Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Security Trojan after effects


  • Please log in to reply
40 replies to this topic

#1 ABDomega

ABDomega

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 20 December 2009 - 10:10 PM

I had this malware on my computer and it claimed everything was infected and actually prevented me from not only running my anti-mal program, but from even accessing my task manager to end the process. I was able to install SuperAntiSpyware after reboots and run a scan to remove the threat. All was right in the world, right? Not so much. Now I'm having residual problems. For example, I cannot upload pictures to sites such as Photobucket or Shutterfly. I thought perhaps it was a Firefox problem so I tried to access these sites on IE and that won't even connect to the net. I am assuming these problems were caused by the malware.

Also, I have HJT, but nowhere in the instructions did it say to post my log here. Let me know if that is something you'd like.

Anyway, on to the logs:



DDS:

DS (Ver_09-12-01.01) - NTFSx86
Run by Sam at 21:16:00.64 on Sun 12/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.1860 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DWHWizrd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: BHO: {029d18cb-8632-463c-93b7-c210ae50c722} - c:\windows\system32\iehelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [suScheduler] c:\program files\thinkvantage\systemupdate\UCLauncher.exe /SCHEDULER
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [xxxhyvnf] c:\documents and settings\sam\local settings\application data\ofenva\lbtgsysguard.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd csspwntfy ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\r8x298da.sam\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\sam\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-16 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-16 108392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-11-6 810632]
R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-12-8 3328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-16 108392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091220.020\NAVENG.SYS [2009-12-20 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091220.020\NAVEX15.SYS [2009-12-20 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-11-18 58624]
R3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
R3 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-4-16 2234296]
S1 zmauokbb;zmauokbb;\??\c:\windows\system32\drivers\zmauokbb.sys --> c:\windows\system32\drivers\zmauokbb.sys [?]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [2009-8-20 83124]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-12-21 01:50:43 0 d-----w- c:\program files\Trend Micro
2009-12-19 18:17:29 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-19 17:43:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-19 17:43:42 0 d-----w- c:\docume~1\sam\applic~1\SUPERAntiSpyware.com
2009-12-10 18:58:47 0 d-----w- c:\windows\system32\MpEngineStore
2009-12-10 13:50:07 221 ----a-w- c:\windows\system32\MRT.INI
2009-11-30 15:32:08 81 ----a-w- C:\CTX.DAT
2009-11-30 15:32:03 0 d-----w- c:\documents and settings\sam\Citrix
2009-11-27 01:42:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2009-10-30 01:54:36 256 ----a-w- c:\documents and settings\sam\pool.bin
2009-10-27 11:01:03 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 06:00:55 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 14:58:48 263552 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:53:29 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 69632 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54:17 112128 ------w- c:\windows\system32\dllcache\rastls.dll
2009-09-25 05:49:02 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 05:48:58 1054208 ------w- c:\windows\system32\dllcache\danim.dll

============= FINISH: 21:16:53.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 03 January 2010 - 06:11 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 03 January 2010 - 09:37 PM

Thanks, myrti.

Nothing new has happened since my original post. I have not done anything since my original post to resolve my problems which are as follows:

1. I cannot upload pictures to sites such as photobucket without getting the following error message:

"Upload failed for IMG_2991.jpg with error: A network error caused your upload to fail. Please try your upload again."

2. I cannot access the internet via Internet Explorer.

Here are the .txt files requested:

OTL:

OTL logfile created on: 1/3/2010 9:27:50 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.27 Gb Total Space | 11.82 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROGRESS
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/03 21:27:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
PRC - [2009/12/17 08:48:34 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/26 06:55:24 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/21 06:55:18 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 00:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/04/17 13:23:28 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/04/17 13:22:12 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/04/17 13:22:06 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/04/17 13:20:14 | 00,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/04/17 13:15:02 | 00,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/01/28 07:23:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/06 12:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/20 18:24:03 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/08 10:21:05 | 00,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/16 12:59:34 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/16 12:59:34 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/16 12:59:32 | 02,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
PRC - [2008/04/16 12:59:32 | 01,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
PRC - [2008/04/16 12:59:30 | 02,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/04/16 12:59:26 | 00,157,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DWHWizrd.exe
PRC - [2007/11/06 17:04:48 | 00,810,632 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2007/08/11 19:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/09 18:14:12 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/02/17 17:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/02/17 17:52:24 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/02/17 17:51:46 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/12/28 13:52:32 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/21 20:34:58 | 00,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 20:27:00 | 00,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 20:20:56 | 01,384,448 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 19:17:54 | 00,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/20 23:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/12/14 13:51:12 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/11/29 12:55:10 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2005/11/17 04:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2005/11/11 03:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/11/07 13:14:16 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/11/01 17:04:02 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/10/26 02:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005/09/15 15:57:42 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/09/15 15:57:18 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/08/01 19:32:40 | 00,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
PRC - [2005/07/05 16:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/03 21:27:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/12/01 03:09:00 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL
MOD - [2005/09/15 15:57:36 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/22 15:45:19 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/21 06:55:18 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/17 13:22:12 | 00,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/04/17 13:22:06 | 00,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/03/24 00:09:36 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/28 07:23:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/08 10:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/04/16 12:59:34 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/04/16 12:59:34 | 00,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/04/16 12:59:32 | 02,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2008/04/16 12:59:32 | 00,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2008/04/16 12:59:30 | 02,234,296 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/02/28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/06 17:04:48 | 00,810,632 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/08/11 19:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/11 19:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/07/04 10:36:40 | 00,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2006/02/17 17:54:24 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/02/17 17:52:24 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/02/17 17:51:46 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/12/21 20:34:58 | 00,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 20:20:56 | 01,384,448 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 19:17:54 | 00,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/20 23:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/12/14 13:51:12 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/11 03:33:00 | 00,073,782 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/11/01 17:04:02 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 19:32:40 | 00,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/30 12:49:36 | 00,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)


========== Driver Services (SafeList) ==========

DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091231.114\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/25 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091231.114\NAVENG.SYS -- (NAVENG)
DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/28 21:23:24 | 04,203,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/05/16 06:54:56 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/01/09 15:18:02 | 00,027,136 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/11/20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/09/05 18:25:52 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/07/11 23:04:26 | 00,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2008/05/20 17:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/05/12 19:22:04 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/16 12:59:36 | 00,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/04/16 12:59:36 | 00,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/04/16 12:59:36 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/04/16 12:59:24 | 00,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/16 12:59:24 | 00,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/04/16 12:59:24 | 00,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/01/25 08:25:09 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/01/25 08:25:08 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/01/25 08:25:07 | 00,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/11/13 05:25:53 | 00,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/25 22:38:40 | 00,083,124 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbc01.sys -- (CSRBC01)
DRV - [2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/02/08 19:45:18 | 00,646,392 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/07/04 10:36:40 | 00,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/07/04 10:11:20 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/04/20 17:06:50 | 00,181,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/02/17 18:41:50 | 00,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/21 19:14:58 | 00,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/21 18:45:56 | 00,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2005/12/20 23:51:46 | 01,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/15 16:19:20 | 00,173,056 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/15 16:19:20 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)
DRV - [2005/12/08 16:54:24 | 00,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/08 16:44:40 | 00,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2005/12/07 03:12:00 | 00,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/06 13:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2005/12/06 13:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/06 13:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2005/12/05 02:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 03:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 17:58:00 | 00,085,760 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/11/30 03:51:00 | 00,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 03:51:00 | 00,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 04:41:00 | 00,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/18 18:21:14 | 00,058,624 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/11/15 15:11:28 | 00,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/11/11 03:33:00 | 00,010,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/11/01 16:53:14 | 01,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 16:51:34 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/11/01 16:51:06 | 00,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/11/01 16:48:00 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/10/20 20:47:06 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/10/12 14:07:12 | 00,874,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/28 16:07:02 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/15 15:53:10 | 00,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/08/10 09:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 07:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/08/05 17:42:18 | 00,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/08/01 07:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 07:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 07:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 07:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 07:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 07:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 07:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 05:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 11:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 11:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 07:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/05 16:57:06 | 00,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 14:18:00 | 00,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/17 12:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/05/16 08:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 01:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/07/17 07:53:02 | 00,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/12/27 11:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2000/05/31 22:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (pmem)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {74b288e6-77b6-41c7-8138-bb81f4539689}:3.5
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 08:48:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 08:48:40 | 00,000,000 | ---D | M]

[2008/08/31 09:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Extensions
[2009/09/22 19:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions
[2009/04/30 08:05:36 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/20 15:53:35 | 00,000,000 | ---D | M] (iFox Graphite) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2008/04/16 10:26:29 | 00,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/07/20 15:53:40 | 00,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/08/13 10:01:06 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/30 21:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\r8x298da.Sam\extensions
[2009/09/24 14:00:31 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\r8x298da.Sam\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/15 09:42:32 | 00,001,877 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\p822hn1d.default\searchplugins\aolsearch.xml
[2009/12/30 21:07:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/05 15:41:45 | 00,000,000 | ---D | M] (OneStep Search) -- C:\Program Files\Mozilla Firefox\extensions\{C7E0B063-1DC2-4DD0-A502-1D67957B9ADE}
[2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/03/04 07:54:06 | 00,001,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\onestep.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BHO) - {029D18CB-8632-463c-93B7-C210AE50C722} - C:\WINDOWS\System32\iehelper.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [xxxhyvnf] C:\Documents and Settings\Sam\Local Settings\Application Data\ofenva\lbtgsysguard.exe File not found
O4 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-1703263365-3606755470-2851578960-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Sam/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/30 07:50:16 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02af5934-b7e6-11db-aef3-00a0d5ffff85}\Shell - "" = AutoRun
O33 - MountPoints2\{02af5934-b7e6-11db-aef3-00a0d5ffff85}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{02af5934-b7e6-11db-aef3-00a0d5ffff85}\Shell\AutoRun\command - "" = E:\RoNsetup.exe -- File not found
O33 - MountPoints2\{51700f7a-b756-11de-b061-00a0d5fffe85}\Shell\AutoRun\command - "" = F:\.\Vado\Vado.exe -- File not found
O33 - MountPoints2\{8a58ae45-c426-11de-b064-00a0d5ffff85}\Shell\AutoRun\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{8a58ae45-c426-11de-b064-00a0d5ffff85}\Shell\slacker\command - "" = G:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{b3677487-90be-11de-b052-00a0d5fffe85}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{b3677487-90be-11de-b052-00a0d5fffe85}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/03 21:27:05 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2009/12/28 23:59:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\MM
[2009/12/26 00:50:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\Temp
[2009/12/24 13:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/22 15:45:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/20 21:38:49 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Sam\Desktop\RootRepeal.exe
[2009/12/20 21:08:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/20 20:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/19 18:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\Wippenberg-Pong-HCR088D-WEB-2009-SSR
[2009/12/19 16:54:54 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Sam\Desktop\Ad-AwareInstallation.exe
[2009/12/19 13:17:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/19 12:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\SUPERAntiSpyware.com
[2009/12/19 12:43:42 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/12/19 09:36:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Local Settings\Application Data\ofenva
[2009/12/10 13:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2009/08/24 21:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/23 07:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/09/06 18:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2008/09/05 18:30:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IBM
[2008/07/21 20:28:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2008/07/21 20:28:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/05 15:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/10/10 20:37:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/10/08 14:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/21 08:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2007/02/09 08:19:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2007/01/01 22:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2006/08/18 17:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2006/08/07 23:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/08/01 09:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2006/07/30 07:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM
[2006/07/04 10:34:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/03 21:27:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
[2010/01/03 21:07:09 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/03 20:50:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/03 17:42:54 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/01/01 15:50:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/31 22:45:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/28 07:55:34 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/27 03:07:00 | 00,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/26 00:55:20 | 00,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/24 15:21:24 | 00,000,578 | ---- | M] () -- C:\WINDOWS\M3JPEG.INI
[2009/12/24 13:19:11 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/24 13:19:05 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/12/24 12:50:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/24 12:50:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/24 12:50:15 | 32,195,74784 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/24 12:48:33 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2009/12/24 12:48:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Sam\ntuser.ini
[2009/12/23 00:26:25 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\WBB Pilot Program.doc
[2009/12/22 14:53:50 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 21:39:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\settings.dat
[2009/12/20 21:38:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Sam\Desktop\RootRepeal.exe
[2009/12/20 20:50:44 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\HijackThis.lnk
[2009/12/19 16:58:16 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Sam\Desktop\Ad-AwareInstallation.exe
[2009/12/10 10:13:23 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 10:13:23 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 10:13:22 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 08:55:23 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 08:50:07 | 00,000,221 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 00:55:20 | 00,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/22 15:45:36 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/22 15:45:36 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/21 23:01:11 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\WBB Pilot Program.doc
[2009/12/20 21:39:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\settings.dat
[2009/12/20 20:50:44 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\HijackThis.lnk
[2009/12/10 08:50:07 | 00,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/21 22:43:38 | 00,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/21 22:43:38 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/21 22:43:26 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/21 22:43:26 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/21 22:42:30 | 00,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/09/21 22:42:26 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/09/21 22:38:36 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/11 19:44:14 | 00,000,751 | ---- | C] () -- C:\WINDOWS\Rtcwplat.INI
[2009/09/08 23:23:22 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009/08/25 07:53:56 | 00,879,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/24 09:21:54 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/30 10:32:38 | 00,000,075 | ---- | C] () -- C:\WINDOWS\studt.ini
[2008/09/07 10:12:47 | 06,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
[2008/09/07 10:12:44 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/09/07 10:06:42 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2008/09/07 10:01:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/04 14:17:17 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/09/04 14:17:17 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/09/04 14:17:17 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/09/04 13:56:22 | 00,000,578 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2008/09/04 11:47:14 | 00,208,896 | ---- | C] () -- C:\WINDOWS\LiveClient.dll
[2008/09/04 11:47:14 | 00,176,128 | ---- | C] () -- C:\WINDOWS\GeoCodecLib.dll
[2008/07/03 16:36:35 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/07/03 16:32:04 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\$_hpcst$.hpc
[2008/04/09 17:46:12 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/13 23:15:37 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/06/22 16:50:21 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/05/22 07:33:06 | 00,000,248 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/02/10 15:55:56 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2007/02/08 19:45:17 | 00,646,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/01 21:13:20 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/08 11:52:11 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/20 08:23:24 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/18 17:27:05 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2006/08/16 09:28:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/31 13:13:54 | 00,119,296 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/30 09:14:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/07/30 07:50:09 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2006/07/04 10:40:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/04 10:40:20 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/07/04 10:26:23 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/04 10:26:23 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/04 10:26:23 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/04 10:26:23 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/04 10:26:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/04 10:26:23 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/04 10:25:42 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/07/04 10:25:23 | 00,000,148 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/04 10:12:34 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/07/04 10:11:41 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/07/04 10:07:50 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/07/04 09:51:18 | 00,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/01 16:59:16 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 17:22:24 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/10/12 14:07:12 | 00,874,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\IASTOR.SYS
[2005/09/06 12:05:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/09 13:03:43 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/05/16 00:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 19:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980/01/01 02:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[1980/01/01 02:00:00 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1980/01/01 02:00:00 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
< End of report >


Extras:

OTL Extras logfile created on: 1/3/2010 9:27:50 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Sam\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.27 Gb Total Space | 11.82 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROGRESS
Current User Name: Sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"58235:TCP" = 58235:TCP:*:Enabled:Pando P2P TCP Listening Port
"58235:UDP" = 58235:UDP:*:Enabled:Pando P2P UDP Listening Port
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Program Files\Bizarro\DCPlusPlus.exe" = C:\Program Files\Bizarro\DCPlusPlus.exe:*:Enabled:Bizarro DC++ -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1157736600\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1157736600\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1157736600\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1157736600\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" = C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Disabled:Rise of Nations -- File not found
"C:\Program Files\Gaim\gaim.exe" = C:\Program Files\Gaim\gaim.exe:*:Enabled:gaim -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Setup.exe" = D:\Setup.exe:*:Enabled:Dell TrueMobile 2300 Wireless Router Setup Wizard -- File not found
"C:\Program Files\Dell TrueMobile 2300\ControlUtility.exe" = C:\Program Files\Dell TrueMobile 2300\ControlUtility.exe:*:Enabled:ControlUtility -- File not found
"C:\Program Files\NBC Direct\StoreFrontPlayer.exe" = C:\Program Files\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta -- (ExtendMedia Inc.)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost -- File not found
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- File not found
"C:\Program Files\Brother\Brmfl08b\FAXRX.exe" = C:\Program Files\Brother\Brmfl08b\FAXRX.exe:*:Enabled:FAXRX.EXE -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Documents and Settings\Sam\Local Settings\Temp\859734c6dae041619b616e9e2e68f4f2\RelicDownloader.exe" = C:\Documents and Settings\Sam\Local Settings\Temp\859734c6dae041619b616e9e2e68f4f2\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Documents and Settings\Sam\Games\Company of Heroes\RelicCOH.exe" = C:\Documents and Settings\Sam\Games\Company of Heroes\RelicCOH.exe:*:Enabled:Company_of_Heroes -- (THQ Canada Inc.)
"C:\Documents and Settings\Sam\My Documents\Downloads\PC » LEFT 4 DEAD 2 Full Game directplay by globe@\Left 4 Dead 2\Left 4 Dead 2\left4dead2.exe" = C:\Documents and Settings\Sam\My Documents\Downloads\PC » LEFT 4 DEAD 2 Full Game directplay by globe@\Left 4 Dead 2\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\Documents and Settings\Sam\Desktop\Left 4 Dead 2\Left 4 Dead 2\left4dead2.exe" = C:\Documents and Settings\Sam\Desktop\Left 4 Dead 2\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E56D5CB-0A76-4290-A998-1EAB8A5F2092}" = Windows Mobile Feb. 2008 DST Updates
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3694899E-5C7F-4EAA-A26B-ED163D5DCADB}" = InterVideo WinDVD Creator
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{4C32C2A5-4BD6-4796-B263-3C6450E7023F}" = ATI Catalyst Control Center
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7DA0C101-5C7C-40C9-A485-68E12780232C}" = Sierra Wireless MC5720 Package for Access Connections
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8996ce4a-f980-4c67-9ef9-3c752cfd696d}" = Nero 9 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4B94701D-F335-49DE-89DB-7BDDD7282C02}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C91EF330-F152-44ED-A33A-0F4FF3FAF813}" = NBC Direct Beta
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = ThinkVantage Fingerprint Software 5.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0D36568-0B4C-11DA-BD3A-001185653D46}" = Google Desktop
"{D3C9E16D-AA27-491F-A29D-6FDF6B60AFC0}" = VZAccess Manager for Lenovo
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-790CW
"{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}" = DAMN NFO Viewer 2.10.0031 RC3
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5072660-B723-422B-BB74-EAA300BF716B}" = System Migration Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6A04D96-C6D7-498C-9099-BCAD0D99778D}" = Diskeeper Lite
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Absolute MP3 Splitter_is1" = Absolute MP3 Splitter version 2.7.1
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"AwayTask" = ThinkVantage Away Manager
"Battle.net" = Battle.net
"BlackBerry_{F8C04C5B-8876-424D-B428-23626373D2A0}" = BlackBerry Desktop Software 5.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"iDump" = iDump (Backing up your iPod)
"ImgBurn" = ImgBurn
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Kevtris" = Kevtris
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NMPUninstallKey" = Nero Media Player
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1703263365-3606755470-2851578960-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2010 11:32:14 AM | Computer Name = PROGRESS | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Trojan Horse in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b3e25ef.tmp
by: Scheduled scan. Action: Clean succeeded. Action Description: The file was
repaired successfully.

Error - 1/2/2010 11:32:26 AM | Computer Name = PROGRESS | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: c:\Documents and Settings\All
Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\4b3e25ef.tmp
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

[ OSession Events ]
Error - 3/13/2008 11:17:12 AM | Computer Name = PROGRESS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/13/2008 11:17:40 AM | Computer Name = PROGRESS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/25/2009 4:37:36 PM | Computer Name = PROGRESS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/25/2009 4:37:46 PM | Computer Name = PROGRESS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/3/2010 12:22:06 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:22:24 AM | Computer Name = PROGRESS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00130270DCFA has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/3/2010 1:22:35 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:26:10 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:34:11 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:34:41 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:36:37 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:37:11 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:39:11 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 1/3/2010 1:39:41 AM | Computer Name = PROGRESS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 04 January 2010 - 04:08 AM

Hi,

please run the following tools to check for rootkits:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 04 January 2010 - 10:25 PM

I tried running the scan from your last post and I encountered a problem. I got a blue screen, problem detected, windows shut down to prevent damage. Caused by following file: pgrdapob.sys

PAGE_FAULT_IN-NONPAGED-AREA

This is followed by what appears to be boilerplate stuff then, Techical information:

*** STOP: 0x00000050 (0x9BE0EB30, 0x00000001, 0x9B0C3FA6, 0x00000000)

*** pgrdapob.sys - Address 9B0CFA6 base at 9B0B8000, Datestamp 4b274f8d

I tried booting into safemode but was given a blue screen error message and not allowed to.

I've tried this twice now and got the blue screen each time.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 05 January 2010 - 06:07 AM

Hi,

please try to run safebootrepair, it may fix your problem with safe mode:
  • Please download Safe Boot Key Repair and save it to your desktop.
  • Open Posted Image on your desktop.
  • Copy and paste the resultant log here in your next reply.
Try booting into safe mode again. Please make sure you reboot and use F8 to get into safe mode. Do NOT use msconfig to reboot into safe mide.

Since gmer is not running on your system right now, we will try something different. Please run mbr:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 05 January 2010 - 10:02 AM

Okay, I followed your steps but was not able to boot into safemode.

Here is the log from Safebootrepair:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\msliksurserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\TDSSserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\msliksurserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SmcService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDSSserv.sys]
@="driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccEvtMgr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ccSetMgr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Lavasoft Ad-Aware Service
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msliksurserv.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Symantec Antivirus
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Symantec Antvirus
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys



Next I did the mbr. Unlike your directions, no "dos" box opened and quickly disappeared and no mbr.log file was created but an mbr text file was created. These are the results:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Did I do something wrong? I just opened the command prompt and copied and pasted what you said I should type in it.

Thanks for the help again.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 05 January 2010 - 10:23 AM

Hi,

the mbr log is exactly what I wanted to have, I must revise my instructions. Sorry.

The safebootrepair is showing remnants of malware. Could you please try to run rootrepeal, since gmer isn't working:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
Do you have your Windows-CD at hand?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 05 January 2010 - 12:35 PM

Here is the rootrepeal report (i've also attached it):

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/05 12:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9F49F000 Size: 876544 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xBA672000 Size: 1664 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\Sam\LOCALS~1\Temp\mbr.sys
Address: 0xAADF5000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9C423000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xBA5AE000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RRbackups
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\bt0.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\bt1.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\bt2.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\bt3.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\bt4.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\bt5.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\C
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\osfilter.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\rr.log
Status: Invisible to the Windows API!

Path: C:\RRbackups\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\system
Status: Invisible to the Windows API!

Path: C:\RRbackups\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\tvt.txt
Status: Invisible to the Windows API!

Path: C:\RRbackups\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\MERGE
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Sam
Status: Invisible to the Windows API!

Path: c:\windows\temp\perflib_perfdata_840.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: \\?\C:\RRbackups\C\0\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\0\Data27
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data46
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data65
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data11
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data12
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data13
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data14
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data15
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data16
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data17
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data18
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data19
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data20
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data21
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data22
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data23
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data24
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data25
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data26
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data28
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data29
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data30
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data31
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data32
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data33
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data34
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data35
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data36
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data37
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data38
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data39
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data40
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data41
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data42
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data43
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data44
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data45
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data47
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data48
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data49
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data50
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data51
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data52
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data53
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data54
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data55
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data56
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data57
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data58
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data59
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data60
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data61
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data62
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data63
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data64
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data66
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data67
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data68
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data69
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data70
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data71
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data72
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data73
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data74
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data75
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data76
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data77
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data78
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data79
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data80
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data81
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data82
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data83
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data84
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data85
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data86
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data87
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\1\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\1\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data100
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data101
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data102
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data103
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data104
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data105
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data106
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data107
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data108
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data109
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data11
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data110
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data111
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data112
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data113
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data114
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data115
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data270
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data271
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data272
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data273
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data274
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data275
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data276
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data277
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data278
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data279
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data28
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data280
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data281
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data282
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data283
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data284
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data285
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data286
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data287
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data288
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data47
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data48
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data49
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data50
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data51
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data52
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data53
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data54
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data55
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data56
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data57
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data58
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data59
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data60
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data61
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data62
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data63
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data64
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data66
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data67
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data68
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data69
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data70
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data71
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data72
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data73
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data74
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data75
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data76
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data77
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data78
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data79
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data80
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data81
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data82
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data83
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data117
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data118
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data119
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data12
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data120
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data121
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data122
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data123
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data124
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data125
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data126
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data127
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data128
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data129
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data13
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data130
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data131
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data132
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data133
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data134
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data136
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data137
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data138
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data139
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data14
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data140
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data141
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data142
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data143
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data144
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data145
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data146
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data147
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data148
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data149
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data15
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data150
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data151
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data152
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data153
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data155
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data156
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data157
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data158
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data159
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data16
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data160
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data161
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data162
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data163
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data164
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data165
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data166
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data167
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data168
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data169
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data17
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data170
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data171
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data172
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data116
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data135
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data154
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data173
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data192
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data210
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data23
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data249
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data27
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data289
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data307
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data326
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data345
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data364
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data383
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data46
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data65
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data84
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data174
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data175
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data176
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data177
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data178
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data179
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data18
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data180
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data181
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data182
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data183
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data184
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data185
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data186
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data187
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data188
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data189
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data19
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data190
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data191
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data193
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data194
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data195
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data196
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data197
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data198
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data199
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data20
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data200
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data201
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data202
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data203
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data204
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data205
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data206
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data207
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data208
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data209
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data21
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data211
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data212
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data213
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data214
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data215
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data216
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data217
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data218
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data219
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data22
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data220
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data221
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data222
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data223
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data224
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data225
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data226
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data227
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data228
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data229
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data230
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data231
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data232
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data233
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data234
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data235
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data236
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data237
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data238
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data239
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data24
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data240
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data241
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data242
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data243
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data244
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data245
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data246
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data247
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data248
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data25
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data250
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data251
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data252
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data253
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data254
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data255
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data256
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data257
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data258
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data259
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data26
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data260
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data261
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data262
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data263
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data264
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data265
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data266
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data267
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data268
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data269
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data29
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data290
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data291
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data292
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data293
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data294
Status: Invisible to the Windows APISSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a21e670

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba10887e

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a1d0d90

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba108bfe

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x9f6930b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad285a4 Size: 2653

Hidden Services
-------------------
Service Name: TDSSserv
Image Path: C:\WINDOWS\system32\drivers\TDSSserv.sys

==EOF==

I don't have a Windows CD. I thought I saved everything for my computer (I saved the literature) but I don't have the CD. Is that going to be a problem?

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 05 January 2010 - 12:43 PM

Hi,

you have a tdss-rootkit on your system. Please run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

We should be fine for now without the Windows-CD.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 05 January 2010 - 03:38 PM

Okay, here is the combofix log (also attached):

ComboFix 10-01-04.01 - Sam 01/05/2010 15:03:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2090 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\psqlpwd.dll
c:\windows\system32\SIntf16.dll

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:53 . 2010-01-05 14:55 77312 ----a-w- C:\mbr.exe
2009-12-26 05:50 . 2009-12-26 05:53 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Temp
2009-12-21 01:50 . 2009-12-21 01:50 -------- d-----w- c:\program files\Trend Micro
2009-12-19 18:17 . 2009-12-19 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-19 17:43 . 2009-12-21 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-19 17:43 . 2009-12-19 17:43 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2009-12-19 14:36 . 2009-12-19 21:42 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\ofenva
2009-12-10 18:58 . 2009-12-10 18:58 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 20:16 . 2009-10-09 02:50 -------- d-----w- c:\program files\Steam
2010-01-05 20:11 . 2007-11-13 22:39 66560 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll
2010-01-05 14:45 . 2009-08-25 12:53 879104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-04 12:24 . 2008-11-11 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-31 04:54 . 2006-08-19 23:28 -------- d-----w- c:\documents and settings\Sam\Application Data\BitTorrent
2009-12-26 05:55 . 2006-07-04 15:39 -------- d-----w- c:\program files\Google
2009-12-21 02:08 . 2008-07-03 21:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-19 23:55 . 2009-09-30 15:03 -------- d-----w- c:\documents and settings\Sam\Application Data\ImgBurn
2009-12-19 18:18 . 2009-12-19 18:18 117760 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 16:54 . 2006-07-04 15:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-10 13:55 . 2007-09-22 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-30 15:32 . 2009-11-30 15:32 81 ----a-w- C:\CTX.DAT
2009-11-28 12:55 . 2009-09-21 11:55 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 03:58 . 2009-11-27 01:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 01:54 . 2009-09-08 16:38 256 ----a-w- c:\documents and settings\Sam\pool.bin
2009-10-30 01:47 . 2009-08-25 13:08 256 ----a-w- c:\windows\system32\pool.bin
2009-10-29 05:04 . 1980-01-01 07:00 668672 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 13:37 . 2006-07-30 13:14 69760 ----a-w- c:\documents and settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 06:00 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 11:55 . 2009-06-22 11:57 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-13 10:53 . 1980-01-01 07:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 1980-01-01 07:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 1980-01-01 07:00 112128 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-20 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-28 1217808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 208896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-04-16 115560]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-09-26 11:55 520024 ------w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ------w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2005-11-14 22:23 487424 ------w- c:\progra~1\THINKV~2\AMSG\AMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 21:43 45056 ------w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2009-11-05 16:51 654128 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 13:38 342848 ------w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-03 20:21 623960 ------w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-05-29 16:49 1085440 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 21:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2005-12-22 01:08 1996336 ------w- c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ------w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-29 17:55 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-08-01 12:10 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-07-04 15:39 169472 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ------w- c:\program files\Common Files\AOL\1157736600\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 23:01 46368 ------w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 ------w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2006-01-25 08:03 106496 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 00:33 2629632 ------w- c:\program files\Notebook Hardware Control\nhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 23:03 29984 ------w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
2005-11-15 20:13 49152 ------r- c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-01 21:22 21898024 ------r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-05-06 21:06 716800 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-12-15 21:19 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-28 12:23 136600 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-20 23:24 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
2005-10-17 08:11 65536 ------w- c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2005-10-29 02:04 864256 ------w- c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ------r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ------w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bizarro\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157736600\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157736600\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Sam\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58235:TCP"= 58235:TCP:Pando P2P TCP Listening Port
"58235:UDP"= 58235:UDP:Pando P2P UDP Listening Port
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/16/2009 6:55 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 5:04 PM 810632]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 3:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 6:45 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [12/8/2005 4:44 PM 3328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/1/2009 5:27 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [11/18/2005 6:21 PM 58624]
R3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 5:42 PM 73600]
S1 zmauokbb;zmauokbb;\??\c:\windows\system32\drivers\zmauokbb.sys --> c:\windows\system32\drivers\zmauokbb.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 3:45 PM 135664]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [8/20/2009 3:14 PM 83124]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/8/2007 7:45 PM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:55]

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 05:09]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:45]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:45]

2010-01-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-01-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-04 08:12]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\r8x298da.Sam\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\Sam\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-xxxhyvnf - c:\documents and settings\Sam\Local Settings\Application Data\ofenva\lbtgsysguard.exe
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
Notify-psfus - psqlpwd.dll
SafeBoot-Symantec Antvirus
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-PC Connection Agent - c:\progra~1\MI3AA1~1\wcescomm.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-sysldtray - c:\windows\ld11.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0f,06,6b,8c,30,c4,36,bf,31,ef,a0,0a,40,3c,71,08,48,49,4c,92,3f,33,
68,94,fb,3e,b9,23,ca,90,08,4b,ea,62,76,79,5b,a6,8d,81,e1,98,60,6d,1c,02,f7,\
"??"=hex:c3,19,35,3a,09,36,59,a1,a1,47,d8,4b,73,a7,74,82
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\vrlogon.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(4972)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2010-01-05 15:23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 20:23

Pre-Run: 15,059,894,272 bytes free
Post-Run: 16,123,863,040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 758E8072C64A1CF585ABDF35D289BD79

Attached Files

  • Attached File  log.txt   26.74KB   2 downloads


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 05 January 2010 - 04:52 PM

Hi,

copying your log into the reply is sufficient. :( You do not need to attach it.

There are a couple of things left to do, please run the following script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\zmauokbb.sys
Folder::
c:\documents and settings\Sam\Local Settings\Application Data\ofenva
Driver::
zmauokbb
MIA::
c:\windows\system32\proquota.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 05 January 2010 - 05:27 PM

Straight to it:

ComboFix 10-01-04.01 - Sam 01/05/2010 17:05:14.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2362 [GMT -5:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\system32\drivers\zmauokbb.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Local Settings\Application Data\ofenva

c:\windows\system32\proquota.exe . . . is missing!!

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zmauokbb


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 14:53 . 2010-01-05 14:55 77312 ----a-w- C:\mbr.exe
2009-12-26 05:50 . 2009-12-26 05:53 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Temp
2009-12-21 01:50 . 2009-12-21 01:50 -------- d-----w- c:\program files\Trend Micro
2009-12-19 18:17 . 2009-12-19 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-19 17:43 . 2009-12-21 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-19 17:43 . 2009-12-19 17:43 -------- d-----w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com
2009-12-10 18:58 . 2009-12-10 18:58 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 22:17 . 2009-10-09 02:50 -------- d-----w- c:\program files\Steam
2010-01-05 22:14 . 2007-11-13 22:39 66560 --sha-w- c:\documents and settings\All Users\Application Data\ExtendMedia\Media Agent\ac.dll
2010-01-05 14:45 . 2009-08-25 12:53 879104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-04 12:24 . 2008-11-11 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-31 04:54 . 2006-08-19 23:28 -------- d-----w- c:\documents and settings\Sam\Application Data\BitTorrent
2009-12-26 05:55 . 2006-07-04 15:39 -------- d-----w- c:\program files\Google
2009-12-21 02:08 . 2008-07-03 21:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-19 23:55 . 2009-09-30 15:03 -------- d-----w- c:\documents and settings\Sam\Application Data\ImgBurn
2009-12-19 18:18 . 2009-12-19 18:18 117760 ----a-w- c:\documents and settings\Sam\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 16:54 . 2006-07-04 15:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-10 13:55 . 2007-09-22 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-30 15:32 . 2009-11-30 15:32 81 ----a-w- C:\CTX.DAT
2009-11-28 12:55 . 2009-09-21 11:55 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 03:58 . 2009-11-27 01:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-30 01:54 . 2009-09-08 16:38 256 ----a-w- c:\documents and settings\Sam\pool.bin
2009-10-30 01:47 . 2009-08-25 13:08 256 ----a-w- c:\windows\system32\pool.bin
2009-10-29 05:04 . 1980-01-01 07:00 668672 ------w- c:\windows\system32\wininet.dll
2009-10-21 13:37 . 2006-07-30 13:14 69760 ----a-w- c:\documents and settings\Sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 06:00 . 1980-01-01 07:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 1980-01-01 07:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-17 11:55 . 2009-06-22 11:57 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-13 10:53 . 1980-01-01 07:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 1980-01-01 07:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 1980-01-01 07:00 112128 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-20 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-28 1217808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 208896]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-04-16 115560]
"TpShocks"="TpShocks.exe" [2005-11-07 106496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-09-26 11:55 520024 ------w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ------w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2005-11-14 22:23 487424 ------w- c:\progra~1\THINKV~2\AMSG\AMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 21:43 45056 ------w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2009-11-05 16:51 654128 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-16 13:38 342848 ------w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-03 20:21 623960 ------w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-05-29 16:49 1085440 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 21:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2005-12-22 01:08 1996336 ------w- c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ------w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-29 17:55 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-08-01 12:10 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-07-04 15:39 169472 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-05-10 00:24 50760 ------w- c:\program files\Common Files\AOL\1157736600\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 23:01 46368 ------w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 16:59 124520 ------w- c:\program files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 20:15 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 17:39 292136 ------w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2006-01-25 08:03 106496 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NotebookHardwareControl]
2007-05-04 00:33 2629632 ------w- c:\program files\Notebook Hardware Control\nhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 23:03 29984 ------w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
2005-11-15 20:13 49152 ------r- c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2008-08-21 01:18 443968 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-01 21:22 21898024 ------r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-05-06 21:06 716800 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-12-15 21:19 925696 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-28 12:23 136600 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-20 23:24 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
2005-10-17 08:11 65536 ------w- c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
2005-10-29 02:04 864256 ------w- c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ------r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-06-21 17:14 35328 ------w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Bizarro\\DCPlusPlus.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157736600\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157736600\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\NBC Direct\\StoreFrontPlayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Sam\\Games\\Company of Heroes\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58235:TCP"= 58235:TCP:Pando P2P TCP Listening Port
"58235:UDP"= 58235:UDP:Pando P2P UDP Listening Port
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/16/2009 6:55 AM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [11/6/2007 5:04 PM 810632]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 3:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 6:45 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [12/8/2005 4:44 PM 3328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 3:26 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/1/2009 5:27 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [11/18/2005 6:21 PM 58624]
R3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 5:42 PM 73600]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 3:45 PM 135664]
S3 CSRBC01;CSRBC01.Sys CSR test driver;c:\windows\system32\drivers\csrbc01.sys [8/20/2009 3:14 PM 83124]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/8/2007 7:45 PM 646392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:55]

2010-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-01-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 05:09]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:45]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:45]

2010-01-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-01-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-07-04 08:12]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\r8x298da.Sam\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\Sam\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 17:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1703263365-3606755470-2851578960-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:96,0f,06,6b,8c,30,c4,36,bf,31,ef,a0,0a,40,3c,71,08,48,49,4c,92,3f,33,
68,94,fb,3e,b9,23,ca,90,08,4b,ea,62,76,79,5b,a6,8d,81,e1,98,60,6d,1c,02,f7,\
"??"=hex:c3,19,35,3a,09,36,59,a1,a1,47,d8,4b,73,a7,74,82
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\vrlogon.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(5332)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2010-01-05 17:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 22:24
ComboFix2.txt 2010-01-05 20:23

Pre-Run: 16,188,846,080 bytes free
Post-Run: 16,146,677,760 bytes free

- - End Of File - - 6800DDC8D0E70FA296BF8D2EFD3D0359

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:25 PM

Posted 06 January 2010 - 06:51 AM

Hi,

do you have your Windows CD handy? One of your system files is missing and I would like to replace it from the CD.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 ABDomega

ABDomega
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 06 January 2010 - 07:12 AM

No, I still don't have my windows CD. How should I go about getting one?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users