Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor/ Win32Heur/ WormGeneric2.AtWZ/Agent.3/ fatobfusvated

Started by Shockwave# , Jan 18 2012 07:45 AM

  • Please log in to reply

#1
Shockwave#
Posted 18 January 2012 - 07:45 AM

Shockwave#

    New Member

  • Member
  • Pip
  • 7 posts
Dear Sir/ Maam,

I have an IBM T-43 laptop. recently i had replaced my hard disk. But as soon i connected to the internet to update my windows XP SP2 and to download the FREE AVG Anti-Virus s/w, i believe, i was infected by some viruses and malwares. The symptoms were:
1) IE icon on the desktop being replaced by some creepy icon with description in some creepy language.
2) AVG software not able to UPDATE itself. It did not start with system startup as well.


I used the System restore to restore back to a previous state. Then i got an AVG from my friend and when installed it on my laptop using a pendrive. The scans showed multiple threats and invariably, AVG detected about 1500plus files to be affected with different viruses/worms/etc. I have deleted the previous system restore files, temporary files and files in the temo folder. The AVG seems to be running fine. BUt the system tray icon does not load on system startup. ATM i have disabled all other startup files other that microsoft ones.

I still am sure that my system is affected with some sort of malware.

Please help me out. I was redirected to this site from a representative at the LENOVO FORUMS.


Here is the OTL results:





OTL logfile created on: 1/18/2012 7:23:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\lenovo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.42 Mb Total Physical Memory | 31.86 Mb Available Physical Memory | 6.24% Memory free
1.22 Gb Paging File | 0.78 Gb Available in Paging File | 64.49% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.51 Gb Total Space | 61.21 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: IBM-4C373ABB3F2 | User Name: lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 19:23:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
PRC - [2012/01/18 19:00:14 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\lenovo\Local Settings\Temp\efrems.exe
PRC - [2010/09/21 20:53:22 | 003,142,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgmfapx.exe
PRC - [2010/09/15 05:29:10 | 003,987,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2005/05/25 12:11:58 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/05/25 12:11:26 | 001,245,268 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2005/03/18 16:37:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/10/14 22:41:10 | 001,470,464 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/08/04 18:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/18 19:00:14 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\lenovo\Local Settings\Temp\efrems.exe
MOD - [2005/05/25 12:12:58 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/04/27 23:23:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
MOD - [2005/04/13 14:31:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/04/13 14:31:00 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/03/19 12:40:38 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2004/08/13 09:41:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Windows Hosts Controller)
SRV - File not found [Disabled | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (PrtSmanm)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtehdi)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtecgx)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtebdr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (Gvbutu Xobghuro Jpo)
SRV - File not found [Disabled | Stopped] -- -- (Fkrkk456)
SRV - File not found [Disabled | Stopped] -- -- (FireFox)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2005/05/25 12:06:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/04/28 00:39:46 | 000,385,024 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005/04/13 06:04:36 | 000,040,554 | ---- | M] (UPEK Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2005/03/18 16:37:00 | 000,077,824 | ---- | M] (IBM Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/08/11 14:16:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 11:20:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/07/12 07:49:22 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2002/09/21 04:20:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 00:49:24 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2005/05/25 12:29:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/25 12:28:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/25 12:27:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/25 12:27:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/25 11:53:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/17 16:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/05/11 11:37:44 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/27 23:57:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/22 06:14:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11)
DRV - [2005/04/13 14:31:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/04/13 06:01:28 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\IBM fingerprint software\smihlp.sys -- (SmiHlp)
DRV - [2005/03/18 16:37:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/03/18 16:37:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/03/18 16:37:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/03/18 06:00:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/14 21:30:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/02/02 06:30:42 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2005/01/21 15:10:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 15:10:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/12/03 05:44:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/03 05:24:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/11 06:17:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/11 06:16:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/11 06:15:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/10/15 23:50:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/09/19 15:17:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/01/18 16:13:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 18:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63159DB7-2B34-4842-8EC9-B9D4112D2B32}: NameServer = 218.248.255.194 218.248.255.197
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\IBM fingerprint software\psfus.dll) - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutopLay\comMand - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutoRun\command - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\exPLorE\ComMAnd - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\oPen\coMManD - "" = E:\pmoen.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/18 19:23:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
[2012/01/18 17:12:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/01/18 17:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\AVG10
[2012/01/18 17:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2012/01/18 16:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Desktop\AVG_Internet_Security 2011_v 10.0.1120(x86)_sav23
[2012/01/18 16:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/18 16:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/18 16:13:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/18 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/01/18 01:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/18 01:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/18 01:42:07 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\lenovo\Desktop\spybotsd162.exe
[2012/01/17 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\My Documents\My Received Files
[2012/01/17 22:37:19 | 000,000,000 | ---D | C] -- C:\b84e0d666048e34107
[2012/01/17 22:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 20:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/17 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\t(2)
[2012/01/17 20:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CPAPP
[2012/01/17 20:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\iexplore
[2012/01/17 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData(2)
[2012/01/17 16:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/17 02:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/17 02:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/01/17 01:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\IECompatCache
[2012/01/16 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\PrivacIE
[2012/01/16 23:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/01/16 23:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2012/01/16 23:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\IETldCache
[2012/01/16 23:41:44 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/01/16 23:40:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/16 23:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/01/16 20:41:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/16 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hfpu
[2012/01/16 20:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X
[2012/01/16 20:23:43 | 016,956,784 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\lenovo\Desktop\IE8-WindowsXP-x86-ENU.exe
[2012/01/16 20:02:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/16 19:51:39 | 004,046,368 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lenovo\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/16 19:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/01/16 19:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Macromedia
[2012/01/16 19:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/01/16 18:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/01/16 18:03:26 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2012/01/16 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/01/16 18:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/16 18:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/01/16 18:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/16 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/16 17:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/01/16 17:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\Microsoft Help
[2012/01/16 17:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/16 17:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/01/16 17:55:17 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/01/16 17:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/01/16 17:46:05 | 001,671,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\W29MLRES.DLL
[2012/01/16 17:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2012/01/16 17:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/01/12 01:15:16 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2012/01/12 01:10:08 | 000,000,000 | ---D | C] -- C:\IBMTOOLS
[2012/01/12 01:02:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\lenovo\Application Data\Microsoft
[2012/01/12 01:02:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\lenovo\Cookies
[2012/01/12 01:02:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\Recent
[2012/01/12 01:02:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\Application Data
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Pictures
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Music
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Favorites
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\PrintHood
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\NetHood
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\Local Settings
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Symantec
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Sonic
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\Microsoft
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Identities
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\IBM
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Desktop
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\BVRP Software
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Bluetooth Software
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\My Documents\Bluetooth Exchange Folder
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\ApplicationHistory
[2012/01/12 01:02:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\SendTo
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu\Programs\Startup
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu\Programs\Accessories
[2012/01/12 01:02:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\Templates
[2012/01/12 01:01:30 | 000,000,000 | ---D | C] -- C:\RRUbackups
[2012/01/12 00:55:27 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/01/12 00:51:29 | 000,577,536 | ---- | C] (IBM) -- C:\WINDOWS\System32\tvt_gina.dll
[2012/01/12 00:51:29 | 000,282,624 | ---- | C] (IBM) -- C:\WINDOWS\System32\tvt_gina_api.dll
[2012/01/12 00:51:29 | 000,262,144 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\QConGina.dll
[2012/01/12 00:51:29 | 000,077,824 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE
[2012/01/12 00:51:28 | 000,012,288 | ---- | C] (IBM Corporation.) -- C:\WINDOWS\System32\drivers\qcndisif.sys
[2012/01/12 00:51:28 | 000,011,520 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.sys
[2012/01/12 00:49:53 | 000,000,000 | ---D | C] -- C:\IBMSHARE
[2012/01/12 00:49:35 | 000,013,184 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\drivers\psadd.sys
[2012/01/12 00:45:40 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2012/01/12 00:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2012/01/12 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2012/01/12 00:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ibm
[2012/01/12 00:44:52 | 000,010,368 | ---- | C] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys
[2012/01/12 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD Creator
[2012/01/12 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2012/01/12 00:44:10 | 000,000,000 | ---D | C] -- C:\icons
[2012/01/12 00:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC-Doctor for Windows
[2012/01/12 00:43:45 | 000,012,416 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\PcdrNdisuio.sys
[2012/01/12 00:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor for Windows
[2012/01/12 00:43:15 | 000,098,358 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\dla.exe
[2012/01/12 00:43:15 | 000,061,498 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\tfswapi.dll
[2012/01/12 00:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM DLA
[2012/01/12 00:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dla
[2012/01/12 00:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\IBM DLA
[2012/01/12 00:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic
[2012/01/12 00:42:49 | 000,109,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012/01/12 00:42:49 | 000,108,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012/01/12 00:42:49 | 000,057,344 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012/01/12 00:42:49 | 000,056,832 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012/01/12 00:42:49 | 000,056,320 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012/01/12 00:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/01/12 00:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM RecordNow!
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\IBM RecordNow!
[2012/01/12 00:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\thinkpad_features
[2012/01/12 00:41:54 | 000,061,440 | ---- | C] (IBM) -- C:\WINDOWS\System32\IBMJavaPlugin142.cpl
[2012/01/12 00:41:54 | 000,042,032 | ---- | C] (IBM) -- C:\WINDOWS\System32\javaw.exe
[2012/01/12 00:41:54 | 000,042,032 | ---- | C] (IBM) -- C:\WINDOWS\System32\java.exe
[2012/01/12 00:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Java Web Start v1.4.2
[2012/01/12 00:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\IBM
[2012/01/12 00:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect
[2012/01/12 00:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI HYDRAVISION
[2012/01/12 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/01/12 00:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2012/01/12 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2012/01/12 00:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/01/12 00:35:00 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2012/01/12 00:35:00 | 000,030,208 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2012/01/12 00:34:59 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2012/01/12 00:34:59 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/01/12 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/01/12 00:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2012/01/12 00:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2012/01/12 00:34:30 | 000,049,152 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4ex.cpl
[2012/01/12 00:34:30 | 000,040,960 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\TP4HOOK.dll
[2012/01/12 00:34:30 | 000,040,960 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\tp4cross.exe
[2012/01/12 00:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Virtual Token
[2012/01/12 00:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\IBM fingerprint software
[2012/01/12 00:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/12 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/01/12 00:30:37 | 000,034,816 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\TP98.CPL
[2012/01/12 00:30:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SMAPINT.SYS
[2012/01/12 00:27:46 | 000,014,208 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys
[2012/01/12 00:27:46 | 000,006,016 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPInput.sys
[2012/01/12 00:27:15 | 000,479,232 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\TpShCPL.dll
[2012/01/12 00:27:15 | 000,118,784 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\TpShCPL.cpl
[2012/01/12 00:27:15 | 000,053,248 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\Sensor.dll
[2012/01/12 00:27:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/01/12 00:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2012/01/12 00:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM
[2012/01/12 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/01/12 00:23:44 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/01/12 00:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/01/12 00:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/01/12 00:23:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/01/12 00:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012/01/12 00:21:59 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/01/12 00:19:09 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2012/01/12 00:18:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2012/01/12 00:17:58 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2012/01/12 00:17:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2012/01/12 00:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/01/11 12:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/01/11 12:39:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Videos
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/18 19:23:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
[2012/01/18 18:21:19 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/18 18:21:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/18 18:20:40 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 18:00:01 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\ms.job
[2012/01/18 17:15:51 | 056,512,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/18 17:10:05 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2012/01/18 17:03:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/01/18 01:43:07 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\lenovo\Desktop\spybotsd162.exe
[2012/01/17 22:28:42 | 000,000,082 | ---- | M] () -- C:\WINDOWS\System32\b47ba4aaf4ec251c654c457c
[2012/01/17 22:20:11 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\161175155
[2012/01/17 21:46:28 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\lenovo\Desktop\ÌÔ±¦¹ºÎï.url
[2012/01/17 21:46:28 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\lenovo\Desktop\Ãâ·Ñ¸ßÇåµçÓ°.url
[2012/01/17 20:28:19 | 000,523,550 | ---- | M] () -- C:\WINDOWS\System32\360rpj
[2012/01/17 02:04:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/16 20:27:43 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\asr_wlctc
[2012/01/16 20:24:26 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/16 20:24:26 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/16 20:24:12 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\asr_fanay
[2012/01/16 20:24:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\asr_02611.exe
[2012/01/16 20:23:03 | 000,000,500 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/16 19:52:04 | 004,046,368 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lenovo\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/16 19:45:48 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dataone.lnk
[2012/01/16 19:01:31 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/16 17:41:15 | 000,002,086 | ---- | M] () -- C:\WINDOWS\System32\SMBIOS.bin
[2012/01/16 17:40:07 | 000,000,176 | ---- | M] () -- C:\WINDOWS\x
[2012/01/16 17:38:17 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1_TP.MRK
[2012/01/16 17:38:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/15 13:24:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 01:16:02 | 000,001,383 | ---- | M] () -- C:\SYSLEVEL.IBM
[2012/01/12 01:16:00 | 000,002,481 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/01/12 01:02:52 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 01:02:41 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1.MRK
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2012/01/12 01:02:37 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\firstboot.ibm
[2012/01/12 01:02:18 | 000,002,410 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/12 00:59:59 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/01/12 00:55:12 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/01/12 00:55:08 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/01/12 00:52:42 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2012/01/12 00:49:44 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2012/01/12 00:49:24 | 000,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2012/01/12 00:49:24 | 000,013,184 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\psadd.sys
[2012/01/12 00:43:16 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/12 00:40:04 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/01/12 00:40:00 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\lenovo\Local Settings\Application Data\fusioncache.dat
[2012/01/12 00:28:12 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
[2012/01/12 00:23:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/12 00:23:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/12 00:23:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/11 12:39:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 17:15:51 | 056,512,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/18 17:03:52 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/01/17 21:46:28 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\ÌÔ±¦¹ºÎï.url
[2012/01/17 21:46:27 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\Ãâ·Ñ¸ßÇåµçÓ°.url
[2012/01/17 20:26:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\161175155
[2012/01/17 20:26:22 | 000,176,128 | R--- | C] () -- C:\WINDOWS\b12d.flv
[2012/01/17 20:26:21 | 000,000,246 | ---- | C] () -- C:\WINDOWS\tasks\ms.job
[2012/01/17 20:22:33 | 000,523,550 | ---- | C] () -- C:\WINDOWS\System32\360rpj
[2012/01/17 20:22:09 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\b47ba4aaf4ec251c654c457c
[2012/01/16 20:27:43 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\asr_wlctc
[2012/01/16 20:24:13 | 013,309,128 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\dap97.exe
[2012/01/16 20:24:12 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\asr_fanay
[2012/01/16 20:24:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_02611.exe
[2012/01/16 20:23:56 | 109,703,885 | ---- | C] () -- C:\Documents and Settings\lenovo\My Documents\avgupdate.bin
[2012/01/16 19:45:48 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dataone.lnk
[2012/01/16 17:46:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/01/16 17:39:39 | 000,000,176 | ---- | C] () -- C:\WINDOWS\x
[2012/01/16 17:38:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/12 01:16:02 | 000,001,383 | ---- | C] () -- C:\SYSLEVEL.IBM
[2012/01/12 01:16:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/01/12 01:11:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2012/01/12 01:02:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1.MRK
[2012/01/12 01:02:37 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\firstboot.ibm
[2012/01/12 01:02:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Remote Assistance.lnk
[2012/01/12 01:02:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Windows Media Player.lnk
[2012/01/12 01:02:33 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 01:02:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Internet Explorer.lnk
[2012/01/12 01:02:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Outlook Express.lnk
[2012/01/12 01:02:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\lenovo\Local Settings\Application Data\fusioncache.dat
[2012/01/12 01:02:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 01:00:08 | 000,002,410 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/12 00:59:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/01/12 00:55:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/01/12 00:54:39 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/12 00:54:37 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2012/01/12 00:54:37 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2012/01/12 00:52:42 | 000,000,000 | -H-- | C] () -- C:\BOOTLOG.PRV
[2012/01/12 00:51:28 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2012/01/12 00:49:43 | 000,000,308 | ---- | C] () -- C:\ccrrec.ver
[2012/01/12 00:49:35 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2012/01/12 00:44:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/01/12 00:44:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/01/12 00:44:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/01/12 00:44:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/01/12 00:44:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/01/12 00:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/01/12 00:43:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/12 00:41:53 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Java Plug-in Control Panel 1.4.2.lnk
[2012/01/12 00:41:04 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/01/12 00:40:00 | 000,000,656 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/01/12 00:39:54 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2012/01/12 00:36:40 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/01/12 00:34:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2012/01/12 00:34:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2012/01/12 00:34:30 | 000,005,928 | ---- | C] () -- C:\WINDOWS\System32\TP4LATCH.WAV
[2012/01/12 00:34:30 | 000,004,458 | ---- | C] () -- C:\WINDOWS\System32\TP4CLICK.WAV
[2012/01/12 00:30:37 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2012/01/12 00:29:06 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2012/01/12 00:28:45 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1_TP.MRK
[2012/01/12 00:28:10 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
[2012/01/12 00:27:46 | 000,002,086 | ---- | C] () -- C:\WINDOWS\System32\SMBIOS.bin
[2012/01/12 00:27:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2012/01/12 00:20:32 | 535,285,760 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/11 12:39:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2005/05/25 12:02:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/05 04:02:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/05/05 04:02:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/04/27 23:23:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/27 23:23:10 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/09 14:32:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2004/11/09 06:42:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 00:33:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 00:31:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 00:21:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 00:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 00:15:31 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/09 19:40:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/04/11 05:34:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/11/15 03:26:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 20:56:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 20:54:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 13:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 13:30:00 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 13:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 13:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 13:30:00 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[1980/01/01 13:30:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980/01/01 13:30:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 13:30:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 13:30:00 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 13:30:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 13:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 13:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 13:30:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 13:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 13:30:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 13:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Edited by Shockwave#, 18 January 2012 - 08:02 AM.

  • 0

Advertisements

#2
RKinner
Posted 18 January 2012 - 10:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL

SRV - File not found [Disabled | Stopped] -- -- (Windows Hosts Controller)
SRV - File not found [Disabled | Stopped] -- -- (PsaSrv)
SRV - File not found [Disabled | Stopped] -- -- (PrtSmanm)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtehdi)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtecgx)
SRV - File not found [Disabled | Stopped] -- -- (MSUpdqtebdr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (Gvbutu Xobghuro Jpo)
SRV - File not found [Disabled | Stopped] -- -- (Fkrkk456)
SRV - File not found [Disabled | Stopped] -- -- (FireFox)
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutopLay\comMand - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutoRun\command - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\exPLorE\ComMAnd - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\oPen\coMManD - "" = E:\pmoen.exe
[2012/01/17 21:46:28 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\ÌÔ±¦¹ºÎï.url
[2012/01/17 21:46:27 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\Ãâ·Ñ¸ßÇåµçÓ°.url
[2012/01/17 20:26:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\161175155
[2012/01/17 20:26:22 | 000,176,128 | R--- | C] () -- C:\WINDOWS\b12d.flv
[2012/01/17 20:26:21 | 000,000,246 | ---- | C] () -- C:\WINDOWS\tasks\ms.job
[2012/01/17 20:22:33 | 000,523,550 | ---- | C] () -- C:\WINDOWS\System32\360rpj
[2012/01/17 20:22:09 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\b47ba4aaf4ec251c654c457c

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Todd\Local Settings\Application Data\*.exe
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
Shockwave#
Posted 18 January 2012 - 12:17 PM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
a) Failed to get a log file after system reboot on running OTL, as described by you.
---I tried it twice, but i didnot get any log file.

b) On running COMBOFIX.EXE, i was greeted with a BLUE SCREEN ERROR and the system restarted.

c) I did not continue further and thought to let you know about my other findings.

d) I updated my AVG anti-virus. And I found that my system was also infected with SALITY virus. I Checked about it on the internet and I was shocked!

e) I did run AVG SALITY REMOVAL tool for about 2hours and then i stopped it to run your tests.
  • 0

#4
RKinner
Posted 18 January 2012 - 12:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Sality does not sound good. Might be faster to just wipe the drive and start over.

Run OTL again, Quickscan and post the log if you get one.

You might have better luck with Combofix in Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

If that doesn't work then try:

Start, Run, cmd, OK and type with an enter after the line:

"%userprofile%\Desktop\combofix.exe" /killall

(Make sure you put a space before the /killall)
  • 0

#5
Shockwave#
Posted 18 January 2012 - 01:35 PM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
RESULTS OF OTL QUICKFIX:



OTL logfile created on: 1/19/2012 12:52:08 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\lenovo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.42 Mb Total Physical Memory | 27.91 Mb Available Physical Memory | 5.47% Memory free
1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.39% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.51 Gb Total Space | 61.58 Gb Free Space | 87.34% Space Free | Partition Type: NTFS

Computer Name: IBM-4C373ABB3F2 | User Name: lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 00:52:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
PRC - [2012/01/18 20:54:48 | 006,097,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/09/15 05:29:10 | 003,987,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2005/05/25 12:11:58 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2005/03/18 16:37:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/08/04 18:30:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2005/05/25 12:12:58 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2005/04/27 23:23:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
MOD - [2005/04/13 14:31:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005/04/13 14:31:00 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/03/19 12:40:38 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2004/08/13 09:41:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/18 20:54:48 | 006,097,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2005/03/18 16:37:00 | 000,077,824 | ---- | M] (IBM Corp.) [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/08/11 14:16:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2003/07/12 07:49:22 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 00:49:24 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 04:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2005/05/25 12:29:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/05/25 12:28:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/05/25 12:27:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/05/25 12:27:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/05/25 11:53:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/05/17 16:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/05/11 11:37:44 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/27 23:57:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/04/22 06:14:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11)
DRV - [2005/04/13 14:31:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/04/13 06:01:28 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\IBM fingerprint software\smihlp.sys -- (SmiHlp)
DRV - [2005/03/18 16:37:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/03/18 16:37:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/03/18 16:37:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/03/18 06:00:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/14 21:30:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/02/02 06:30:42 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2005/01/21 15:10:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/01/21 15:10:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/12/03 05:44:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/03 05:24:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/11/11 06:17:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/11 06:16:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/11 06:15:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/10/15 23:50:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/09/19 15:17:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/01/18 16:13:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/18 23:32:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63159DB7-2B34-4842-8EC9-B9D4112D2B32}: NameServer = 218.248.255.194 218.248.255.197
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\IBM fingerprint software\psfus.dll) - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\1024 x 768 IBM Americas Map.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 00:51:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
[2012/01/18 23:41:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/18 23:41:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/18 23:41:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/18 23:41:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/18 23:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/18 23:41:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/18 23:41:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/18 23:41:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu\Programs\Administrative Tools
[2012/01/18 23:41:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/18 23:22:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/18 20:39:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/18 17:12:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/01/18 17:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\AVG10
[2012/01/18 17:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2012/01/18 16:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Desktop\AVG_Internet_Security 2011_v 10.0.1120(x86)_sav23
[2012/01/18 16:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/18 16:13:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/01/18 16:13:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/18 16:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/01/18 01:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/18 01:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/18 01:42:07 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\lenovo\Desktop\spybotsd162.exe
[2012/01/17 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\My Documents\My Received Files
[2012/01/17 22:37:19 | 000,000,000 | ---D | C] -- C:\b84e0d666048e34107
[2012/01/17 22:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 20:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/01/17 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\t(2)
[2012/01/17 20:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CPAPP
[2012/01/17 20:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\iexplore
[2012/01/17 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData(2)
[2012/01/17 16:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/01/17 02:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/01/17 02:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/01/17 01:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\IECompatCache
[2012/01/16 23:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\PrivacIE
[2012/01/16 23:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/01/16 23:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2012/01/16 23:47:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\IETldCache
[2012/01/16 23:40:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/16 23:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/01/16 20:41:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/16 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hfpu
[2012/01/16 20:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X
[2012/01/16 20:02:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/16 19:51:39 | 000,218,112 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\lenovo\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/16 19:50:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/01/16 19:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Macromedia
[2012/01/16 19:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/01/16 18:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/01/16 18:02:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/01/16 18:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/01/16 18:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/01/16 18:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/16 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/16 17:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/01/16 17:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\Microsoft Help
[2012/01/16 17:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/16 17:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/01/16 17:55:17 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/01/16 17:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/01/16 17:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2012/01/16 17:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/01/12 01:15:16 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2012/01/12 01:10:08 | 000,000,000 | ---D | C] -- C:\IBMTOOLS
[2012/01/12 01:02:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\lenovo\Application Data\Microsoft
[2012/01/12 01:02:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\lenovo\Cookies
[2012/01/12 01:02:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\Recent
[2012/01/12 01:02:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\Application Data
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Pictures
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Music
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents
[2012/01/12 01:02:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Favorites
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\PrintHood
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\NetHood
[2012/01/12 01:02:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\Local Settings
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Symantec
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Sonic
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\Microsoft
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\Identities
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Application Data\IBM
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Desktop
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\BVRP Software
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Bluetooth Software
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\My Documents\Bluetooth Exchange Folder
[2012/01/12 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lenovo\Local Settings\Application Data\ApplicationHistory
[2012/01/12 01:02:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lenovo\SendTo
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu\Programs\Startup
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu
[2012/01/12 01:02:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\Start Menu\Programs\Accessories
[2012/01/12 01:02:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lenovo\Templates
[2012/01/12 01:01:30 | 000,000,000 | ---D | C] -- C:\RRUbackups
[2012/01/12 00:55:27 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/01/12 00:51:29 | 000,577,536 | ---- | C] (IBM) -- C:\WINDOWS\System32\tvt_gina.dll
[2012/01/12 00:51:29 | 000,282,624 | ---- | C] (IBM) -- C:\WINDOWS\System32\tvt_gina_api.dll
[2012/01/12 00:49:53 | 000,000,000 | ---D | C] -- C:\IBMSHARE
[2012/01/12 00:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2012/01/12 00:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2012/01/12 00:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ibm
[2012/01/12 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD Creator
[2012/01/12 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2012/01/12 00:44:10 | 000,000,000 | ---D | C] -- C:\icons
[2012/01/12 00:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC-Doctor for Windows
[2012/01/12 00:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC-Doctor for Windows
[2012/01/12 00:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM DLA
[2012/01/12 00:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dla
[2012/01/12 00:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\IBM DLA
[2012/01/12 00:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic
[2012/01/12 00:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2012/01/12 00:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM RecordNow!
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2012/01/12 00:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\IBM RecordNow!
[2012/01/12 00:42:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\thinkpad_features
[2012/01/12 00:41:54 | 000,061,440 | ---- | C] (IBM) -- C:\WINDOWS\System32\IBMJavaPlugin142.cpl
[2012/01/12 00:41:54 | 000,042,032 | ---- | C] (IBM) -- C:\WINDOWS\System32\javaw.exe
[2012/01/12 00:41:54 | 000,042,032 | ---- | C] (IBM) -- C:\WINDOWS\System32\java.exe
[2012/01/12 00:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Java Web Start v1.4.2
[2012/01/12 00:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\IBM
[2012/01/12 00:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect
[2012/01/12 00:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI HYDRAVISION
[2012/01/12 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/01/12 00:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2012/01/12 00:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2012/01/12 00:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/01/12 00:34:59 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/01/12 00:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/01/12 00:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2012/01/12 00:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2012/01/12 00:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Virtual Token
[2012/01/12 00:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\IBM fingerprint software
[2012/01/12 00:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/12 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/01/12 00:27:05 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/01/12 00:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2012/01/12 00:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM
[2012/01/12 00:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/01/12 00:23:44 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/01/12 00:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/01/12 00:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/01/12 00:23:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/01/12 00:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012/01/12 00:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/01/11 12:43:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/01/11 12:39:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\lenovo\My Documents\My Videos
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 00:52:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lenovo\Desktop\OTL.exe
[2012/01/19 00:47:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/19 00:47:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 00:47:20 | 535,285,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/18 23:54:02 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI
[2012/01/18 23:32:16 | 000,621,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/01/18 23:32:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/18 21:08:32 | 013,229,056 | ---- | M] () -- C:\Documents and Settings\lenovo\Desktop\dap97.exe
[2012/01/18 21:06:35 | 000,218,112 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\lenovo\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/18 20:11:59 | 056,533,354 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/18 17:03:52 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/01/18 01:43:07 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\lenovo\Desktop\spybotsd162.exe
[2012/01/17 02:04:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/16 20:27:43 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\asr_wlctc
[2012/01/16 20:24:26 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/16 20:24:26 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/16 20:24:12 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\asr_fanay
[2012/01/16 20:24:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\asr_02611.exe
[2012/01/16 20:23:03 | 000,000,500 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/16 19:45:48 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dataone.lnk
[2012/01/16 19:01:31 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/16 17:41:15 | 000,002,086 | ---- | M] () -- C:\WINDOWS\System32\SMBIOS.bin
[2012/01/16 17:40:07 | 000,000,176 | ---- | M] () -- C:\WINDOWS\x
[2012/01/16 17:38:17 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1_TP.MRK
[2012/01/16 17:38:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/15 13:24:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/12 01:16:02 | 000,001,383 | ---- | M] () -- C:\SYSLEVEL.IBM
[2012/01/12 01:16:00 | 000,002,481 | ---- | M] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/01/12 01:02:52 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 01:02:41 | 000,000,047 | ---- | M] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1.MRK
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2012/01/12 01:02:41 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2012/01/12 01:02:37 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\firstboot.ibm
[2012/01/12 01:02:18 | 000,002,410 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/12 00:59:59 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/01/12 00:55:12 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012/01/12 00:55:08 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/01/12 00:52:42 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2012/01/12 00:49:44 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2012/01/12 00:49:24 | 000,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2012/01/12 00:43:16 | 000,000,138 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/12 00:40:04 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/01/12 00:40:00 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\lenovo\Local Settings\Application Data\fusioncache.dat
[2012/01/12 00:28:12 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
[2012/01/12 00:23:14 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/12 00:23:14 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/12 00:23:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/11 12:39:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 23:41:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/18 23:41:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/18 23:41:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/18 23:41:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/18 23:41:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/18 23:32:16 | 000,621,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/01/18 20:11:59 | 056,533,354 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/18 17:03:52 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/01/16 20:27:43 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\asr_wlctc
[2012/01/16 20:24:13 | 013,229,056 | ---- | C] () -- C:\Documents and Settings\lenovo\Desktop\dap97.exe
[2012/01/16 20:24:12 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\asr_fanay
[2012/01/16 20:24:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_02611.exe
[2012/01/16 20:23:56 | 109,703,885 | ---- | C] () -- C:\Documents and Settings\lenovo\My Documents\avgupdate.bin
[2012/01/16 19:45:48 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dataone.lnk
[2012/01/16 17:46:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\drivers\verfile.tic
[2012/01/16 17:39:39 | 000,000,176 | ---- | C] () -- C:\WINDOWS\x
[2012/01/16 17:38:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/12 01:16:02 | 000,001,383 | ---- | C] () -- C:\SYSLEVEL.IBM
[2012/01/12 01:16:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/01/12 01:11:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2012/01/12 01:02:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1.MRK
[2012/01/12 01:02:37 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\firstboot.ibm
[2012/01/12 01:02:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Remote Assistance.lnk
[2012/01/12 01:02:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Windows Media Player.lnk
[2012/01/12 01:02:33 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 01:02:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Internet Explorer.lnk
[2012/01/12 01:02:33 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\lenovo\Start Menu\Programs\Outlook Express.lnk
[2012/01/12 01:02:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\lenovo\Local Settings\Application Data\fusioncache.dat
[2012/01/12 01:02:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/12 01:00:08 | 000,002,410 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/12 00:59:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/01/12 00:55:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/01/12 00:54:39 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/12 00:54:37 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2012/01/12 00:54:37 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2012/01/12 00:52:42 | 000,000,000 | -H-- | C] () -- C:\BOOTLOG.PRV
[2012/01/12 00:51:28 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2012/01/12 00:49:43 | 000,000,308 | ---- | C] () -- C:\ccrrec.ver
[2012/01/12 00:49:35 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2012/01/12 00:44:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2012/01/12 00:44:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2012/01/12 00:44:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2012/01/12 00:44:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2012/01/12 00:44:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2012/01/12 00:44:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2012/01/12 00:43:15 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/12 00:41:53 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Java Plug-in Control Panel 1.4.2.lnk
[2012/01/12 00:41:04 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/01/12 00:40:00 | 000,000,656 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/01/12 00:39:54 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2012/01/12 00:36:40 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2012/01/12 00:34:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2012/01/12 00:34:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2012/01/12 00:34:30 | 000,005,928 | ---- | C] () -- C:\WINDOWS\System32\TP4LATCH.WAV
[2012/01/12 00:34:30 | 000,004,458 | ---- | C] () -- C:\WINDOWS\System32\TP4CLICK.WAV
[2012/01/12 00:30:37 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2012/01/12 00:29:06 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2012/01/12 00:28:45 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_2668_NQ1_TP.MRK
[2012/01/12 00:28:10 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
[2012/01/12 00:27:46 | 000,002,086 | ---- | C] () -- C:\WINDOWS\System32\SMBIOS.bin
[2012/01/12 00:27:05 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2012/01/12 00:20:32 | 535,285,760 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/11 12:39:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\lenovo\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2005/05/25 12:02:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/05/05 04:02:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/05/05 04:02:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/04/27 23:23:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/27 23:23:10 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/09 14:32:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2004/11/09 06:42:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 00:33:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 00:31:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 00:21:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 00:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 00:15:31 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/09 19:40:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/04/11 05:34:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2001/11/15 03:26:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 20:56:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 20:54:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 13:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 13:30:00 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 13:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 13:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 13:30:00 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[1980/01/01 13:30:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980/01/01 13:30:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 13:30:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 13:30:00 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 13:30:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 13:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 13:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 13:30:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 13:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 13:30:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 13:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/01/18 23:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/01/16 20:41:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/12 00:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2012/01/18 16:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 22:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData(2)
[2012/01/16 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/01/17 22:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\t(2)
[2012/01/18 17:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lenovo\Application Data\AVG10
[2012/01/16 19:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lenovo\Application Data\IBM
[2012/01/19 00:47:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



< End of report >








IF YOU WANT ME TO RUN COMBOFIX AGAIN, PLEASE LET ME KNOW.
  • 0

#6
RKinner
Posted 18 January 2012 - 01:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please try CF again. Either in Safe Mode with Networking or with the /killall option. We need to get it working.
  • 0

#7
Shockwave#
Posted 18 January 2012 - 02:56 PM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
1) I cannot boot into any of the safe modes. I end up with blue screen errors.

2) CF at some stage or the other, also leads to a blue screen error.

3) I was issued a warning from the CF setup, "setup might be compromised by a file patching virus, VIRUT, please get a fresh copy".

Thank you so much for your help.
I guess I will have to wipe the HD and start all over again.

Please suggest me a good Anti-virus/malware/etc software that I can buy and other precautions that I should take to make sure I do not end up in this situation again.

Thanking you once again!

-Shockwave#

P.S.- You may close/remove this thread if you wish to...
  • 0

#8
RKinner
Posted 18 January 2012 - 03:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
VIRUT is pretty much fatal. We usually recommend wiping the drive and reloading. Some people have reported that the AVG rescue disk (made on a clean PC) is able to kill it but it does a lot of damage to your files so there is not much to rescue. http://www.geekstogo...ystem-tutorial/

When you reload the drive do not plug in the USB drive until after you have gotten SP3 and all updates. There is a good chance that it is infected. Your original OTL log showed:

O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutopLay\comMand - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\AutoRun\command - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\exPLorE\ComMAnd - "" = E:\pmoen.exe
O33 - MountPoints2\{d1df80fc-41c0-11e1-9549-000e9b9d9d58}\Shell\oPen\coMManD - "" = E:\pmoen.exe


pmoen.exe does not google as a good guy and the odd capitals in the last two look like script kiddy.



Kaspersky is probably the best anti-virus right now but it is rather expensive and there are some setup problems with different browsers which make it a pain to install.

I use the free Avast and for people who are a bit paranoid I also recommend the free Online Armor.

I would download Avast
http://www.avast.com...ivirus-download

and Online Armor
http://www.online-armor.com/

setup files using a clean PC and put them on a CD or a clean USB drive.

Then follow the steps on
http://www.geekstogo...all-of-windows/
starting with
FORMATING PARTITIONING AND INSTALLING

Once you get Windows installed, then install Avast and Online Armor before you connect it to the Internet. (Avast will need to access the internet to get its updates - its files usually start with as so when Online Armor asks you if it is OK say remember the answer and OK.)

As soon as you connect go to windows updates (Open IE and under Tools is a link to Windows Updates) Keep going back until there are no more updates available. Make sure you register with Avast or it will expire in 30 days or so. You will need to reregister in a year or so. They will try and talk you into the paid version but you can still reregister for the free version.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

Ron
  • 0

#9
Shockwave#
Posted 19 January 2012 - 05:48 AM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Respected Sir,

Thank you so much for your prompt help! :)

If i am not so curious, are all the moderators of these forums, representatives of the various anti-virus s/w making giants or are all of you plain hobbyists?

Seasons greetings!!

With respects,
--Shockwave#
  • 0

#10
Shockwave#
Posted 19 January 2012 - 05:57 AM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I am using an IBM T43 laptop.
It has a built IN Rescue & Recovery Button
I wanted to ask whether restoring to original factory settings will OVERWRITE the disk or will it FORMAT and THEN INSTALL EVERYTHING?
  • 0

#11
RKinner
Posted 19 January 2012 - 09:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

are all the moderators of these forums, representatives of the various anti-virus s/w making giants or are all of you plain hobbyists?


Hobbyists - but we do have special training. Geekstogo has its own "Geek University" where volunteers can learn to fight malware.

Rescue & Recovery Button
I wanted to ask whether restoring to original factory settings will OVERWRITE the disk or will it FORMAT and THEN INSTALL EVERYTHING?


I think it cleans out the primary partition and makes it look like it did when in left the factory. It's not as good as deleting all partitions and starting from scratch with the Windows Disk as malware has been known to create its own partition or to infect the MBR. Your infection is normally not one that does that so Rescue & Recovery should be OK.
  • 0

#12
Shockwave#
Posted 19 January 2012 - 11:12 AM

Shockwave#

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you Sir!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP