Infected with virus cannot remove

View previous topic View next topic Go down

Infected with virus cannot remove

Post by greich2 on 8th February 2010, 6:56 pm

I have been infected with the win32 nuqle.e/bankerfox.a virus. I have tried ad-aware, AVG, Malaware. nȯne of them have worked. I also tried downloading the new JAVA platform on a flash drive, it says it installed, but with parts that have failed. Please advise.

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by Belahzur on 8th February 2010, 8:13 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 8th February 2010, 8:57 pm

OTL logfile created on: 2/8/2010 3:32:39 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\freich.freich-us\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 3.88 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive D: | 69.16 Gb Total Space | 64.73 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: freich-us
Current User Name: freich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
PRC - [2010/02/06 12:20:20 | 000,279,808 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe
PRC - [2010/01/14 09:12:08 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/02 19:02:50 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/02 13:25:41 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/02 13:11:21 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/02 13:11:05 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/02 13:11:05 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/02 13:11:04 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/02 13:11:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 14:41:22 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2007/04/17 14:30:58 | 000,960,512 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2007/02/26 17:34:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/02/26 17:34:28 | 000,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/02/26 17:33:56 | 000,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/02/26 17:33:46 | 000,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2006/08/01 19:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/05/10 14:03:44 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/04/21 14:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/03/23 00:10:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/02/24 01:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/14 13:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 13:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/11/07 11:14:16 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/10/25 23:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/08/01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 13:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/06/16 17:15:34 | 000,444,160 | ---- | M] (Zone Labs LLC) -- C:\Program Files\Zone Labs\Integrity Client\iclient.exe
PRC - [2005/05/20 04:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2001/10/08 12:59:36 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/08/23 12:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
MOD - [2006/02/14 13:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMDM PMSP Service)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [On_Demand | Stopped] -- -- (awhost32)
SRV - [2010/01/14 09:12:08 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/01/02 19:02:50 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/02 13:11:04 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/02 13:11:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/04/13 19:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/04/17 14:30:58 | 000,960,512 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/08/01 19:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/04/21 14:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2004/12/16 16:42:04 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/02 13:11:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/02 13:11:36 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/02 13:11:08 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/02 13:11:08 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/01/02 13:11:05 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/02 13:11:04 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/01/02 13:11:04 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/01/02 13:11:04 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/01/02 13:10:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/01/02 13:10:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/28 21:23:24 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/02 10:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/26 18:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/12/22 10:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 10:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 10:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/01 19:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/19 13:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/04/25 19:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/25 19:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2006/04/20 07:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/03/23 00:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/02/14 13:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/31 06:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/01/17 00:52:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/01/17 00:52:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/12/06 07:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/04 22:55:30 | 001,428,096 | ---- | M] (Intelģ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 15:58:00 | 000,085,760 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/11/30 09:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/11 00:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/10/12 08:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/08/18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/08/01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 03:30:00 | 000,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 05:10:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/05 13:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 12:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/06/16 17:23:36 | 000,203,272 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/06/07 09:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/06/07 09:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/05/17 06:20:06 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/10/19 16:50:10 | 000,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/03/05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/11/17 18:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/10/23 09:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2002/11/12 10:02:20 | 000,099,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R)
DRV - [2002/06/21 07:45:58 | 000,069,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/06/21 07:45:48 | 000,090,784 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2001/08/23 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/09/01 08:11:06 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEMNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.oracle.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.01
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/02 13:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/02 13:11:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 14:42:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/06 14:42:49 | 000,000,000 | ---D | M]

[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Extensions
[2010/02/08 10:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Firefox\Profiles\b6at4lbb.default\extensions
[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Firefox\Profiles\b6at4lbb.default\extensions\fsonlinescanner@f-secure.com
[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntpgds] C:\WINDOWS\ORCLOBI\synctime.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe ()
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\Integrity Client\iclient.exe (Zone Labs LLC)
O4 - HKCU..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk = C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\microsoft office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\oracle1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\oracle1024x768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/04 09:52:28 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/08 11:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/08 10:49:43 | 001,582,189 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe.part
[2010/02/07 20:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/07 16:20:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 16:20:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 16:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/07 09:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/06 17:13:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\freich.freich-us\Desktop\mbam-setup.exe
[2010/02/06 15:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\My Documents\Downloads
[2010/02/06 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\AVG Security Toolbar
[2010/02/06 14:41:42 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\freich.freich-us\Desktop\Firefox Setup 3.6.exe
[2010/02/06 14:30:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
[2010/02/06 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu
[2010/02/02 00:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Application Data\AVG9
[2010/02/02 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 19:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2009/12/10 20:24:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/10 20:24:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/03 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2007/07/03 20:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/03 20:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/08 15:34:01 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/08 15:34:01 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/08 15:34:01 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 15:32:43 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/08 15:32:36 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/02/08 15:32:32 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/08 15:32:29 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/02/08 15:32:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/08 11:56:51 | 000,000,579 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/08 11:56:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/08 11:56:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/08 11:56:26 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 11:55:10 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\freich.freich-us\ntuser.dat
[2010/02/08 11:55:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\freich.freich-us\ntuser.ini
[2010/02/08 11:55:01 | 003,769,162 | -H-- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\IconCache.db
[2010/02/08 11:13:39 | 001,582,189 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe.part
[2010/02/08 10:49:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 10:14:32 | 000,000,355 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\syssvc.exe
[2010/02/07 20:53:21 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Desktop\esetsmartinstaller_enu.exe
[2010/02/07 19:41:00 | 055,244,748 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/07 16:20:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 10:05:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/06 17:14:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\freich.freich-us\Desktop\mbam-setup.exe
[2010/02/06 14:42:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/06 14:41:37 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\freich.freich-us\Desktop\Firefox Setup 3.6.exe
[2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
[2010/02/04 18:17:30 | 000,563,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/01/19 21:09:09 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/19 19:23:16 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 15:32:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/02/08 10:49:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 10:14:32 | 000,000,355 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\syssvc.exe
[2010/02/07 20:53:12 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Desktop\esetsmartinstaller_enu.exe
[2010/02/07 16:20:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 10:34:06 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/07 10:05:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 19:31:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/07/10 07:53:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2007/07/03 19:19:40 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007/03/21 13:03:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/21 13:00:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/03/21 13:00:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/03/21 13:00:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/03/21 12:59:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2007/03/21 12:59:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2007/03/21 09:10:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\BJLOG.INI
[2007/02/26 19:34:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2006/11/09 13:03:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/06 20:42:46 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/11/06 18:28:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/06 18:25:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/11/06 18:16:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/11/06 18:16:55 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/11/06 16:19:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/06 16:19:42 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/06 16:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/11/06 16:17:09 | 000,012,500 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/08/01 19:13:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/20 07:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/01/30 10:54:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/06 10:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/06/25 00:38:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2003/01/31 08:49:26 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Unicode (All) ==========
[2010/01/06 10:41:51 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?‘) -- C:\WINDOWS\System32\‘
[2010/01/06 10:41:51 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?‘) -- C:\WINDOWS\System32\‘

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 8th February 2010, 8:58 pm

OTL Extras logfile created on: 2/8/2010 3:32:39 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\freich.freich-us\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 3.88 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive D: | 69.16 Gb Total Space | 64.73 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: freich-us
Current User Name: freich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" =
"{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D25122BC-A60E-4663-B602-B01718F12044}" = Cisco Systems VPN Client 4.8.01.0300
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"Ad-Aware" = Ad-Aware
"Adobe Acrobat Reader 7.0.5" = Adobe Acrobat Reader 7.0.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer 3.0" = Adobe SVG Viewer 3.0
"AOL Instant Messenger" = AOL Instant Messenger
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner (remove only)
"Cisco VPN Client 4.8" = Cisco VPN Client 4.8
"Cisco VPN Client 4.8.01.0300" = Cisco VPN Client 4.8.01.0300
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp officejet 7100 series 1184072031" = hp officejet 7100 series
"HP Photo Printing Software" = HP Photo Printing Software
"ie8" = Windows Internet Explorer 8
"Integrity Client" = Integrity Client
"InterActual Player" = InterActual Player
"Internet Explorer" = Internet Explorer
"Java Runtime Environment v1.5.0_08" = Java Runtime Environment v1.5.0_08
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Mediaplayer Configurationscript" = Microsoft Mediaplayer Configurationscript
"MigrationAssistant 2.1.3" = MigrationAssistant 2.1.3
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Oracle Calendar 10.1.2.3" = Oracle Calendar 10.1.2.3
"Oracle Data Protection 1.4.0.0" = Oracle Data Protection 1.4.0.0
"PcAnyWhere 11.5 HostLAN" = PcAnyWhere 11.5 HostLAN
"Power Management Driver" = ThinkPad Power Management Driver
"PrimoPDF2.0" = PrimoPDF
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"RealPlayer" = RealPlayer
"Remove Multimedia Center" = Sonic Software Uninstaller
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visio Viewer 2003" = Visio Viewer 2003
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WinZip 10" = WinZip 10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE" = WinZip Command Line Support Add-On 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/7/2010 9:31:04 PM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDBCC.tmp". File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 2/7/2010 9:31:04 PM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 2/7/2010 9:31:08 PM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\freich-us.ldb" was
corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDBCD.tmp". File "C:\WINDOWS\Internet
Logs\freich-us.ldb" was corrupt and has been deleted.

Error - 2/7/2010 9:33:32 PM | Computer Name = freich-us | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/8/2010 11:13:36 AM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDBCE.tmp". File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 2/8/2010 11:13:36 AM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 2/8/2010 11:13:37 AM | Computer Name = freich-us | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\freich-us.ldb" was
corrupt and has been copied to "C:\WINDOWS\Internet Logs\xDBCF.tmp". File "C:\WINDOWS\Internet
Logs\freich-us.ldb" was corrupt and has been deleted.

Error - 2/8/2010 12:39:19 PM | Computer Name = freich-us | Source = MsiInstaller | ID = 11719
Description = Product: Java(TM) 6 Update 18 -- Error 1719.The Windows Installer
Service could not be accessed. This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly installed. Contact your support
personnel for assistance.

Error - 2/8/2010 12:46:56 PM | Computer Name = freich-us | Source = MsiInstaller | ID = 10005
Description = Product: Java(TM) 6 Update 18 -- Error 26066. Unpacking jsse failed.

Error - 2/8/2010 12:47:04 PM | Computer Name = freich-us | Source = MsiInstaller | ID = 11719
Description = Product: Java(TM) 6 Update 18 -- Error 1719.The Windows Installer
Service could not be accessed. This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly installed. Contact your support
personnel for assistance.

[ System Events ]
Error - 2/8/2010 12:41:24 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The WMDM PMSP Service service failed to start due to the following
error: %%2

Error - 2/8/2010 12:49:05 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/8/2010 12:49:05 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The PMEMNT service failed to start due to the following error: %%2

Error - 2/8/2010 12:49:05 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The WMDM PMSP Service service failed to start due to the following
error: %%2

Error - 2/8/2010 12:52:02 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/8/2010 12:52:02 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The PMEMNT service failed to start due to the following error: %%2

Error - 2/8/2010 12:52:02 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The WMDM PMSP Service service failed to start due to the following
error: %%2

Error - 2/8/2010 12:56:41 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 2/8/2010 12:56:41 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The PMEMNT service failed to start due to the following error: %%2

Error - 2/8/2010 12:56:41 PM | Computer Name = freich-us | Source = Service Control Manager | ID = 7000
Description = The WMDM PMSP Service service failed to start due to the following
error: %%2


< End of report >

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by Belahzur on 9th February 2010, 1:39 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2010/02/06 12:20:20 | 000,279,808 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe
    SRV - File not found [On_Demand | Stopped] -- -- (awhost32)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKCU..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe ()
    [2010/02/06 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu

    :files
    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 9th February 2010, 2:39 am

Hi,

I have tried it several ways and still come up with the same basic response.

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.1.28.0 log created on 02082010_213755

BTW-thanks in advance for all of your assistance. It is greatly appreciated.


Last edited by greich2 on 9th February 2010, 2:47 am; edited 1 time in total (Reason for editing : added information)

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 9th February 2010, 2:54 am

Hi again,

A window just popped up after running OTL that says there is a threat of a Trojan horse Downloader.Zlob.AQXA

Also after running OTL, the popups of bankerfox.a and win32nuqel have ceased.

Please advise how to proceed.

Thanks

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 9th February 2010, 2:56 am

Here is what came up after rebooting and running OTL again:

OTL logfile created on: 2/8/2010 9:52:09 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\freich.freich-us\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 3.87 Gb Free Space | 19.34% Space Free | Partition Type: NTFS
Drive D: | 69.16 Gb Total Space | 64.73 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: freich-us
Current User Name: freich
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/14 09:12:08 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/01/02 19:03:10 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/02 19:02:50 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/02 13:25:41 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/02 13:11:21 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/02 13:11:05 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/02 13:11:05 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/02 13:11:04 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/02 13:11:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 14:41:22 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2007/04/17 14:30:58 | 000,960,512 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2007/02/26 17:34:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/02/26 17:34:28 | 000,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007/02/26 17:33:56 | 000,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/02/26 17:33:46 | 000,245,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2006/08/01 19:25:16 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2006/08/01 19:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/05/10 14:03:44 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/04/21 14:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/03/23 00:10:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/02/24 01:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/14 13:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 13:16:28 | 000,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/01/22 17:30:16 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/11/07 11:14:16 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/10/25 23:44:30 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/08/01 05:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 13:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2005/06/16 17:15:34 | 000,444,160 | ---- | M] (Zone Labs LLC) -- C:\Program Files\Zone Labs\Integrity Client\iclient.exe
PRC - [2005/05/20 04:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/04/08 13:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Belkin\F1U201.401\usbshare.exe
PRC - [2003/01/28 04:33:10 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE
PRC - [2001/10/08 12:59:36 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/08/23 12:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
MOD - [2008/04/13 19:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2006/08/01 19:26:44 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2006/02/14 13:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WMDM PMSP Service)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [On_Demand | Stopped] -- -- (awhost32)
SRV - [2010/01/14 09:12:08 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/01/02 19:02:50 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/02 13:11:04 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/02 13:11:04 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/04/13 19:11:55 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/04/17 14:30:58 | 000,960,512 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/08/01 19:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/04/21 14:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/11/11 00:33:00 | 000,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/16 17:23:48 | 000,939,776 | ---- | M] (Zone Labs LLC) [Auto | Running] -- C:\WINDOWS\System32\ZONELABS\vsmon.exe -- (vsmon)
SRV - [2004/12/16 16:42:04 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/02 13:11:38 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/02 13:11:36 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/02 13:11:08 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/01/02 13:11:08 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/01/02 13:11:05 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/02 13:11:04 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/01/02 13:11:04 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/01/02 13:11:04 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/01/02 13:10:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/01/02 13:10:44 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/05/28 21:23:24 | 004,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/13 13:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/02 10:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/26 18:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/12/22 10:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 10:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 10:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/01 19:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/06/19 13:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/04/25 19:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/25 19:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2006/04/20 07:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/03/23 00:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/02/14 13:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/31 06:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/01/17 00:52:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/01/17 00:52:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/12/06 07:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/04 22:55:30 | 001,428,096 | ---- | M] (Intelģ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/30 15:58:00 | 000,085,760 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/11/30 09:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/11 00:33:00 | 000,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/10/12 08:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/08/18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/08/01 05:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 05:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 05:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 05:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 05:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 05:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 05:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 03:30:00 | 000,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 09:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 05:10:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/05 13:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 12:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/06/16 17:23:36 | 000,203,272 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/06/07 09:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/06/07 09:53:46 | 000,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2005/05/17 06:20:06 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/26 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/10/19 16:50:10 | 000,612,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/03/05 12:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2003/11/17 18:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/10/23 09:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/04/21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2002/11/12 10:02:20 | 000,099,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel(R)
DRV - [2002/06/21 07:45:58 | 000,069,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002/06/21 07:45:48 | 000,090,784 | ---- | M] (Intel Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2001/08/23 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/09/01 08:11:06 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEMNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://my.oracle.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.01
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad/wpad.dat"
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/02 13:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/02 13:11:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/06 14:42:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/06 14:42:49 | 000,000,000 | ---D | M]

[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Extensions
[2010/02/08 10:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Firefox\Profiles\b6at4lbb.default\extensions
[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freich.freich-us\Application Data\Mozilla\Firefox\Profiles\b6at4lbb.default\extensions\fsonlinescanner@f-secure.com
[2010/02/06 14:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntpgds] C:\WINDOWS\ORCLOBI\synctime.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe ()
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\Integrity Client\iclient.exe (Zone Labs LLC)
O4 - HKCU..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F1U201.401.lnk = C:\Program Files\Belkin\F1U201.401\usbshare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\microsoft office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = c:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: oraclecorp.com ([global-service] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\oracle1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\oracle1024x768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/04 09:52:28 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/08 21:36:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/08 11:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/08 10:49:43 | 001,582,189 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe.part
[2010/02/07 20:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/07 16:20:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/07 16:20:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/07 16:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/07 09:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/06 17:13:48 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\freich.freich-us\Desktop\mbam-setup.exe
[2010/02/06 15:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\My Documents\Downloads
[2010/02/06 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\AVG Security Toolbar
[2010/02/06 14:41:42 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\freich.freich-us\Desktop\Firefox Setup 3.6.exe
[2010/02/06 14:30:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
[2010/02/06 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu
[2010/02/02 00:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Application Data\AVG9
[2010/02/02 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/02 19:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Share-to-Web Upload Folder
[2009/12/10 20:24:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/10 20:24:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/10 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/07/03 20:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2007/07/03 20:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/03 20:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/08 21:32:17 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/08 21:32:17 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/08 21:32:17 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/08 21:31:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/02/08 21:31:11 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/02/08 21:31:09 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/02/08 21:31:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/08 21:09:33 | 000,000,579 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/08 21:09:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/08 21:09:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/08 21:09:04 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 15:46:34 | 055,262,078 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/08 11:55:10 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\freich.freich-us\ntuser.dat
[2010/02/08 11:55:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\freich.freich-us\ntuser.ini
[2010/02/08 11:55:01 | 003,769,162 | -H-- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\IconCache.db
[2010/02/08 11:13:39 | 001,582,189 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe.part
[2010/02/08 10:49:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 10:14:32 | 000,000,355 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\syssvc.exe
[2010/02/07 20:53:21 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Desktop\esetsmartinstaller_enu.exe
[2010/02/07 16:20:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 10:05:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/06 17:14:19 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\freich.freich-us\Desktop\mbam-setup.exe
[2010/02/06 14:42:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/06 14:41:37 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\freich.freich-us\Desktop\Firefox Setup 3.6.exe
[2010/02/06 14:30:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freich.freich-us\Desktop\OTL.exe
[2010/02/04 18:17:30 | 000,563,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/01/19 21:09:09 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/19 19:23:16 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/08 10:49:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Desktop\jre-6u18-windows-i586.exe
[2010/02/08 10:14:32 | 000,000,355 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\syssvc.exe
[2010/02/07 20:53:12 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\freich.freich-us\Desktop\esetsmartinstaller_enu.exe
[2010/02/07 16:20:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 10:34:06 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/07 10:05:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 19:31:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/07/10 07:53:56 | 000,002,723 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2007/07/03 19:19:40 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007/03/21 13:03:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/21 13:00:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/03/21 13:00:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/03/21 13:00:29 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/03/21 12:59:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2007/03/21 12:59:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2007/03/21 09:10:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\BJLOG.INI
[2007/02/26 19:34:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2006/11/09 13:03:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/06 20:42:46 | 000,001,212 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/11/06 18:28:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/06 18:25:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/11/06 18:16:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/11/06 18:16:55 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/11/06 16:19:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/06 16:19:42 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/11/06 16:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/11/06 16:17:09 | 000,012,500 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2006/08/01 19:13:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/20 07:34:38 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/01/30 10:54:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/06 10:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/06/25 00:38:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2003/01/31 08:49:26 | 000,009,785 | ---- | C] () -- C:\WINDOWS\System32\drivers\a312.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< :OTL >

< PRC - [2010/02/06 12:20:20 | 000,279,808 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe >
Invalid Switch: 06 12:20:20 | 000,279,808 | ---- | M] () -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe

< SRV - File not found [On_Demand | Stopped] -- -- (awhost32) >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. >

< O4 - HKCU..\Run: [cxhayafa] C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe () >

< [2010/02/06 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu >
Invalid Switch: 06 12:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu


< >

< :files >

< C:\WINDOWS\tasks\At*.job >

========== Files - Unicode (All) ==========
[2010/01/06 10:41:51 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?‘) -- C:\WINDOWS\System32\‘
[2010/01/06 10:41:51 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?‘) -- C:\WINDOWS\System32\‘

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by Belahzur on 9th February 2010, 7:12 pm

Hello.
You pressed the scan button, not the fix button?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infected with virus cannot remove

Post by greich2 on 10th February 2010, 12:57 am

Hi,

I ran it again, making sure to click on the red fix button and below is what came up in the log file. Would you agree its fixed? Please advise if I need to do anything else.

Thanks

========== OTL ==========
No active process named irifsftav.exe was found!
Service awhost32 stopped successfully!
Service awhost32 deleted successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cxhayafa not found.
File C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu\irifsftav.exe not found.
C:\Documents and Settings\freich.freich-us\Local Settings\Application Data\ajhrhu folder moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.

OTL by OldTimer - Version 3.1.28.0 log created on 02092010_195529

greich2
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-02-06
OS OS : windows xp
Points Points : 25250
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum