jgowell21

Alright with that done, I think it is finally time to close this topic. Thanks again for the help!

Ran Cleanup but the TDSSKiller_Quarantine folder remains. Should I manually delete those files?

Ran one final scan with ESET and it came up with the following: C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » a/ppbwjge.class - a variant of Java/Exploit.Agent.NCW trojan C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » a/cukg.class - a variant of Java/Exploit.Agent.NCW trojan C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » a/bqwyewbkt.class - a variant of Java/Exploit.Agent.NCW trojan C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » vjlkintv - a variant of Win32/Kryptik.AIVI trojan I'd appreciate any advice. Thanks.

One last note: I ran Kaspersky Virus Removal Tool to see if that would catch anything and the only time it "detected" anything were those objects already quarantined by TDSSKiller that were in a "TDSSKiller_Quarantine" folder. Is it safe for me to delete those files in the "TDSSKiller_Quarantine" folder?

Seems like things are fine. RK doesn't list anything under "Infections" anymore. If I need additional help, I'll start a new topic. Thanks again for all the help Maniac.

When I went to the "_OTL/MovedFiles" log I found some additional lines at the end after "Restore Point Set": OTL by OldTimer - Version 3.2.54.1 log created on 07242012_190646 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Update: After the 2nd fail Safe Mode attempt, I decided to try to run the OTL custom fix provided. I think it was successful and came up with this Log file once I rebooted. All processes killed ========== OTL ========== Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\vshare@toolbar\META-INF folder moved successfully. C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\vshare@toolbar\chrome folder moved successfully. C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\vshare@toolbar folder moved successfully. C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L\00000004.@ moved successfully. C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ moved successfully. C:\Documents and Settings\d\Local Settings\Application Data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ moved successfully. ========== FILES ========== C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\U folder moved successfully. C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L folder moved successfully. C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4} folder moved successfully. C:\Documents and Settings\d\Local Settings\Application Data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\U folder moved successfully. C:\Documents and Settings\d\Local Settings\Application Data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L folder moved successfully. C:\Documents and Settings\d\Local Settings\Application Data\{766ae966-0c13-0485-0d28-523fb79d5fb4} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\d\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\d\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: d ->Temp folder emptied: 62119375 bytes ->Temporary Internet Files folder emptied: 68427733 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 85329669 bytes ->Flash cache emptied: 266024 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 7716998 bytes ->Flash cache emptied: 11031 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 17834 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4577656 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4579 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 33978788 bytes Total Files Cleaned = 250.00 mb Restore point Set: OTL Restore Point

Tried to boot into Safe Mode. Selected the normal "Safe Mode" option (not "with Networking" or "with Command Prompt"). Then I had 3 options: 1) Microsoft Recovery Console 2) Debugger (which said "do not select this") and 3) Microsoft Windows XP. Selected XP like I normally do when I boot into Safe Mode. However, this time, while the drivers/files were loading, the computer received the BSOD and restarted. I tried it again and it BSOD again.

I let it go for a full hour and since nothing changed and it was still frozen, I just restarted and will await further instructions.

Maniac, I am posting this from another computer because the computer I was working on has froze. I copied/pasted your exact instructions about 20 minutes ago and when I clicked "Run Fix" it said "Killing processes. DO NOT INTERRUPT" I realized the computer was frozen when I saw the time in the lower right corner of the taskbar had not changed even though 20-25 minutes have now passed since I clicked the "Run Fix" button. Should I continue to let it run? Should I force shutdown and try again? Other options?

Extras.txt file OTL Extras logfile created on: 7/24/2012 4:16:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\d\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.90 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 58.41% Memory free 4.74 Gb Paging File | 3.32 Gb Available in Paging File | 70.05% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 114.41 Gb Total Space | 1.85 Gb Free Space | 1.62% Space Free | Partition Type: NTFS Computer Name: BCS-FF2C23D2798 | User Name: d | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2052111302-261903793-725345543-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer "{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 6.0 "{70E2B27F-0B7F-41B2-8145-E7377BC9F75A}" = DisplayLink Graphics "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software "{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.32.500.0 "{861C4DFA-E691-4BA6-BE6B-D5BA211990B6}" = DisplayLink Core Software "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}" = ESET NOD32 Antivirus "{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050 "{8B784DB3-2DBF-4660-863C-CAD974C047C7}" = hppusgP2050 "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{9fe85a45-5110-487a-a3da-c4b7b78d5514}" = Lenovo USB Port Replicator with Digital Video "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AIM_7" = AIM 7 "Android SDK Install v.30" = Android SDK Install v.30 "Cisco Connect" = Cisco Connect "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09 "CutePDF Writer Installation" = CutePDF Writer 2.8 "DAEMON Tools Lite" = DAEMON Tools Lite "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer "ITPM" = Intel® Trusted Platform Module "Lenovo USB Port Replicator" = Lenovo USB Port Replicator "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "OnScreenDisplay" = On Screen Display "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "PROSet" = Intel® Network Connections Drivers "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.1.11 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD\A5PASSMASTER.DB> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD\A6LECTURE.DB> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD\A6PASSMASTER.DB> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD\A6PASSMASTER.DB> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 3/25/2012 5:43:00 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\DESKTOP\BECKER\AUD> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 4/9/2012 8:30:31 PM | Computer Name = SUH-FF2C23D2798 | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\D\MY DOCUMENTS\TURBOTAX\2011 SUH D FORM 1040 INDIVIDUAL TAX RETURN.TAX2011> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 4/10/2012 1:48:38 AM | Computer Name = SUH-FF2C23D2798 | Source = Application Error | ID = 1000 Description = Faulting application pockettanks.exe, version 1.3.0.4, faulting module bass.dll, version 2.3.0.3, fault address 0x0001acb1. Error - 4/10/2012 10:48:33 AM | Computer Name = SUH-FF2C23D2798 | Source = MsiInstaller | ID = 10005 Description = Product: Lenovo USB Port Replicator with Digital Video -- Last installation need to reboot OS. Error - 4/11/2012 3:07:30 PM | Computer Name = SUH-FF2C23D2798 | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module FpWinLogonNp.dll, version 3.3.2.27, fault address 0x000038c0. [ System Events ] Error - 7/22/2012 9:07:39 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 7/22/2012 9:07:39 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7001 Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 7/22/2012 9:07:39 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 7/22/2012 9:07:39 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD dqbridge ehdrv epfwtdir Fips intelppm IPSec lenovo.smi MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip TPHKDRV TPPWRIF WS2IFSL Error - 7/22/2012 9:19:22 PM | Computer Name = BCS-FF2C23D2798 | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 7/22/2012 9:24:28 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error - 7/22/2012 9:24:30 PM | Computer Name = BCS-FF2C23D2798 | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 7/22/2012 9:24:30 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Search service to connect. Error - 7/22/2012 9:24:30 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 7/23/2012 6:12:00 PM | Computer Name = BCS-FF2C23D2798 | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). < End of report >

OTL.txt File OTL logfile created on: 7/24/2012 4:16:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\d\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.90 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 58.41% Memory free 4.74 Gb Paging File | 3.32 Gb Available in Paging File | 70.05% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 114.41 Gb Total Space | 1.85 Gb Free Space | 1.62% Space Free | Partition Type: NTFS Computer Name: BCS-FF2C23D2798 | User Name: d | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/24 16:15:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTL.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011/05/16 15:49:28 | 000,676,312 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dcute.exe PRC - [2011/05/16 15:49:28 | 000,085,464 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe PRC - [2011/05/16 15:49:28 | 000,033,240 | ---- | M] (lenovo) -- C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproxy.exe PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe PRC - [2010/08/25 01:28:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010/08/25 01:28:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2010/07/27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010/03/05 13:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2010/03/05 12:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2010/03/05 12:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2010/02/22 16:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2010/02/05 06:44:44 | 000,118,784 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe PRC - [2010/02/05 06:43:20 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe PRC - [2010/02/05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe PRC - [2009/02/12 12:48:42 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2008/10/30 18:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe ========== Modules (No Company Name) ========== MOD - [2012/07/06 13:29:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012/07/05 21:32:25 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll MOD - [2012/07/05 21:32:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/07/05 21:30:16 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012/07/05 21:27:21 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012/07/05 21:26:05 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012/07/05 21:25:47 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012/07/05 21:25:25 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/07/05 21:25:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012/07/05 21:25:05 | 005,283,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2011/05/16 15:49:28 | 000,085,464 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe MOD - [2010/08/25 01:28:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL MOD - [2010/08/25 01:28:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2010/08/25 01:28:00 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010/02/05 06:43:20 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe MOD - [2010/02/05 06:42:38 | 000,634,880 | ---- | M] () -- C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/22 20:37:01 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/17 18:04:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/05/16 15:49:28 | 000,085,464 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe -- (ScrProj) SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService) SRV - [2010/08/25 01:28:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010/08/25 01:28:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010/03/05 13:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010/03/05 12:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2010/03/05 12:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010/02/22 16:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2010/02/22 16:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2010/02/05 06:44:44 | 000,118,784 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer) SRV - [2010/02/05 06:43:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc) SRV - [2010/02/05 06:43:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor) SRV - [2010/02/05 06:39:58 | 001,824,064 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService) SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009/02/12 12:48:42 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\d\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ax88772.sys -- (AX88772) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\d\LOCALS~1\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/09 19:13:13 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011/05/16 15:49:28 | 000,055,256 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dqbridge.sys -- (dqbridge) DRV - [2011/05/16 15:49:28 | 000,019,928 | ---- | M] (lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dqVDDrvK.sys -- (dqVDDrv) DRV - [2011/05/16 15:49:26 | 000,029,656 | ---- | M] (Lenovo Soft Corporation(32)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ALvldr.sys -- (ALvldr) DRV - [2011/04/10 16:07:03 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror) DRV - [2011/04/10 16:07:03 | 000,007,296 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter) DRV - [2010/08/25 01:28:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2010/08/25 01:28:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010/07/18 14:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2010/07/14 15:20:08 | 000,025,560 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dqusb.sys -- (dqusb) DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/03/18 01:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2010/02/22 16:51:10 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2010/02/22 16:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010/02/22 16:47:20 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010/02/05 10:14:14 | 000,661,448 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009/12/09 14:54:46 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009/12/08 14:11:40 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2009/10/23 16:40:30 | 000,187,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RCUVCMNP.sys -- (5U875UVC) DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2009/08/10 04:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008/09/19 16:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm) DRV - [2007/07/16 17:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2052111302-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/17 18:04:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 19:22:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/22 16:42:07 | 000,000,000 | ---D | M] [2010/09/20 10:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\d\Application Data\Mozilla\Extensions [2012/06/04 19:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions [2011/12/04 07:37:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/06/04 19:49:26 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2010/10/03 14:05:11 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\extensions\vshare@toolbar [2012/07/03 09:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/17 18:04:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/04/11 16:34:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/11 16:34:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/22 16:06:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [HPUsageTracking] c:\Program Files\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Lenovo dCute] C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dCute.exe (Lenovo) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2052111302-261903793-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2052111302-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2052111302-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2052111302-261903793-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKU\S-1-5-21-2052111302-261903793-725345543-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341536361125 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{821D4603-DA1E-47B9-8BD9-E97EEBC1D518}: DhcpNameServer = 75.75.75.75 75.75.76.76 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/09/20 12:04:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/24 16:15:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTL.exe [2012/07/24 15:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d\Desktop\RK_Quarantine [2012/07/23 23:49:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/07/23 11:25:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/07/22 21:33:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/22 21:20:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\d\Recent [2012/07/22 20:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner [2012/07/22 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/07/22 20:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/07/22 20:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/07/22 20:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/07/22 18:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d\Local Settings\Application Data\ESET [2012/07/22 16:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET [2012/07/22 16:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/07/22 16:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/07/22 15:56:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\d\Start Menu\Programs\Administrative Tools [2012/07/22 15:56:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/07/21 22:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2012/07/21 22:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2012/07/20 19:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d\Local Settings\Application Data\CutePDF Writer [2012/07/20 19:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS [2012/07/20 19:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF [2012/07/20 19:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software [2012/07/17 18:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012/07/17 18:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\d\Application Data\SystemRequirementsLab [2012/07/17 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo USB Port Replicator [2012/07/17 18:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lenovo USB Port Replicator [2012/07/15 04:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2012/07/15 04:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2012/07/05 19:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/05 19:29:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/24 16:15:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTL.exe [2012/07/24 15:40:36 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/24 15:40:23 | 001,552,384 | ---- | M] () -- C:\Documents and Settings\d\Desktop\RogueKiller.exe [2012/07/24 15:39:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/07/24 14:53:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012/07/23 18:12:05 | 000,508,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/07/23 18:12:04 | 000,090,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/07/23 17:55:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/23 17:55:34 | 3112,198,144 | -HS- | M] () -- C:\hiberfil.sys [2012/07/23 11:25:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/07/23 03:49:43 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\d\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/23 03:24:26 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/07/22 21:44:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/07/22 20:55:08 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012/07/22 20:42:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\d\defogger_reenable [2012/07/22 17:21:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/07/22 16:06:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/07/20 19:31:15 | 000,140,609 | ---- | M] () -- C:\Documents and Settings\d\Desktop\YS Tix 3.pdf [2012/07/20 19:30:52 | 000,140,583 | ---- | M] () -- C:\Documents and Settings\d\Desktop\YS Tix 2.pdf [2012/07/20 19:30:12 | 000,140,512 | ---- | M] () -- C:\Documents and Settings\d\Desktop\YS Tix 1.pdf [2012/07/20 19:04:46 | 017,178,218 | ---- | M] () -- C:\Documents and Settings\d\Desktop\bullsbeat_245.mp3 [2012/07/17 21:25:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 23:12:33 | 000,037,311 | ---- | M] () -- C:\Documents and Settings\d\Desktop\Groupon_chikalicious.pdf [2012/07/05 13:05:50 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\l_u0_0.pad [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/07/01 17:39:46 | 000,002,641 | ---- | M] () -- C:\Documents and Settings\d\Desktop\images.jpg [2012/06/26 04:59:21 | 000,009,420 | ---- | M] () -- C:\Documents and Settings\d\Desktop\SAC.jpg [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/24 15:40:22 | 001,552,384 | ---- | C] () -- C:\Documents and Settings\d\Desktop\RogueKiller.exe [2012/07/23 11:25:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/07/23 11:25:13 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/07/22 21:44:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012/07/22 21:23:56 | 3112,198,144 | -HS- | C] () -- C:\hiberfil.sys [2012/07/22 20:42:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\d\defogger_reenable [2012/07/22 16:03:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/07/20 19:31:15 | 000,140,609 | ---- | C] () -- C:\Documents and Settings\d\Desktop\YS Tix 3.pdf [2012/07/20 19:30:51 | 000,140,583 | ---- | C] () -- C:\Documents and Settings\d\Desktop\YS Tix 2.pdf [2012/07/20 19:30:11 | 000,140,512 | ---- | C] () -- C:\Documents and Settings\d\Desktop\YS Tix 1.pdf [2012/07/20 19:28:14 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2012/07/20 19:04:38 | 017,178,218 | ---- | C] () -- C:\Documents and Settings\d\Desktop\bullsbeat_245.mp3 [2012/07/15 04:02:24 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L\00000004.@ [2012/07/11 23:12:33 | 000,037,311 | ---- | C] () -- C:\Documents and Settings\d\Desktop\Groupon_chikalicious.pdf [2012/07/05 21:40:08 | 000,725,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/07/05 21:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/07/05 21:01:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/07/05 12:53:36 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\l_u0_0.pad [2012/07/01 17:39:46 | 000,002,641 | ---- | C] () -- C:\Documents and Settings\d\Desktop\images.jpg [2012/06/26 04:59:21 | 000,009,420 | ---- | C] () -- C:\Documents and Settings\d\Desktop\SAC.jpg [2012/04/09 19:21:59 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/05/16 15:49:28 | 000,055,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\dqbridge.sys [2010/10/09 18:11:20 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/09 16:41:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/10/04 05:28:49 | 000,000,619 | ---- | C] () -- C:\WINDOWS\System32\hppapr13.dat [2010/10/04 05:28:04 | 000,172,891 | ---- | C] () -- C:\WINDOWS\hppins13.dat [2010/10/04 05:28:04 | 000,006,760 | ---- | C] () -- C:\WINDOWS\hppmdl13.dat [2010/09/27 19:52:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/09/26 17:43:01 | 000,045,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/21 02:22:54 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2010/09/21 02:22:53 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2010/09/20 12:07:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010/09/20 12:01:27 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/09/20 10:09:21 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2010/09/20 10:09:19 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2010/09/20 10:09:17 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2010/09/20 10:09:17 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2010/09/20 10:02:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/09/20 09:48:03 | 000,217,600 | ---- | C] () -- C:\Documents and Settings\d\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/20 04:50:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010/09/20 04:49:29 | 000,204,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/04/14 06:41:26 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ [2008/04/14 06:41:26 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\d\Local Settings\Application Data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ ========== LOP Check ========== [2010/09/30 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2010/12/23 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems [2012/04/09 19:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010/10/09 15:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\debugout [2012/07/22 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/06/04 22:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media [2010/09/27 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/30 18:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\acccore [2010/09/20 14:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\CachedFiles [2012/07/22 20:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\DAEMON Tools Lite [2012/06/12 01:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\Oracle [2012/06/04 19:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\Sling Media [2012/07/17 18:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\SystemRequirementsLab [2011/12/28 03:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\Windows Desktop Search [2012/03/19 21:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\d\Application Data\Windows Search [2012/07/24 14:53:48 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:502D809E < End of report >

Let me know if this is what you are looking for or if you need something else: https://www.virustotal.com/file/5999b39242283cd803319aadca171cccc6e2a40fb2fafa51b1d29f3ff2dd8d6c/analysis/

Actually, I tried running Roguekiller again to see if maybe it was crashing because of the malware before. This time, I was able to get it to successfully run and it found one entry. Please see the log below: RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: d [Admin rights] Mode: Scan -- Date: 07/24/2012 15:42:40 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L --> FOUND [ZeroAccess][FILE] @ : c:\documents and settings\d\local settings\application data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\documents and settings\d\local settings\application data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\U --> FOUND [ZeroAccess][FOLDER] L : c:\documents and settings\d\local settings\application data\{766ae966-0c13-0485-0d28-523fb79d5fb4}\L --> FOUND [Faked.Drv][FAKED] fltMgr.sys : c:\windows\system32\drivers\fltMgr.sys --> CANNOT FIX [Faked.Drv][FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX [Faked.Drv][FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX [Faked.Drv][FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX [Faked.Drv][FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (ALvldr.sys @ 0xB990A7E6) ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG MMCQE28G8MUP-0VA +++++ --- User --- [MBR] 8fede7d59eefb86210a17e6e811edb02 [bSP] 76eced74339309ac5fccd08057324ebb : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 117153 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 239931392 | Size: 4949 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt The only option I am given is to delete or fix the registry entry related to "NewStartPanel". Should I also be concerned with the things RK states "Cannot Fix"? Please advise.

Okay thanks again for the help Maniac. Feel free to close this thread and should I experience any future problems, I'll start another one.