 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdftyphoon.dll
MOD - [2005/09/17 20:53:32 | 000,815,104 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfeye.dll
MOD - [2005/09/17 20:53:18 | 000,126,976 | ---- | M] () -- C:\Program Files\Staples\easyprint\pdfwind.dll
MOD - [2005/07/19 13:34:28 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\ahlprunl.dll
MOD - [2005/06/29 13:54:50 | 000,180,224 | ---- | M] () -- C:\Program Files\ThinkVantage\AMSG\AcpPollingEngine.dll
MOD - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/08/29 13:20:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/06 17:53:54 | 000,302,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV - [2006/11/17 03:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/16 18:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/10/30 03:53:26 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2006/10/30 03:53:14 | 000,179,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2006/07/14 19:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 17:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/06/18 12:06:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2008/06/07 04:20:54 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/08/10 02:11:34 | 000,014,336 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/08/10 02:11:34 | 000,011,264 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/10/30 03:53:32 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/06/18 12:06:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/03/13 18:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/02/11 15:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 15:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 09:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/17 09:33:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/17 08:23:01 | 000,000,000 | ---D | M]

[2012/01/16 18:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/06/20 20:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zpczbbce.default\extensions
[2012/01/17 09:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/17 16:46:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DSFHost] C:\Program Files\Staples\easyprint\dsfhost.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1391959384-4125248489-2391074513-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 166.102.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1854673F-72BA-404D-987F-DC73A5BE4CE2}: DhcpNameServer = 192.168.1.1 166.102.165.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 01:48:56 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 16:46:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 09:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/01/17 09:00:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data\yahoo!
[2012/01/17 08:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/01/17 08:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2012/01/17 08:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/01/17 08:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2012/01/17 07:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

========== Files - Modified Within 30 Days ==========

[2012/01/17 17:03:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/01/17 16:57:38 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2012/01/17 16:54:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 16:54:01 | 1055,154,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/17 16:46:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/17 09:33:44 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/17 09:33:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/17 09:11:18 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/01/17 08:06:15 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2012/01/17 07:45:52 | 000,000,211 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/01/17 09:33:43 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/17 09:10:17 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/01/17 07:47:07 | 1055,154,176 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/10 11:28:08 | 000,000,260 | R--- | C] () -- C:\WINDOWS\DSF.ini
[2008/06/21 10:13:57 | 000,000,685 | R--- | C] () -- C:\WINDOWS\System32\hppapr07.dat
[2008/06/21 10:11:07 | 000,000,181 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/06/20 20:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/18 22:59:20 | 000,003,216 | ---- | C] () -- C:\WINDOWS\System32\encobject.dat
[2008/06/07 04:37:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/07 04:27:40 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2008/06/07 04:20:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2008/06/07 04:16:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2008/06/07 04:13:27 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/07 04:12:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/07 04:12:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/07 04:12:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/07 04:12:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/07 04:12:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/07 04:12:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/07 04:07:27 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/07 04:07:27 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/06/07 04:07:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/06/07 04:07:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2008/06/07 04:07:06 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2008/06/07 04:07:06 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2008/06/07 04:02:37 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/16 18:14:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/06/27 04:57:45 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/06/27 04:57:41 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/06/14 11:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,472,050 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,087,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 19:03:29 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/31 12:36:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 03:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/06/18 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2012/01/16 18:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
[2012/01/16 18:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/01/16 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2012/01/16 17:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/01/16 18:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/06/18 22:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2012/01/16 18:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
[2012/01/16 18:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\InterVideo
[2012/01/16 18:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\Lenovo
[2012/01/16 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\ThinkVantage
[2012/01/16 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\Windows Desktop Search
[2012/01/16 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\Windows Home Server
[2012/01/16 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeskManager\Application Data\Windows Search
[2012/01/16 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lenovo
[2012/01/16 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThinkVantage
[2012/01/17 08:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2012/01/17 17:03:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2005/04/01 13:19:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 02:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2008/12/19 04:10:15 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >
  • 0

#5
JulieJean
Posted 18 January 2012 - 06:24 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
how do these files look?
  • 0

#6
Essexboy
Posted 18 January 2012 - 07:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There was some data missing from the aswMBR run as it was truncated - So I need to determine why

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#7
JulieJean
Posted 18 January 2012 - 08:09 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Screen ShotDiskMgmt.JPG
  • 0

#8
JulieJean
Posted 18 January 2012 - 08:18 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Attached File  RKreport1.txt   1.49KB   117 downloads
  • 0

#9
Essexboy
Posted 18 January 2012 - 08:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Gotcha - There is a 1MB partition hiding on your drive. This contains all the malware files so we will need to kill it dead


Please read the instructions two or three times to be sure that you know what you are doing
Preferably from a clean computer, I need you to download:
gparted-live-0.11.0-7.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 1MB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
JulieJean
Posted 18 January 2012 - 09:38 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I am at the gui and i can't select anything or do anything to get to the drive i want to delete. everything is gray or not responding.
  • 0

Advertisements

#11
Essexboy
Posted 18 January 2012 - 09:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK obviously the malware boys are improving their protection


Please go back to normal windows, ensuring that aswMBR is still on the desktop

Then go start > Run
Copy/paste in the following command please :

aswMBR.exe -ap 1

Press enter

Once the programme has run then reboot immediately
  • 0

#12
JulieJean
Posted 18 January 2012 - 11:04 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
this doesn't seem to be working. I get warning message from aswmbr to which i say yes i am sure. then it doesn't appear that anything is happening. I have tried 3 times waiting various amounts of time before rebooting and each time the result is the same and the active drive is still the bad one.
  • 0

#13
JulieJean
Posted 18 January 2012 - 11:47 AM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Additional odd behavior - while waiting for your reply i went in and tried to force the partition to active using diskpart. after selecting the part list again it showed 1 as active. Then when listing the partitions a 3rd time, the 3rd (bad) partition disappeared from the list. I quickly booted into Gpart again and see my ugly partition still in that view. It seems to be getting larger, however. It is 1.49 M now.
  • 0

#14
Essexboy
Posted 18 January 2012 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will check this out as it is a new twist... Time to play catchup again

Did you burn Gparted on another computer ?

I may have a solution ... Meanwhile whilst I check it out could you run Combofix
  • 0

#15
JulieJean
Posted 18 January 2012 - 01:28 PM

JulieJean

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
i did not, i burned it on the bad computer. I will burn another copy on a good computer. and run combo fix
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP