Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Bifrose and IRCBot


  • This topic is locked This topic is locked
25 replies to this topic

#1 ragpicker1968

ragpicker1968

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 27 December 2009 - 04:28 PM

My laptop is infected with some malware that I am finding very difficult to remove. Initially, the malware had infected my MBR (as detected by an initial run of RootRepeal). I have since repaired the MBR by rebooting with my Windows XP CD and running fixmbr. However, even after doing that I am not able to remove the malware no matter what anti-spyware / anti-virus software I have tried. When I run Malwarebytes' Anti-Malware, the following items are found

Files Infected:
C:\Program Files\Windows\firefox.exe (Backdoor.Bifrose) -> No action taken.
C:\Program Files\Mozilla\firefox.exe (Spyware.Passwords) -> No action taken.
C:\WINDOWS\System\Firefox.exe (Trojan.Banker) -> No action taken.
C:\Program Files\Common Files\System\Googleupdate.exe (Backdoor.IRCBot) -> No action taken.
C:\WINDOWS\system32\firefox.exe (Backdoor.IRCBot) -> No action taken.

However when the laptop reboots the files are never removed. I am not able to boot the laptop in Safe Mode. When I try I get a blue screen error that causes me to shut the laptop back down. Below you will see the output from my DDS.txt report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by kgmtthen at 15:29:34.71 on Sun 12/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.824 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\kgmtthen\LOCALS~1\Temp\HouseCall\housecall.bin
C:\Documents and Settings\kgmtthen\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = proxy.chemetall.net:8080
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MoeMonitor.exe] "c:\documents and settings\kgmtthen\local settings\application data\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\kgmtthen\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\program files\ibm\lotus quickr connectors\DIMon.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
LSP: kaseyasp.dll
LSP: c:\windows\system32\biolsp.dll
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://teamplace.chemetall.com/qp2.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197409746201
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197464157134
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} - hxxps://greenhouse.lotus.com/lotus/PA_1_3F2DNS521GKI602HUIA3VB00K5/plugins/com.ibm.wps.dm/jsp/common/plugin/DMPlugin.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://connect.chemetall.com/SNX/CSHELL/extender.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} - hxxps://secure.bek.com/PW/images/install/PWFileTransferEN.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.chemetall.com/dwa7W.cab
DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {56f9679e-7826-4c84-81f3-532071a8bcc5} - Windows Desktop Search Namespace Manager
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-25 11608]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-25 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-25 185089]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-25 56816]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2008-6-2 155648]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-2 36400]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-6-10 331870]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-3-3 610304]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-21 46112]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-12-11 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2009-9-2 331776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-2 109072]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-12-11 6016]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-2 671408]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-12-15 44880]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2009-1-26 38592]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-2 2234320]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-3-3 20792]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2009-5-4 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2009-5-4 3328]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-12-11 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-12-11 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-12-11 170408]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2009-5-4 3712]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-12-15 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-12-15 19408]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-6-10 110160]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-26 112592]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2008-4-3 1008936]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2008-4-3 1209640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-25 77312]

=============== Created Last 30 ================

2009-12-26 21:39:42 524288 ----a-w- C:\dds.scr
2009-12-26 19:55:27 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-26 19:55:26 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-26 19:55:26 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-26 19:55:25 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-26 19:55:25 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-26 19:55:25 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-26 19:55:25 131 ----a-w- c:\windows\IDB.zip
2009-12-26 19:55:25 1152444 ----a-w- c:\windows\UDB.zip
2009-12-26 19:53:13 0 d-----w- c:\program files\common files\PC Tools
2009-12-26 19:53:12 0 d-----w- c:\program files\Spyware Doctor
2009-12-26 19:17:46 0 d--h--w- c:\windows\PIF
2009-12-26 12:46:55 0 d-----w- C:\98632725426d161fc1
2009-12-26 03:08:49 0 d-----w- c:\docume~1\kgmtthen\applic~1\PCPitstop
2009-12-25 14:20:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-25 14:20:08 0 d-----w- c:\program files\Avira
2009-12-25 14:20:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2009-12-24 20:26:18 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-24 20:26:04 0 d-----w- c:\program files\Panda Security
2009-12-24 18:43:43 0 d-----w- c:\docume~1\kgmtthen\applic~1\AVG8
2009-12-24 03:11:50 94 ----a-w- c:\windows\wininit.ini
2009-12-24 02:46:18 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-24 02:46:18 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-24 02:46:17 0 d-----w- c:\program files\AML Products
2009-12-24 02:32:32 0 d-----w- c:\docume~1\alluse~1\applic~1\RegAce
2009-12-24 02:32:30 0 d-----w- c:\program files\RegAce
2009-12-23 22:56:41 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-23 22:50:46 0 d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-18 20:10:20 67208 ----a-w- c:\windows\UnDeploy.exe
2009-12-18 18:21:50 0 d-----w- c:\program files\common files\xing shared
2009-12-18 17:58:09 0 d-----w- c:\windows\MjM Free Photo Recovery Software
2009-12-18 17:58:09 0 d-----w- c:\program files\MjM Free Photo Recovery Software
2009-12-15 16:48:53 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2009-12-15 16:48:53 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2009-12-15 16:48:53 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2009-12-15 16:48:53 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2009-12-15 16:48:44 0 d-----w- c:\program files\Live Mesh
2009-12-15 16:46:20 0 d-----w- c:\docume~1\kgmtthen\applic~1\Microsoft Corporation
2009-12-15 16:43:47 0 d-----w- c:\docume~1\kgmtthen\applic~1\My ClickOnce Applications
2009-12-15 13:37:02 0 d-----w- c:\program files\Tracker Software
2009-12-04 15:24:52 97344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-03 02:11:41 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca73bdf3cdca26.mof
2009-12-02 21:11:23 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca7394008e4052.mof
2009-12-01 22:16:56 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2009-12-01 22:16:13 267864 ----a-w- c:\windows\system32\hpzids01.dll
2009-12-01 22:16:04 0 d-----w- c:\program files\HP
2009-12-01 22:14:57 2885 ------w- c:\windows\hphmdl15.dat
2009-12-01 22:14:57 121304 ----a-w- c:\windows\HPHins15.dat
2009-12-01 22:14:46 296915 ----a-w- c:\windows\system32\autorun.inf
2009-12-01 15:37:49 3248 ----a-w- c:\windows\system32\wbem\Outlook_01ca729c3ce875cb.mof
2009-11-30 21:52:07 49152 ----a-w- C:\September Monthly.doc
2009-11-30 21:51:01 438272 ----a-w- C:\CFC Lean Six Sigma - Sept 2009.ppt
2009-11-30 21:49:26 156737 ----a-w- C:\TAT-0005-06.pdf
2009-11-30 01:27:48 87608 ----a-w- c:\docume~1\kgmtthen\applic~1\inst.exe
2009-11-30 01:27:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-30 01:27:47 47360 ----a-w- c:\docume~1\kgmtthen\applic~1\pcouffin.sys

==================== Find3M ====================

2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2008-04-28 17:21:37 336 ----a-w- c:\program files\temp995.bat
2008-01-03 19:40:19 6293 ----a-w- c:\program files\ENOptions.xml
2007-10-26 02:18:54 5977528 ----a-w- c:\program files\EverNote.exe
2008-09-18 14:05:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 15:31:12.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 29 December 2009 - 10:08 AM

I forgot to also mention that when I have run Avira Anti-Virus scans the results show no malicious programs identified; however, I do receive 5 warnings. In reviewing the log file, I'm sure that the 5 warning are related to what gets detected (but not removed) by Malwarebytes. The warnings that I get from Avira are as follows:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleUpdate.exe
[WARNING] The file could not be opened!
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
[WARNING] The file could not be opened!
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
[WARNING] The file could not be opened!

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:15 PM

Posted 06 January 2010 - 06:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 06 January 2010 - 07:43 PM

Attached is the DDS report as requested. Please note that I have made some changes since the original posting in an attempt to eliminate the malware, so this DDS report may be different than the original posting. Also, as I side note I would like to share that the only malware detection program that shows any problem is Malwarebytes. Therefore I am also attaching a copy of the log that Malwarebytes reports. No other program (Super Anti-Spyware, Avira, AVG Anti-Virus, Microsoft Security Essentials, etc.) show any infection. In addition, the file paths that Malwarebytes report as infections do not appear to actually exist on my laptop. I have even had our corporate IT resource look, and he made sure that no such references exist in my registry. Is it possible that Malwarebytes is now giving a false positive report now that the other malware has been removed?


DDS (Ver_09-12-01.01) - NTFSx86
Run by kgmtthen at 19:29:16.65 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.777 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\StacSV.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kgmtthen\Local Settings\Temporary Internet Files\Content.IE5\ISAQX5XY\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy.chemetall.net:8080
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MoeMonitor.exe] "c:\documents and settings\kgmtthen\local settings\application data\microsoft\live mesh\bin\servicing\0.9.4014.7\MoeMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\program files\ibm\lotus quickr connectors\DIMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: kaseyasp.dll
LSP: c:\windows\system32\biolsp.dll
DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} - hxxps://teamplace.chemetall.com/qp2.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197409746201
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197464157134
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} - hxxps://greenhouse.lotus.com/lotus/PA_1_3F2DNS521GKI602HUIA3VB00K5/plugins/com.ibm.wps.dm/jsp/common/plugin/DMPlugin.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://connect.chemetall.com/SNX/CSHELL/extender.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} - hxxps://secure.bek.com/PW/images/install/PWFileTransferEN.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.chemetall.com/dwa7W.cab
DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: wlcrdplauncher - c:\program files\live mesh\remote desktop\wlcrdplauncher.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2008-6-2 155648]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-1-2 36400]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-6-10 331870]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-3-3 610304]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-2-21 46112]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2009-9-2 331776]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-1-2 109072]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-12-11 6016]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-1-2 671408]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\live mesh\remote desktop\wlcrasvc.exe [2009-12-15 44880]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2009-1-26 38592]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-1-2 2234320]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-3-3 20792]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2009-5-4 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2009-5-4 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2009-5-4 3712]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-12-15 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-12-15 19408]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-6-10 110160]
S1 mferkdk;VSCore mferkdk; [x]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\spyware doctor\bdt\bdtupdateservice.exe" --> c:\program files\spyware doctor\bdt\BDTUpdateService.exe [?]
S2 ZeppelinService;plasservice;c:\program files\common files\paretologic\plas\plasservice.exe [2009-2-18 587216]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe [2008-4-3 1008936]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies\smart board drivers\WebServer.exe [2008-4-3 1209640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-04 16:52:16 110592 ----a-w- c:\temp\KLicense.exe
2010-01-04 13:24:23 0 d-----w- c:\program files\CCleaner
2010-01-04 12:43:57 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-04 12:39:57 98816 ----a-w- c:\windows\sed.exe
2010-01-04 12:39:57 77312 ----a-w- c:\windows\MBR.exe
2010-01-04 12:39:57 261632 ----a-w- c:\windows\PEV.exe
2010-01-04 12:39:57 161792 ----a-w- c:\windows\SWREG.exe
2010-01-01 20:04:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 20:04:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 20:04:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 18:46:17 0 d-sha-r- C:\cmdcons
2009-12-30 16:46:36 0 d-----w- c:\documents and settings\kgmtthen\DoctorWeb
2009-12-30 14:06:27 0 d-----w- c:\program files\AVG
2009-12-30 04:27:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-30 03:26:27 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-29 20:55:48 243024 ----a-w- c:\windows\system32\LSPInstall.dll
2009-12-29 20:55:48 111960 ----a-w- c:\windows\system32\INetHTTPFilter.dll
2009-12-29 18:28:15 4940 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-29 18:28:15 3020 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-29 18:28:15 288544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-29 18:28:15 20768 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-29 18:28:04 2345 ----a-w- C:\rollback.ini
2009-12-29 18:02:58 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-29 15:42:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-12-29 14:44:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-26 19:55:27 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-26 19:55:26 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-26 19:55:26 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-26 19:55:25 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-26 19:55:25 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-26 19:55:25 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-26 19:55:25 131 ----a-w- c:\windows\IDB.zip
2009-12-26 19:55:25 1152444 ----a-w- c:\windows\UDB.zip
2009-12-26 19:53:13 0 d-----w- c:\program files\common files\PC Tools
2009-12-26 19:17:46 0 d--h--w- c:\windows\PIF
2009-12-26 12:46:55 0 d-----w- C:\98632725426d161fc1
2009-12-25 14:20:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-24 20:26:18 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-24 03:11:50 94 ----a-w- c:\windows\wininit.ini
2009-12-24 02:46:18 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-24 02:46:18 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-18 20:10:20 67208 ----a-w- c:\windows\UnDeploy.exe
2009-12-18 17:58:09 0 d-----w- c:\windows\MjM Free Photo Recovery Software
2009-12-15 16:48:53 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2009-12-15 16:48:53 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2009-12-15 16:48:53 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2009-12-15 16:48:53 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2009-12-15 16:48:44 0 d-----w- c:\program files\Live Mesh
2009-12-15 16:46:20 0 d-----w- c:\docume~1\kgmtthen\applic~1\Microsoft Corporation

==================== Find3M ====================

2009-12-24 16:17:57 47360 ----a-w- c:\docume~1\kgmtthen\applic~1\pcouffin.sys
2009-12-04 15:24:52 97344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-01 22:17:36 121304 ----a-w- c:\windows\HPHins15.dat
2009-11-30 01:27:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2008-01-03 19:40:19 6293 ----a-w- c:\program files\ENOptions.xml
2007-10-26 02:18:54 5977528 ----a-w- c:\program files\EverNote.exe
2008-09-18 14:05:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 19:30:06.43 ===============

Attached Files



#5 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:10:15 PM

Posted 07 January 2010 - 08:00 AM

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Edited by chamber, 07 January 2010 - 08:00 AM.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#6 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2010 - 08:34 AM

Chamber,

Thank you. Attached is the OTL.txt output from the OTL.exe scan.

OTL logfile created on: 1/7/2010 8:14:11 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\kgmtthen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 48.54 Gb Free Space | 65.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 13.55 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive H: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive I: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive J: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive O: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS

Computer Name: KGMN0031
Current User Name: kgmtthen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\collector.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Browser Defender Update Service) -- File not found
SRV - (wlcrasvc) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)
SRV - (Softmon) LANDesk® -- C:\Program Files\LANDesk\LDClient\softmon.exe (LANDesk Software, Ltd.)
SRV - (KaseyaAgent) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (Intel Local Scheduler Service) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (CBA8) LANDesk® -- C:\Program Files\LANDesk\Shared Files\residentagent.exe (LANDesk Software, Ltd.)
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe (SMART Technologies Inc.)
SRV - (SMART Web Server) -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe ()
SRV - (SMART Board Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
SRV - (Intel Targeted Multicast) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Intel PDS) -- C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (cpextender) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SR_WatchDog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RDPVDD) -- C:\WINDOWS\system32\drivers\rdpvmp.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\WINDOWS\system32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (EuMusDesignVirtualAudioCableWdm_jrm) -- C:\WINDOWS\system32\drivers\vacjrmkd.sys ()
DRV - (KAPFA) -- C:\WINDOWS\system32\drivers\KaPFA.sys (Kaseya)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies)
DRV - (ldblank) -- C:\WINDOWS\system32\drivers\ldblank.sys (LANDesk Software, Ltd.)
DRV - (mirrorflt) -- C:\WINDOWS\system32\drivers\mirrorflt.sys (LANDesk Software, Ltd.)
DRV - (ldmirror) -- C:\WINDOWS\system32\drivers\ldmirror.sys (LANDesk Software, Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (ADSEXPB) -- C:\WINDOWS\system32\drivers\adsexpb.sys (Cirrus Logic Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.chemetall.net:8080



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (IBM, Corp)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://teamplace.chemetall.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/con...s/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1197409746201 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1197464157134 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} https://greenhouse.lotus.com/lotus/PA_1_3F2...in/DMPlugin.cab (IBM Browser plug-in for documents)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/con...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/con...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://connect.chemetall.com/SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} https://www.mesh.com/0.9.4014.13/TSWeb.cab (Windows Live Mesh Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} https://secure.bek.com/PW/images/install/PW...eTransferEN.cab (PWFileTransfer Control)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.chemetall.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} http://workspace.office.live.com/Misc/Micr....RichUpload.cab (Microsoft Office Live Workspace Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/con.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.29.20.250 172.29.44.11 172.29.44.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chemetall.net
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/08 11:17:27 | 00,029,701 | ---- | M] () - G:\Automated Li Winder 060210a.txt -- [ NTFS ]
O33 - MountPoints2\{d8751e88-f92c-11de-b25a-5418630e0f11}\Shell\AutoRun\command - "" = E:\MSCONFIG.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 17:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.CSCD - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 08:07:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/07 07:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/06 15:52:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Temp Folder
[2010/01/04 15:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\MS Office Templates
[2010/01/04 14:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Process Engineering
[2010/01/04 14:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Administrative Files
[2010/01/04 14:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lean Six Sigma
[2010/01/04 14:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Chemetall Lithium
[2010/01/04 14:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lithium Project Files
[2010/01/04 10:40:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\kgmtthen\Recent
[2010/01/04 08:26:53 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/04 08:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/04 07:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\PCHealth
[2010/01/04 07:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/01/04 07:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/04 07:39:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/04 07:39:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/04 07:39:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/04 07:39:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/02 10:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/01 15:04:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 15:04:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 15:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 18:10:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/31 13:46:17 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/31 13:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/30 11:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\DoctorWeb
[2009/12/30 09:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/29 22:26:27 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/12/29 15:55:48 | 00,243,024 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\LSPInstall.dll
[2009/12/29 13:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/29 13:00:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Downloaded Installations
[2009/12/29 10:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/29 09:44:31 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/26 14:55:25 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/26 14:55:25 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/26 14:55:25 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/26 14:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/26 14:17:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/26 07:46:55 | 00,000,000 | ---D | C] -- C:\98632725426d161fc1
[2009/12/25 09:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/25 09:20:16 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/24 15:26:18 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/23 21:46:18 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/12/23 21:46:18 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/12/18 15:10:20 | 00,067,208 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2009/12/18 12:58:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\MjM Free Photo Recovery Software
[2009/12/18 12:00:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/15 11:48:53 | 00,118,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpdispd.dll
[2009/12/15 11:48:53 | 00,019,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpvmp.sys
[2009/12/15 11:48:53 | 00,015,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpvdd.dll
[2009/12/15 11:48:53 | 00,009,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdispm.sys
[2009/12/15 11:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Live Mesh
[2009/12/15 11:46:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Application Data\Microsoft Corporation
[2009/12/15 11:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\assembly
[2009/11/29 20:27:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.sys
[2009/05/10 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/01/03 14:19:43 | 05,977,528 | ---- | C] (EverNote Corp., 710 Lakeway Dr. #290, Sunnyvale, CA 94086) -- C:\Program Files\EverNote.exe
[2007/12/17 10:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

========== Files - Modified Within 30 Days ==========

[2010/01/07 08:16:58 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job
[2010/01/07 08:14:01 | 00,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364UA.job
[2010/01/07 08:12:15 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:07:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/07 08:06:46 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/07 07:24:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/01/07 07:24:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/01/07 07:21:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/07 07:21:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/07 07:21:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/07 07:21:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/07 07:16:43 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/07 07:14:00 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364Core.job
[2010/01/07 07:13:31 | 00,001,037 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/07 07:11:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 07:11:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 07:10:33 | 14,155,776 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\NTUSER.DAT
[2010/01/07 07:10:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\kgmtthen\ntuser.ini
[2010/01/07 06:40:45 | 14,602,250 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\IconCache.db
[2010/01/06 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/06 07:23:18 | 00,020,106 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/06 07:20:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/06 07:20:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/06 07:20:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/06 07:20:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/06 07:19:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/06 07:19:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/05 15:08:50 | 00,000,458 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CFC Lean Six Sigma.url
[2010/01/05 07:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/05 07:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/05 07:13:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/05 07:13:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/05 07:12:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/05 07:12:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/04 16:14:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/04 16:14:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/04 16:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/04 16:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/04 16:12:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/04 16:12:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/04 16:08:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/04 16:08:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/04 15:38:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/04 15:38:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/04 15:37:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/04 15:37:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/04 15:37:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/04 15:37:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/01/04 15:37:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/04 15:37:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/04 15:37:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/04 15:37:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/04 15:34:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/04 15:34:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/01/04 15:34:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/04 15:34:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/01/04 13:43:34 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/04 10:31:02 | 00,044,298 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:48 | 00,002,488 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:29:05 | 00,214,404 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:51:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/04 07:43:58 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:43:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 07:42:52 | 00,000,668 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/04 07:42:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/02 15:58:41 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/02 15:31:42 | 00,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/01 15:04:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 10:59:22 | 00,000,181 | ---- | M] () -- C:\WINDOWS\magix.ini
[2010/01/01 08:16:49 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\Windows Explorer.lnk
[2009/12/31 14:02:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 23:27:43 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 16:03:03 | 00,020,768 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 16:03:03 | 00,003,020 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 16:03:02 | 00,288,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 16:03:02 | 00,004,940 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | M] () -- C:\rollback.ini
[2009/12/29 12:46:33 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/26 09:21:53 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/24 11:52:38 | 00,000,094 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/24 11:17:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.sys
[2009/12/24 11:17:57 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.cat
[2009/12/24 11:17:57 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.inf
[2009/12/23 17:38:55 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\housecall.guid.cache
[2009/12/17 07:13:13 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\mcs.rma
[2009/12/17 07:13:13 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\632B24
[2009/12/15 11:46:40 | 00,118,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpdispd.dll
[2009/12/15 11:46:40 | 00,019,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpvmp.sys
[2009/12/15 11:46:40 | 00,015,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpvdd.dll
[2009/12/15 11:46:40 | 00,009,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdispm.sys
[2009/12/11 07:04:15 | 00,529,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 07:04:15 | 00,446,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 07:04:15 | 00,073,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010/01/07 08:12:14 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:06:40 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/07 07:13:31 | 00,001,037 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/06 07:23:17 | 00,020,106 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/04 14:38:30 | 00,004,334 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\kmlogin.vbs
[2010/01/04 13:43:34 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/04 10:30:33 | 00,044,298 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:36 | 00,002,488 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:28:46 | 00,214,404 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:49:34 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/04 07:43:58 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:39:57 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/04 07:39:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/04 07:39:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/04 07:39:57 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/04 07:39:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/01 15:04:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 13:46:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/31 13:46:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/29 23:27:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 15:55:48 | 00,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2009/12/29 13:28:51 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/12/29 13:28:15 | 00,288,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 13:28:15 | 00,020,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 13:28:15 | 00,004,940 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:15 | 00,003,020 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | C] () -- C:\rollback.ini
[2009/12/26 14:55:27 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/26 14:55:26 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/26 14:55:26 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/26 14:55:25 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/26 14:55:25 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/24 17:56:28 | 00,004,790 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\temp16268.txt
[2009/12/23 22:11:50 | 00,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/23 17:38:55 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\housecall.guid.cache
[2009/12/01 17:15:03 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/29 20:28:00 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.log
[2009/11/29 20:27:48 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.cat
[2009/11/29 20:27:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.inf
[2009/08/24 13:41:19 | 00,009,708 | ---- | C] () -- C:\WINDOWS\System32\3612281284.ini
[2009/08/08 07:19:39 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\$_hpcst$.hpc
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/06 10:16:01 | 00,000,034 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009/06/15 06:02:37 | 00,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/09 12:10:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2009/04/29 13:44:11 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/26 08:49:50 | 00,038,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\vacjrmkd.sys
[2009/01/23 16:37:48 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/11/19 14:27:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2008/11/16 13:14:46 | 06,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
[2008/11/16 13:14:45 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/10/22 20:02:11 | 00,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/24 06:51:29 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\mcs.rma
[2008/07/24 06:51:29 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\632B24
[2008/07/16 08:57:26 | 00,000,356 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2008/07/16 08:40:02 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/07/16 08:37:22 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/07/16 08:34:57 | 00,000,181 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008/07/16 08:34:56 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/06/25 13:47:34 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\fusioncache.dat
[2008/04/08 14:36:15 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Minitab.ini
[2008/03/13 23:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2008/02/14 16:17:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/14 16:17:01 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/02/14 16:17:01 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/14 16:17:01 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/11 20:51:51 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/25 15:18:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/25 15:18:29 | 00,000,141 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/03 14:21:22 | 00,006,293 | ---- | C] () -- C:\Program Files\ENOptions.xml
[2008/01/02 13:42:21 | 00,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2008/01/02 13:42:13 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/12/14 09:41:09 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/12/12 14:08:34 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2007/12/12 14:08:34 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2007/12/12 14:08:34 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2007/12/12 14:08:34 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2007/12/12 14:08:34 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2007/12/12 14:08:30 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/12/12 07:21:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 16:26:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 16:18:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/09/20 16:15:31 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/09/20 16:13:49 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/09/20 16:13:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/09/20 15:48:50 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/20 15:48:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/09/20 15:47:32 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/09 12:08:04 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/27 09:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 11:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/01/31 20:16:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 20:11:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 20:08:44 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 20:08:36 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 20:08:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 20:08:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 20:08:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 20:08:00 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 20:07:50 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 20:07:42 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 20:07:34 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 20:07:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 13:09:46 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 13:09:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 13:09:06 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 13:08:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 13:08:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 13:08:06 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 13:07:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 13:07:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 13:07:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 13:06:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 15:31:50 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 15:30:30 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 09:14:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/10/03 16:33:54 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/02 10:47:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/08/24 13:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstalledPackages
[2009/05/04 13:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2007/12/14 08:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/09/07 08:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/09/20 16:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/29 11:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/04/21 11:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/11/29 12:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2010/01/04 09:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/07 07:12:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/01/02 10:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/10/13 08:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 20:23:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/08 11:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\aicon
[2008/10/27 06:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Autodesk
[2009/10/14 06:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Benubird
[2009/09/28 08:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\CompanionLink
[2008/04/25 08:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Facebook
[2009/06/02 16:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\gtk-2.0
[2009/04/29 07:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\IObit
[2008/04/08 15:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Minitab
[2009/02/23 13:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\OpenOffice.org
[2009/10/08 08:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\ProjectWise
[2008/03/13 10:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Serif
[2009/04/21 11:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies
[2009/04/21 11:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies Inc
[2009/08/08 07:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Smith Micro
[2009/12/24 11:17:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Vso
[2010/01/07 07:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Wave Systems Corp
[2009/05/10 21:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Desktop Search
[2008/10/18 07:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Live Writer
[2010/01/07 07:16:43 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/01/06 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/01/04 13:43:34 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/01/07 08:16:58 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-01 12:57:33


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/04 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/04 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 00,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2007/04/16 10:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\i386\kernel32.dll
[2007/04/16 10:52:53 | 00,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 08:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/04 05:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\i386\ntfs.sys
[2007/02/09 06:10:35 | 00,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 05:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/04 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/04 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/04 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2005/06/10 19:17:13 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/10 18:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005/06/10 18:53:32 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/04 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 05:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\i386\termsrv.dll
[2004/08/04 05:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/04 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#7 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2010 - 08:35 AM

Attached is the Extras.txt output from the OTL.exe scan. I will be running GMER next.


OTL Extras logfile created on: 1/7/2010 8:14:11 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\kgmtthen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 48.54 Gb Free Space | 65.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 13.55 Gb Free Space | 18.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive H: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive I: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive J: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS
Drive O: | 519.46 Gb Total Space | 277.63 Gb Free Space | 53.45% Space Free | Partition Type: NTFS

Computer Name: KGMN0031
Current User Name: kgmtthen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe" = C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe:*:Enabled:Lotus Sametime Connect -- (International Business Machines Corporation)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\notes\ndiiop.exe" = C:\notes\ndiiop.exe:*:Enabled:IBM Lotus Notes/Domino -- (IBM Corp)
"C:\notes\nhttp.exe" = C:\notes\nhttp.exe:*:Enabled:IBM Lotus Notes/Domino -- (IBM Corp)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Quality Companion Dashboard\qcdash.exe" = C:\Program Files\Quality Companion Dashboard\qcdash.exe:*:Enabled:Quality Companion Dashboard -- (Minitab)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe" = C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop -- (Microsoft Corporation)
"C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe" = C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024D7254-4262-4498-AC70-C5C413564D2B}" = Database Design Samples
"{0298C720-87DF-11D3-8831-00500457F9ED}" = Software Design Samples
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{03E79E22-1DF6-11D3-A2FC-006008A88CA8}" = Sample Drawings
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{15D5B241-07BC-45D2-9D85-4CF906079E16}" = Program Files Professional
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1ACA72C1-8BF5-11D3-8831-00500457F9ED}" = Advanced Network Diagramming Samples
"{1AEB7BA0-53C8-4F0A-0000-00D0B7CE9FA8}" = Software Design
"{1B1997F3-46CA-11D3-8660-00C04F8DBAD9}" = Microsoft Office Integration
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}" = Notebook Interactive Viewer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F807274-C9A0-4B59-9EA5-2EDB58E26462}" = Quality Companion Dashboard Beta
"{309FB294-387C-4DB4-B1DA-60E7432ECF94}" = Database Design Help
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{325C4969-4808-4A87-9547-F58620C444CA}" = Advanced Network Diagramming
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{36C9D472-2A8C-11D3-8F74-00C04F8DD7E3}" = Online Documentation
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{473E9B0A-C70A-4891-A74F-72D6877A5FAC}" = CompanionLink for Google
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5062141B-52D6-4DF2-A6A6-2200202B495C}" = Internet Diagrams
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51BE5F59-F3CC-4464-A107-A6534C227C9C}" = Lotus Quickr connectors
"{522DAB8E-9ED2-4737-9557-E4DE8E7191F7}" = Windows Live Sync
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF19-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Samples
"{5430FF1A-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Samples
"{5430FF1B-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Samples
"{5430FF1C-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Samples
"{5430FF1D-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Samples
"{5430FF1E-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Samples
"{5430FF1F-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Samples
"{5430FF20-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Samples
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{553CAA5A-EE8B-4603-BFC3-D9003F2FF9A1}" = Quality Companion 2
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AEBDA27-60AF-43EA-B71E-B78115EABC76}" = MINITAB Release 14
"{5DA0672F-B0E6-4014-B044-BBAD2906BDC2}" = Release Notes Professional
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{702BB930-8BED-11D3-8831-00500457F9ED}" = Directory Services Samples
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA173-1854-11D3-8F5D-00C04F8DD7E3}" = Stencil Report Wizard
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA175-1854-11D3-8F5D-00C04F8DD7E3}" = Print ShapeSheet
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA178-1854-11D3-8F5D-00C04F8DD7E3}" = SmartShape Wizard
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17A-1854-11D3-8F5D-00C04F8DD7E3}" = Spelling
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4FBF34-96D5-4AFB-9DF4-704E02BA4500}" = Database Design
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NGX R60
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A0C1A76B-AAA0-4010-8E12-9661A9AA1255}" = SMART Install Manager
"{A0E54EC6-EA51-4088-A6EE-BEF1D1D128AB}" = Lotus Notes 7.0.2
"{a26ff7e0-a2d0-4453-aa12-14c8aeede90b}" = Check Point SSL Network Extender Service
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B06EC9B5-4736-4993-B513-E060A8B1F6F9}" = Software Design Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8817826-3897-44FA-BF76-7E1FB3CFF7C4}" = Virtual Coach
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCF67D2B-02E3-4376-8D03-2980EE522083}" = Internet Diagrams Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BADF00-90BC-11D3-8831-00500457F9ED}" = UML Specification
"{C1CE2ED0-238B-11D3-8F70-00C04F8DD7E3}" = Developing Visio Solutions
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C5205EE2-2B3E-11D3-8F75-00C04F8DD7E3}" = Database Wizard Samples
"{C5205EE3-2B3E-11D3-8F75-00C04F8DD7E3}" = CAD Drawing Display Samples
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAE3CA0-9231-11D3-8831-00500457F9ED}" = Internet Diagrams Samples
"{CD648428-0166-462B-9470-E45BEF174FD0}" = Directory Services Help
"{CDC43360-8331-11D3-8831-00500457F9ED}" = Program Files Professional Help
"{CDD652D4-2EAA-4D72-8666-F300802F6B40}" = Shape Explorer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce68ca3b-2fc4-4104-9986-d4900ca651f0}" = Check Point SSL Network Extender Components Shell
"{D0832BB9-947C-424E-8B35-8F70B1BEC0C0}" = Advanced Network Diagramming Help
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D31F958E-7353-4DEB-83E8-35B02F2EE20A}" = Wave Infrastructure Installer
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Visio 2000
"{DCB4E1D9-B187-4B54-971E-1478485C9A53}" = Live Mesh
"{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F541CA9B-727A-462E-B066-CDF49B5D2C10}" = Directory Services
"{F581DF68-CAE9-4064-A6CD-705D95D1C756}" = Notebook Software
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}" = SMART Board Drivers
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"840EF3FB8C7BFBB007E46E18F107E8CC6DD522EA" = Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"ADS Tech Master Installer V3.0" = ADS Tech Master Installer V3.0
"ADS Tech V3.1 DVD Xpress CapWiz" = ADS Tech V3.1 DVD Xpress CapWiz
"Benubird PDF" = Benubird PDF 1.4.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CodInstl" = Intel A/V Codecs V2.0
"CutePDF Writer Installation" = CutePDF Writer 2.7
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LG USB Drivers" = LG USB Drivers
"MAGIX playR jukebox" = MAGIX playR jukebox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuvAudio2" = MuvAudio2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"RealVNC_is1" = VNC Enterprise Edition E4.4.3
"Rhapsody" = Rhapsody
"SAPFrontend" = SAP Front End
"Smart Defrag_is1" = Smart Defrag
"VZAccess Manager" = VZAccess Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2010 4:36:30 PM | Computer Name = KGMN0031 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/6/2010 4:36:30 PM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/6/2010 4:36:53 PM | Computer Name = KGMN0031 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/6/2010 4:38:12 PM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CM\kgmtthen failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/6/2010 6:57:34 PM | Computer Name = KGMN0031 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/6/2010 6:57:35 PM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/6/2010 6:58:07 PM | Computer Name = KGMN0031 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/6/2010 6:59:22 PM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CM\kgmtthen failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/7/2010 2:57:34 AM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/7/2010 2:58:45 AM | Computer Name = KGMN0031 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for CM\kgmtthen failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 12/31/2009 3:01:55 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7000
Description = The plasservice service failed to start due to the following error:
%%1053

Error - 12/31/2009 3:04:44 PM | Computer Name = KGMN0031 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/31/2009 3:19:48 PM | Computer Name = KGMN0031 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 12/31/2009 3:20:42 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for DeleteFlag with the following
error: %%1019

Error - 12/31/2009 3:22:34 PM | Computer Name = KGMN0031 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/31/2009 3:23:51 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7000
Description = The ADS DVD Xpress B service failed to start due to the following
error: %%1058

Error - 12/31/2009 3:23:52 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 12/31/2009 3:23:52 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 12/31/2009 3:23:52 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the plasservice service to
connect.

Error - 12/31/2009 3:23:52 PM | Computer Name = KGMN0031 | Source = Service Control Manager | ID = 7000
Description = The plasservice service failed to start due to the following error:
%%1053

[ Wireless Sync Events ]
Error - 9/10/2009 3:40:03 PM | Computer Name = KGMN0031 | Source = Wireless Sync | ID = 0
Description =

Error - 9/22/2009 12:43:52 AM | Computer Name = KGMN0031 | Source = Wireless Sync | ID = 0
Description =


< End of report >

#8 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:10:15 PM

Posted 07 January 2010 - 10:52 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O33 - MountPoints2\{d8751e88-f92c-11de-b25a-5418630e0f11}\Shell\AutoRun\command - "" = E:\MSCONFIG.EXE -- File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#9 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2010 - 03:44 PM

Finally finished the GMER scan. Attached is the result log. I will now proceed with OTL custom scan and combofix.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-07 15:16:51
Windows 5.1.2600 Service Pack 3
Running: cvfsok8w.exe; Driver: C:\DOCUME~1\kgmtthen\LOCALS~1\Temp\fxloqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xBA262D4A]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00346DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003472BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00345BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 0034737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 0034724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00345AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003473E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00346C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 0034595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 003461DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 003465B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00346AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 0034633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00346261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 003462BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00346035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 003466AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00346A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003459B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 003464E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00346EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00346F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00346725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00347202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00345C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00345BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 0034718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00346BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 0034644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 003469D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00346135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00347001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00346D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00345E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00346E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00345F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00345A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00347108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00347236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2124] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 003471E7 C:\WINDOWS\system32\wxvault.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A6EA0D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}
Reg HKLM\SOFTWARE\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7FAFFD5B-ECA5-8590-06385EB5239D555A}\{E5D513A6-5530-C183-13C6195B3F88B339}\{5B7495F9-FD9A-8C8C-FD87354974961E7A}
Reg HKLM\SOFTWARE\Classes\CLSID\{7FAFFD5B-ECA5-8590-06385EB5239D555A}\{E5D513A6-5530-C183-13C6195B3F88B339}\{5B7495F9-FD9A-8C8C-FD87354974961E7A}@MXWMZBBJPIARSDPHLNYRY5GWLB1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

#10 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2010 - 03:58 PM

Finished the OTL custom scan/fix....rebooted.....quick scan log attached below. Will now run combofix.

OTL logfile created on: 1/7/2010 3:53:39 PM - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\kgmtthen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 48.65 Gb Free Space | 65.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive H: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive I: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive J: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive O: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
Drive W: | 150.00 Gb Total Space | 52.63 Gb Free Space | 35.09% Space Free | Partition Type: NTFS
Drive X: | 519.46 Gb Total Space | 277.57 Gb Free Space | 53.43% Space Free | Partition Type: NTFS

Computer Name: KGMN0031
Current User Name: kgmtthen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\collector.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Browser Defender Update Service) -- File not found
SRV - (wlcrasvc) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)
SRV - (Softmon) LANDesk® -- C:\Program Files\LANDesk\LDClient\softmon.exe (LANDesk Software, Ltd.)
SRV - (KaseyaAgent) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (Intel Local Scheduler Service) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (CBA8) LANDesk® -- C:\Program Files\LANDesk\Shared Files\residentagent.exe (LANDesk Software, Ltd.)
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe (SMART Technologies Inc.)
SRV - (SMART Web Server) -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe ()
SRV - (SMART Board Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
SRV - (Intel Targeted Multicast) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Intel PDS) -- C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (cpextender) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SR_WatchDog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.chemetall.net:8080



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (IBM, Corp)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://teamplace.chemetall.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/con...s/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1197409746201 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1197464157134 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} https://greenhouse.lotus.com/lotus/PA_1_3F2...in/DMPlugin.cab (IBM Browser plug-in for documents)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/con...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/con...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://connect.chemetall.com/SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} https://www.mesh.com/0.9.4014.13/TSWeb.cab (Windows Live Mesh Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} https://secure.bek.com/PW/images/install/PW...eTransferEN.cab (PWFileTransfer Control)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.chemetall.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} http://workspace.office.live.com/Misc/Micr....RichUpload.cab (Microsoft Office Live Workspace Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/con.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.29.20.250 172.29.44.11 172.29.44.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chemetall.net
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/08 11:17:27 | 00,029,701 | ---- | M] () - G:\Automated Li Winder 060210a.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 15:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/07 15:48:32 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/07 08:07:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/06 15:52:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Temp Folder
[2010/01/04 15:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\MS Office Templates
[2010/01/04 14:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Process Engineering
[2010/01/04 14:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Administrative Files
[2010/01/04 14:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lean Six Sigma
[2010/01/04 14:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Chemetall Lithium
[2010/01/04 14:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lithium Project Files
[2010/01/04 10:40:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\kgmtthen\Recent
[2010/01/04 08:26:53 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/04 08:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/04 07:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\PCHealth
[2010/01/04 07:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/01/04 07:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/04 07:39:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/04 07:39:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/04 07:39:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/04 07:39:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/02 10:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/01 15:04:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 15:04:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 15:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 18:10:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/31 13:46:17 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/31 13:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/30 11:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\DoctorWeb
[2009/12/30 09:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/29 22:26:27 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/12/29 15:55:48 | 00,243,024 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\LSPInstall.dll
[2009/12/29 13:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/29 13:00:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Downloaded Installations
[2009/12/29 10:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/26 14:55:25 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/26 14:55:25 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/26 14:55:25 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/26 14:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/26 14:17:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/26 07:46:55 | 00,000,000 | ---D | C] -- C:\98632725426d161fc1
[2009/12/25 09:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/25 09:20:16 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/11/29 20:27:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.sys
[2009/05/10 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/01/03 14:19:43 | 05,977,528 | ---- | C] (EverNote Corp., 710 Lakeway Dr. #290, Sunnyvale, CA 94086) -- C:\Program Files\EverNote.exe
[2007/12/17 10:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

========== Files - Modified Within 14 Days ==========

[2010/01/07 15:54:15 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job
[2010/01/07 15:53:06 | 00,001,037 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/07 15:51:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 15:51:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 15:50:20 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\kgmtthen\ntuser.ini
[2010/01/07 15:50:19 | 14,155,776 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\NTUSER.DAT
[2010/01/07 15:26:32 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/07 15:17:38 | 14,602,990 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\IconCache.db
[2010/01/07 15:14:00 | 00,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364UA.job
[2010/01/07 08:12:15 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:07:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/07 08:06:46 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/07 07:24:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/01/07 07:24:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/01/07 07:21:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/07 07:21:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/07 07:21:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/07 07:21:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/07 07:14:00 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364Core.job
[2010/01/06 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/06 07:23:18 | 00,020,106 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/06 07:20:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/06 07:20:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/06 07:20:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/06 07:20:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/06 07:19:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/06 07:19:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/05 15:08:50 | 00,000,458 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CFC Lean Six Sigma.url
[2010/01/05 07:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/05 07:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/05 07:13:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/05 07:13:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/05 07:12:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/05 07:12:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/04 16:14:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/04 16:14:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/04 16:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/04 16:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/04 16:12:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/04 16:12:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/04 16:08:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/04 16:08:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/04 15:38:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/04 15:38:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/04 15:37:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/04 15:37:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/04 15:37:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/04 15:37:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/01/04 15:37:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/04 15:37:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/04 15:37:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/04 15:37:45 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/04 15:34:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/04 15:34:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/01/04 15:34:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/04 15:34:27 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/01/04 13:43:34 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/04 10:31:02 | 00,044,298 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:48 | 00,002,488 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:29:05 | 00,214,404 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:51:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/04 07:43:58 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:43:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 07:42:52 | 00,000,668 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/04 07:42:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/02 15:58:41 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/02 15:31:42 | 00,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/01 15:04:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/01 10:59:22 | 00,000,181 | ---- | M] () -- C:\WINDOWS\magix.ini
[2010/01/01 08:16:49 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\Windows Explorer.lnk
[2009/12/31 14:02:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 23:27:43 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 16:03:03 | 00,020,768 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 16:03:03 | 00,003,020 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 16:03:02 | 00,288,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 16:03:02 | 00,004,940 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | M] () -- C:\rollback.ini
[2009/12/29 12:46:33 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/26 09:21:53 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010/01/07 15:53:06 | 00,001,037 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/07 08:12:14 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:06:40 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/06 07:23:17 | 00,020,106 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/04 14:38:30 | 00,004,334 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\kmlogin.vbs
[2010/01/04 13:43:34 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/01/04 10:30:33 | 00,044,298 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:36 | 00,002,488 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:28:46 | 00,214,404 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:49:34 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/04 07:43:58 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:39:57 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/04 07:39:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/04 07:39:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/04 07:39:57 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/04 07:39:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/01 15:04:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 13:46:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/31 13:46:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/29 23:27:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 15:55:48 | 00,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2009/12/29 13:28:51 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/12/29 13:28:15 | 00,288,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 13:28:15 | 00,020,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 13:28:15 | 00,004,940 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:15 | 00,003,020 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | C] () -- C:\rollback.ini
[2009/12/26 14:55:27 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/26 14:55:26 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/26 14:55:26 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/26 14:55:25 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/26 14:55:25 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/24 17:56:28 | 00,004,790 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\temp16268.txt
[2009/12/23 22:11:50 | 00,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/23 17:38:55 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\housecall.guid.cache
[2009/12/01 17:15:03 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/29 20:28:00 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.log
[2009/11/29 20:27:48 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.cat
[2009/11/29 20:27:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.inf
[2009/08/24 13:41:19 | 00,009,708 | ---- | C] () -- C:\WINDOWS\System32\3612281284.ini
[2009/08/08 07:19:39 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\$_hpcst$.hpc
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/06 10:16:01 | 00,000,034 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009/06/15 06:02:37 | 00,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/09 12:10:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2009/04/29 13:44:11 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/26 08:49:50 | 00,038,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\vacjrmkd.sys
[2009/01/23 16:37:48 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/11/19 14:27:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2008/11/16 13:14:46 | 06,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
[2008/11/16 13:14:45 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/10/22 20:02:11 | 00,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/24 06:51:29 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\mcs.rma
[2008/07/24 06:51:29 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\632B24
[2008/07/16 08:57:26 | 00,000,356 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2008/07/16 08:40:02 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/07/16 08:37:22 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/07/16 08:34:57 | 00,000,181 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008/07/16 08:34:56 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/06/25 13:47:34 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\fusioncache.dat
[2008/04/08 14:36:15 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Minitab.ini
[2008/03/13 23:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2008/02/14 16:17:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/14 16:17:01 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/02/14 16:17:01 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/14 16:17:01 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/11 20:51:51 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/25 15:18:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/25 15:18:29 | 00,000,141 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/03 14:21:22 | 00,006,293 | ---- | C] () -- C:\Program Files\ENOptions.xml
[2008/01/02 13:42:21 | 00,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2008/01/02 13:42:13 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/12/14 09:41:09 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/12/12 14:08:34 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2007/12/12 14:08:34 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2007/12/12 14:08:34 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2007/12/12 14:08:34 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2007/12/12 14:08:34 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2007/12/12 14:08:30 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/12/12 07:21:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 16:26:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 16:18:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/09/20 16:15:31 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/09/20 16:13:49 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/09/20 16:13:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/09/20 15:48:50 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/20 15:48:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/09/20 15:47:32 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/09 12:08:04 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/27 09:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 11:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/01/31 20:16:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 20:11:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 20:08:44 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 20:08:36 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 20:08:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 20:08:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 20:08:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 20:08:00 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 20:07:50 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 20:07:42 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 20:07:34 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 20:07:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 13:09:46 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 13:09:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 13:09:06 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 13:08:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 13:08:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 13:08:06 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 13:07:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 13:07:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 13:07:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 13:06:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 15:31:50 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 15:30:30 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 09:14:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/10/03 16:33:54 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/02 10:47:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/08/24 13:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstalledPackages
[2009/05/04 13:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2007/12/14 08:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/09/07 08:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/09/20 16:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/29 11:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/04/21 11:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/11/29 12:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2010/01/04 09:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/07 15:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/01/02 10:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/10/13 08:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 20:23:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/08 11:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\aicon
[2008/10/27 06:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Autodesk
[2009/10/14 06:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Benubird
[2009/09/28 08:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\CompanionLink
[2008/04/25 08:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Facebook
[2009/06/02 16:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\gtk-2.0
[2009/04/29 07:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\IObit
[2008/04/08 15:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Minitab
[2009/02/23 13:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\OpenOffice.org
[2009/10/08 08:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\ProjectWise
[2008/03/13 10:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Serif
[2009/04/21 11:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies
[2009/04/21 11:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies Inc
[2009/08/08 07:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Smith Micro
[2009/12/24 11:17:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Vso
[2010/01/07 07:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Wave Systems Corp
[2009/05/10 21:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Desktop Search
[2008/10/18 07:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Live Writer
[2010/01/07 15:26:32 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/01/06 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/01/04 13:43:34 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/01/07 15:54:15 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#11 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 07 January 2010 - 04:13 PM

Finished combofix. Log file shown below.

ComboFix 10-01-04.01 - kgmtthen 01/07/2010 16:01:50.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1109 [GMT -5:00]
Running from: c:\documents and settings\kgmtthen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\EventSystem.log

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-07 20:48 . 2010-01-07 20:48 -------- d-----w- C:\_OTL
2010-01-04 16:52 . 2010-01-04 16:52 110592 ----a-w- c:\temp\KLicense.exe
2010-01-04 13:24 . 2010-01-04 13:24 -------- d-----w- c:\program files\CCleaner
2010-01-04 12:44 . 2010-01-04 12:44 -------- d-----w- c:\documents and settings\kgmtthen\Local Settings\Application Data\PCHealth
2010-01-04 12:44 . 2010-01-04 12:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-01-04 12:43 . 2010-01-04 12:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-02 15:09 . 2010-01-02 15:09 -------- d-----w- c:\documents and settings\kgmtthen\Local Settings\Application Data\NTRU Cryptosystems
2010-01-01 20:04 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 20:04 . 2010-01-01 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 20:04 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 16:46 . 2009-12-30 20:02 -------- d-----w- c:\documents and settings\kgmtthen\DoctorWeb
2009-12-30 14:06 . 2009-12-30 14:06 -------- d-----w- c:\program files\AVG
2009-12-30 04:27 . 2009-12-30 04:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-30 03:26 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-29 20:55 . 2009-02-18 19:43 243024 ----a-w- c:\windows\system32\LSPInstall.dll
2009-12-29 20:55 . 2009-02-18 19:43 111960 ----a-w- c:\windows\system32\INetHTTPFilter.dll
2009-12-29 18:28 . 2009-12-29 21:03 20768 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-29 18:28 . 2009-12-29 21:03 288544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-29 18:02 . 2009-12-29 18:02 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-29 18:00 . 2009-12-29 18:00 -------- d-----w- c:\documents and settings\kgmtthen\Local Settings\Application Data\Downloaded Installations
2009-12-29 15:42 . 2009-12-29 15:42 668 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6287188B7983AF44FB67E7F13BFC7F4C.dll
2009-12-29 14:44 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-26 19:55 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-26 19:55 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-26 19:55 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-26 19:55 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-26 19:55 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-26 19:55 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2009-12-26 19:53 . 2010-01-02 16:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-26 19:17 . 2009-12-26 19:17 -------- d--h--w- c:\windows\PIF
2009-12-26 12:46 . 2009-12-26 12:46 -------- d-----w- C:\98632725426d161fc1
2009-12-25 14:20 . 2009-12-26 14:21 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-24 20:26 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-24 13:41 . 2010-01-01 13:35 52224 ----a-w- c:\documents and settings\kgmtthen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-24 02:46 . 2002-01-05 11:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-24 02:46 . 2002-01-05 10:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-23 22:06 . 2010-01-04 12:46 -------- d-----w- c:\documents and settings\HelpAssistant
2009-12-18 20:10 . 2009-06-19 08:20 67208 ----a-w- c:\windows\UnDeploy.exe
2009-12-18 17:58 . 2009-12-18 17:58 -------- d-----w- c:\windows\MjM Free Photo Recovery Software
2009-12-18 17:00 . 2010-01-04 14:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-15 16:48 . 2009-12-15 16:46 9040 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2009-12-15 16:48 . 2009-12-15 16:46 19408 ----a-w- c:\windows\system32\drivers\rdpvmp.sys
2009-12-15 16:48 . 2009-12-15 16:46 15696 ----a-w- c:\windows\system32\rdpvdd.dll
2009-12-15 16:48 . 2009-12-15 16:46 118736 ----a-w- c:\windows\system32\rdpdispd.dll
2009-12-15 16:48 . 2009-12-15 16:48 -------- d-----w- c:\program files\Live Mesh
2009-12-15 16:46 . 2009-12-15 16:46 -------- d-----w- c:\documents and settings\kgmtthen\Application Data\Microsoft Corporation
2009-12-15 16:46 . 2009-12-15 16:46 -------- d-----w- c:\documents and settings\kgmtthen\Local Settings\Application Data\assembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 20:52 . 2009-05-04 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-01-07 12:06 . 2007-12-11 21:34 -------- d-----w- c:\documents and settings\kgmtthen\Application Data\Wave Systems Corp
2010-01-04 15:17 . 2007-12-30 16:42 -------- d-----w- c:\program files\Common Files\Real
2010-01-04 12:44 . 2007-09-20 21:26 87104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 15:55 . 2007-12-14 16:01 -------- d-----w- c:\program files\Common Files\Apple
2010-01-02 15:47 . 2007-12-14 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2010-01-02 15:10 . 2007-09-20 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Wave Systems Corp
2010-01-01 17:48 . 2008-07-01 06:41 -------- d-----w- c:\program files\Common Files\ArchestrA
2010-01-01 17:39 . 2008-02-15 12:32 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-01 16:51 . 2007-09-20 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-01 16:11 . 2007-09-20 21:06 -------- d-----w- c:\program files\Java
2010-01-01 13:35 . 2009-03-13 10:57 117760 ----a-w- c:\documents and settings\kgmtthen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-30 22:59 . 2007-12-11 21:40 -------- d-----w- c:\program files\UltraVNC
2009-12-29 21:12 . 2009-11-28 08:18 79488 ----a-w- c:\documents and settings\kgmtthen\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 21:03 . 2009-12-29 18:28 3020 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-29 21:03 . 2009-12-29 18:28 4940 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-29 16:08 . 2009-12-29 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-12-29 15:42 . 2009-12-29 15:42 62 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6D7BD3D7B4943D11F9260006808AE88C.dll
2009-12-24 16:17 . 2009-11-30 01:27 -------- d-----w- c:\documents and settings\kgmtthen\Application Data\Vso
2009-12-24 16:17 . 2009-11-30 01:27 47360 ----a-w- c:\documents and settings\kgmtthen\Application Data\pcouffin.sys
2009-12-24 16:17 . 2009-11-30 01:27 47360 ----a-w- c:\documents and settings\kgmtthen\Application Data\pcouffin.sys
2009-12-18 11:54 . 2009-03-02 23:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-15 17:10 . 2008-10-18 12:16 -------- d-----w- c:\program files\Windows Live
2009-12-10 18:26 . 2009-02-23 18:21 1 ----a-w- c:\documents and settings\kgmtthen\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-10 12:26 . 2008-04-28 19:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-04 15:24 . 2009-12-04 15:24 97344 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-01 22:17 . 2009-12-01 22:14 121304 ----a-w- c:\windows\HPHins15.dat
2009-12-01 22:17 . 2009-12-01 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-12-01 22:16 . 2009-12-01 22:16 -------- d-----w- c:\program files\HP
2009-11-30 01:27 . 2009-11-30 01:27 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-29 17:42 . 2007-12-11 20:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2009-11-29 17:42 . 2009-08-24 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SyncClient
2009-11-29 17:42 . 2008-07-24 11:49 -------- d-----w- c:\program files\Rhapsody
2009-11-21 13:43 . 2008-04-28 19:43 -------- d-----w- c:\program files\Microsoft.NET
2009-11-13 17:39 . 2007-12-14 16:03 -------- d-----w- c:\documents and settings\kgmtthen\Application Data\Apple Computer
2009-11-10 17:51 . 2009-03-31 15:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-05 16:35 . 2009-11-05 16:35 4710 ----a-r- c:\documents and settings\kgmtthen\Application Data\Microsoft\Installer\{ce68ca3b-2fc4-4104-9986-d4900ca651f0}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 12:52 . 2009-10-13 12:52 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-13 10:30 . 2004-08-11 22:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 22:00 79872 ----a-w- c:\windows\system32\raschap.dll
2008-01-03 19:40 . 2008-01-03 19:21 6293 ----a-w- c:\program files\ENOptions.xml
2007-10-26 02:18 . 2008-01-03 19:19 5977528 ----a-w- c:\program files\EverNote.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoeMonitor.exe"="c:\documents and settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe" [2009-12-15 1315152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Kaseya Agent Service Helper"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2008-09-04 229376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-20 50688]
Lotus Quickr Monitor.lnk - c:\program files\IBM\Lotus Quickr connectors\DIMon.exe [2008-4-5 391816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-06-19 18:01 24669 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2009-12-15 16:41 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SecureUpgrade"=c:\program files\Wave Systems Corp\SecureUpgrade.exe
"KADxMain"=c:\windows\system32\KADxMain.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\kgmtthen\\Local Settings\\Application Data\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 74480]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [6/2/2008 9:42 AM 155648]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [1/2/2008 1:42 PM 36400]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [6/10/2007 4:48 PM 331870]
R2 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [3/3/2009 1:33 PM 610304]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 3:09 PM 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2/21/2008 4:34 PM 46112]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [9/2/2009 10:37 AM 331776]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [1/2/2008 1:42 PM 109072]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [12/11/2007 4:40 PM 6016]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [1/2/2008 1:42 PM 671408]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [12/15/2009 11:48 AM 44880]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [1/26/2009 8:49 AM 38592]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [1/2/2008 1:42 PM 2234320]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [5/4/2009 1:11 PM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [5/4/2009 1:11 PM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [5/4/2009 1:11 PM 3712]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [12/15/2009 11:48 AM 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [12/15/2009 11:48 AM 19408]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [6/10/2007 4:48 PM 110160]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe" --> c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [?]
S2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [2/18/2009 2:40 PM 587216]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [4/3/2008 2:14 AM 1008936]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [4/3/2008 2:14 AM 1209640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364Core.job
- c:\documents and settings\kgmtthen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-28 21:29]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447614685-2029349276-2316626804-7364UA.job
- c:\documents and settings\kgmtthen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-28 21:29]

2010-01-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2010-01-06 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2010-01-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-04 18:48]

2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy.chemetall.net:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\biolsp.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} - hxxps://greenhouse.lotus.com/lotus/PA_1_3F2DNS521GKI602HUIA3VB00K5/plugins/com.ibm.wps.dm/jsp/common/plugin/DMPlugin.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://connect.chemetall.com/SNX/CSHELL/extender.cab
DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} - hxxps://secure.bek.com/PW/images/install/PWFileTransferEN.cab
DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4A198D38-1B44-C07B-9EC195CD26A56314}\{73310DCC-C68F-341A-0D6AC2DC6E4B9C08}\{8FC8D867-026E-4653-C922EAC5C8EDCF7A}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,5a,55,31,
34,fe,cc,7b,b2,67,7a,23,00,42,15,6c,c7,2d,c9,a0,71,19,4d,21,52,f8,96,17,7d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7FAFFD5B-ECA5-8590-06385EB5239D555A}\{E5D513A6-5530-C183-13C6195B3F88B339}\{5B7495F9-FD9A-8C8C-FD87354974961E7A}*]
"MXWMZBBJPIARSDPHLNYRY5GWLB1"=hex:01,00,01,00,00,00,00,00,0f,06,77,1b,29,4d,3c,
5b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1456)
c:\windows\system32\biolsp.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1512)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-01-07 16:11:07
ComboFix-quarantined-files.txt 2010-01-07 21:10
ComboFix2.txt 2010-01-04 12:54

Pre-Run: 52,207,214,592 bytes free
Post-Run: 52,155,314,176 bytes free

- - End Of File - - 48FB55E956E294A3FB797885489DB02B

#12 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:10:15 PM

Posted 08 January 2010 - 03:24 AM

Looks better,

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


Also run OTL for me again and post the log.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU


#13 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 January 2010 - 07:36 AM

OK. I downloaded Malwarebytes and performed the scan as requested. I got exactly the same identified infections (5 different backdoor / trojans and about 10 trojan.droppers). Malwarebytes attempted to clean and told me I needed to reboot to delete the 5 trojans (same as it has everytime I've tried). However, this time as the laptop was rebooting, I received an error message right before my desktop loaded and showed my icons. The error message I received was as follows:

"Windows cannot find 'C:\Program'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

The Malwarebytes report log is shown below and I will now run OTL as requested.

Malwarebytes' Anti-Malware 1.44
Database version: 3515
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/8/2010 7:24:32 AM
mbam-log-2010-01-08 (07-24-31).txt

Scan type: Quick Scan
Objects scanned: 155168
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\System\Googleupdate.exe (Backdoor.IRCBot) -> Delete on reboot.
C:\Program Files\Mozilla\firefox.exe (Spyware.Passwords) -> Delete on reboot.
C:\Program Files\Windows\firefox.exe (Backdoor.Bifrose) -> Delete on reboot.
C:\WINDOWS\system32\firefox.exe (Backdoor.IRCBot) -> Delete on reboot.
C:\WINDOWS\System\Firefox.exe (Trojan.Banker) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Default User\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\HelpAssistant\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\kgmmbuen\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\kgmtthen\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Troy\Application Data\Microsoft\GoogleUpdate.exe (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\Googleupdate.exe (Backdoor.IRCBot) -> Delete on reboot.

#14 ragpicker1968

ragpicker1968
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 08 January 2010 - 07:43 AM

Just completed the OTL Scan. Was not positive which settings you wanted selected, so the scan was performed with: Minimal Output, LOP Check, and Purity Check all selected. The OTL log file is shown below.

OTL logfile created on: 1/8/2010 7:37:35 AM - Run 3
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\kgmtthen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 48.47 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive H: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive I: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive J: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive O: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS
Drive W: | 150.00 Gb Total Space | 52.59 Gb Free Space | 35.06% Space Free | Partition Type: NTFS
Drive X: | 519.46 Gb Total Space | 277.48 Gb Free Space | 53.42% Space Free | Partition Type: NTFS

Computer Name: KGMN0031
Current User Name: kgmtthen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\LANDesk\LDClient\SoftMon.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
PRC - C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
PRC - C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Program Files\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (IBM, Corp)
PRC - C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\LANDesk\LDClient\collector.exe (LANDesk Software, Ltd.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\kgmtthen\desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Browser Defender Update Service) -- File not found
SRV - (wlcrasvc) -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ZeppelinService) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)
SRV - (Softmon) LANDesk® -- C:\Program Files\LANDesk\LDClient\softmon.exe (LANDesk Software, Ltd.)
SRV - (KaseyaAgent) -- C:\Program Files\Kaseya\Agent\AgentMon.exe (Kaseya)
SRV - (Intel Local Scheduler Service) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE (LANDesk Software, Ltd.)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (CBA8) LANDesk® -- C:\Program Files\LANDesk\Shared Files\residentagent.exe (LANDesk Software, Ltd.)
SRV - (SMART SNMP Agent Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe (SMART Technologies Inc.)
SRV - (SMART Web Server) -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe ()
SRV - (SMART Board Service) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe (SMART Technologies)
SRV - (Intel Targeted Multicast) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Ltd.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Intel PDS) -- C:\WINDOWS\system32\cba\pds.exe (LANDesk Software Ltd.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (cpextender) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe (Check Point Software Technologies)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SR_WatchDog) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (RDPVDD) -- C:\WINDOWS\system32\drivers\rdpvmp.sys (Microsoft Corporation)
DRV - (RDPDISPM) -- C:\WINDOWS\system32\drivers\rdpdispm.sys (Microsoft Corporation)
DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (EuMusDesignVirtualAudioCableWdm_jrm) -- C:\WINDOWS\system32\drivers\vacjrmkd.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (VNA) -- C:\WINDOWS\system32\drivers\vna.sys (Check Point Software Technologies)
DRV - (ldblank) -- C:\WINDOWS\system32\drivers\ldblank.sys (LANDesk Software, Ltd.)
DRV - (mirrorflt) -- C:\WINDOWS\system32\drivers\mirrorflt.sys (LANDesk Software, Ltd.)
DRV - (ldmirror) -- C:\WINDOWS\system32\drivers\ldmirror.sys (LANDesk Software, Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (ADSEXPB) -- C:\WINDOWS\system32\drivers\adsexpb.sys (Cirrus Logic Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.chemetall.net:8080



O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoeMonitor.exe] C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.4014.7\MoeMonitor.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe (IBM, Corp)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://teamplace.chemetall.com/qp2.cab (Lotus Quickr Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/con...s/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1197409746201 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1197464157134 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} https://greenhouse.lotus.com/lotus/PA_1_3F2...in/DMPlugin.cab (IBM Browser plug-in for documents)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/con...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/con...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://connect.chemetall.com/SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D1278801-B2C0-4332-BD3E-2F64D2204EDF} https://www.mesh.com/0.9.4014.13/TSWeb.cab (Windows Live Mesh Upload Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6D5ACA4-4C57-4C75-8D68-BC185E924B4C} https://secure.bek.com/PW/images/install/PW...eTransferEN.cab (PWFileTransfer Control)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.chemetall.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} http://workspace.office.live.com/Misc/Micr....RichUpload.cab (Microsoft Office Live Workspace Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/con.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.29.20.250 172.29.44.11 172.29.44.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chemetall.net
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/08 11:17:27 | 00,029,701 | ---- | M] () - G:\Automated Li Winder 060210a.txt -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 07:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/08 07:05:30 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/07 16:11:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/07 16:00:22 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/07 15:48:32 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/07 08:07:11 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/06 15:52:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Temp Folder
[2010/01/04 15:07:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\MS Office Templates
[2010/01/04 14:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Process Engineering
[2010/01/04 14:48:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Administrative Files
[2010/01/04 14:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lean Six Sigma
[2010/01/04 14:22:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Chemetall Lithium
[2010/01/04 14:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\My Documents\Lithium Project Files
[2010/01/04 10:40:55 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\kgmtthen\Recent
[2010/01/04 08:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/04 07:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\PCHealth
[2010/01/04 07:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2010/01/04 07:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/04 07:39:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/04 07:39:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/04 07:39:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/04 07:39:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/04 07:38:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/02 10:09:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\NTRU Cryptosystems
[2010/01/01 15:04:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 15:04:13 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 15:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 13:46:17 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/31 13:45:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/30 11:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\DoctorWeb
[2009/12/30 09:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/12/29 22:26:27 | 00,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/12/29 15:55:48 | 00,243,024 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\LSPInstall.dll
[2009/12/29 13:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/29 13:00:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Downloaded Installations
[2009/12/29 10:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/29 09:44:31 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/26 14:55:25 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/26 14:55:25 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/26 14:55:25 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/26 14:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/26 14:17:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/26 07:46:55 | 00,000,000 | ---D | C] -- C:\98632725426d161fc1
[2009/12/25 09:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/25 09:20:16 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/24 15:26:18 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/12/23 21:46:18 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/12/23 21:46:18 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/12/18 15:10:20 | 00,067,208 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2009/12/18 12:58:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\MjM Free Photo Recovery Software
[2009/12/18 12:00:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/15 11:48:53 | 00,118,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpdispd.dll
[2009/12/15 11:48:53 | 00,019,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpvmp.sys
[2009/12/15 11:48:53 | 00,015,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpvdd.dll
[2009/12/15 11:48:53 | 00,009,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdispm.sys
[2009/12/15 11:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Live Mesh
[2009/12/15 11:46:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Application Data\Microsoft Corporation
[2009/12/15 11:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\assembly
[2009/11/29 20:27:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.sys
[2009/05/10 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2009/03/20 15:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2008/01/03 14:19:43 | 05,977,528 | ---- | C] (EverNote Corp., 710 Lakeway Dr. #290, Sunnyvale, CA 94086) -- C:\Program Files\EverNote.exe
[2007/12/17 10:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/09/20 16:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

========== Files - Modified Within 30 Days ==========

[2010/01/08 07:31:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/08 07:29:24 | 00,001,037 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/08 07:26:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 07:26:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/08 07:25:13 | 14,155,776 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\NTUSER.DAT
[2010/01/08 07:25:13 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\kgmtthen\ntuser.ini
[2010/01/08 07:25:04 | 15,099,862 | -H-- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\IconCache.db
[2010/01/08 07:22:07 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/01/08 07:22:07 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/01/08 07:21:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/01/08 07:21:25 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/01/08 07:21:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2010/01/08 07:21:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/01/08 07:10:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/08 04:39:56 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job
[2010/01/07 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/01/07 16:08:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:59:56 | 03,819,182 | R--- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\ComboFix.exe
[2010/01/07 08:12:15 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:07:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kgmtthen\Desktop\OTL.exe
[2010/01/07 08:06:46 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/07 07:24:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/01/07 07:24:41 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/01/07 07:21:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/07 07:21:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/07 07:21:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/07 07:21:21 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/06 07:23:18 | 00,020,106 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/06 07:20:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/06 07:20:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/06 07:20:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/06 07:20:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/06 07:19:54 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/06 07:19:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/05 15:08:50 | 00,000,458 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CFC Lean Six Sigma.url
[2010/01/05 07:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/05 07:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/05 07:13:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/01/05 07:13:02 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/01/05 07:12:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/01/05 07:12:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/01/04 16:14:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/01/04 16:14:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/01/04 16:13:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/04 16:13:44 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/04 16:12:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/04 16:12:16 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/04 16:08:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/04 16:08:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/04 15:38:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/01/04 15:38:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/04 15:37:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/01/04 15:37:59 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/01/04 15:37:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/01/04 15:37:55 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/01/04 15:37:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/04 15:37:49 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/01/04 10:31:02 | 00,044,298 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:48 | 00,002,488 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:29:05 | 00,214,404 | ---- | M] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:43:58 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:43:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 07:42:52 | 00,000,668 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/04 07:42:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/02 15:58:41 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/02 15:31:42 | 00,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/01/01 10:59:22 | 00,000,181 | ---- | M] () -- C:\WINDOWS\magix.ini
[2010/01/01 08:16:49 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Desktop\Windows Explorer.lnk
[2009/12/31 14:02:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/29 23:27:43 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 16:03:03 | 00,020,768 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 16:03:03 | 00,003,020 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 16:03:02 | 00,288,544 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 16:03:02 | 00,004,940 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | M] () -- C:\rollback.ini
[2009/12/29 12:46:33 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/12/26 09:21:53 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/24 11:52:38 | 00,000,094 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/24 11:17:57 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.sys
[2009/12/24 11:17:57 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.cat
[2009/12/24 11:17:57 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.inf
[2009/12/23 17:38:55 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\housecall.guid.cache
[2009/12/17 07:13:13 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\mcs.rma
[2009/12/17 07:13:13 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\kgmtthen\Application Data\632B24
[2009/12/15 11:46:40 | 00,118,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpdispd.dll
[2009/12/15 11:46:40 | 00,019,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpvmp.sys
[2009/12/15 11:46:40 | 00,015,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpvdd.dll
[2009/12/15 11:46:40 | 00,009,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdispm.sys
[2009/12/11 07:04:15 | 00,529,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 07:04:15 | 00,446,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 07:04:15 | 00,073,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010/01/08 07:10:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/08 07:06:06 | 00,001,037 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\Account.atomsvc
[2010/01/07 15:59:56 | 03,819,182 | R--- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\ComboFix.exe
[2010/01/07 08:12:14 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\paste.doc
[2010/01/07 08:06:40 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\cvfsok8w.exe
[2010/01/06 07:23:17 | 00,020,106 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\contacts.vcf
[2010/01/04 14:38:30 | 00,004,334 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\kmlogin.vbs
[2010/01/04 10:30:33 | 00,044,298 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT2.reg
[2010/01/04 09:16:36 | 00,002,488 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\01-04-10 - TAT1.reg
[2010/01/04 08:28:46 | 00,214,404 | ---- | C] () -- C:\Documents and Settings\kgmtthen\My Documents\1-04-10.reg
[2010/01/04 08:24:25 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Desktop\CCleaner.lnk
[2010/01/04 07:49:34 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/04 07:43:58 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/04 07:39:57 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/04 07:39:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/04 07:39:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/04 07:39:57 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/04 07:39:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/31 13:46:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/31 13:46:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/29 23:27:43 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/12/29 15:55:48 | 00,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2009/12/29 13:28:51 | 00,000,448 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/12/29 13:28:15 | 00,288,544 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/29 13:28:15 | 00,020,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/29 13:28:15 | 00,004,940 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/29 13:28:15 | 00,003,020 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/29 13:28:04 | 00,002,345 | ---- | C] () -- C:\rollback.ini
[2009/12/26 14:55:27 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/26 14:55:26 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/26 14:55:26 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/26 14:55:25 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/26 14:55:25 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/24 17:56:28 | 00,004,790 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\temp16268.txt
[2009/12/23 22:11:50 | 00,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/23 17:38:55 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\housecall.guid.cache
[2009/12/01 17:15:03 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/29 20:28:00 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.log
[2009/11/29 20:27:48 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.cat
[2009/11/29 20:27:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\pcouffin.inf
[2009/08/24 13:41:19 | 00,009,708 | ---- | C] () -- C:\WINDOWS\System32\3612281284.ini
[2009/08/08 07:19:39 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\$_hpcst$.hpc
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/06 10:16:01 | 00,000,034 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2009/06/15 06:02:37 | 00,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/09 12:10:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2009/04/29 13:44:11 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/26 08:49:50 | 00,038,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\vacjrmkd.sys
[2009/01/23 16:37:48 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2008/11/19 14:27:18 | 00,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2008/11/16 13:14:46 | 06,664,208 | ---- | C] () -- C:\WINDOWS\System32\dvdripcore.dll
[2008/11/16 13:14:45 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/10/22 20:02:11 | 00,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/24 06:51:29 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\mcs.rma
[2008/07/24 06:51:29 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Application Data\632B24
[2008/07/16 08:57:26 | 00,000,356 | ---- | C] () -- C:\WINDOWS\videodeLuxe.INI
[2008/07/16 08:40:02 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/07/16 08:37:22 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008/07/16 08:34:57 | 00,000,181 | ---- | C] () -- C:\WINDOWS\magix.ini
[2008/07/16 08:34:56 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/06/25 13:47:34 | 00,000,131 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\fusioncache.dat
[2008/04/08 14:36:15 | 00,000,124 | ---- | C] () -- C:\WINDOWS\Minitab.ini
[2008/03/13 23:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2008/02/14 16:17:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/14 16:17:01 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/02/14 16:17:01 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/14 16:17:01 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/11 20:51:51 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\kgmtthen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/25 15:18:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/01/25 15:18:29 | 00,000,141 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/01/03 14:21:22 | 00,006,293 | ---- | C] () -- C:\Program Files\ENOptions.xml
[2008/01/02 13:42:21 | 00,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2008/01/02 13:42:13 | 00,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/12/14 09:41:09 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/12/12 14:08:34 | 01,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll
[2007/12/12 14:08:34 | 00,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll
[2007/12/12 14:08:34 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll
[2007/12/12 14:08:34 | 00,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll
[2007/12/12 14:08:34 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll
[2007/12/12 14:08:30 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/12/12 07:21:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 16:26:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 16:18:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2007/09/20 16:15:31 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/09/20 16:13:49 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/09/20 16:13:49 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/09/20 15:48:50 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/09/20 15:48:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2007/09/20 15:47:32 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/08/09 12:08:04 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/27 09:45:22 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/03/15 11:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/01/31 20:16:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/01/31 20:11:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\OEM_Resources.dll
[2007/01/31 20:08:44 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/01/31 20:08:36 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/01/31 20:08:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/01/31 20:08:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/01/31 20:08:08 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/01/31 20:08:00 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/01/31 20:07:50 | 00,266,240 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/01/31 20:07:42 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/01/31 20:07:34 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/01/31 20:07:24 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/01/31 13:09:46 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/01/31 13:09:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/01/31 13:09:06 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/01/31 13:08:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/01/31 13:08:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/01/31 13:08:06 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/01/31 13:07:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/01/31 13:07:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/01/31 13:07:04 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/01/31 13:06:46 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/01/30 15:31:50 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/01/30 15:30:30 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/02 09:14:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/10/03 16:33:54 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/14 11:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/02 10:47:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/08/24 13:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstalledPackages
[2009/05/04 13:17:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2007/12/14 08:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/09/07 08:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/09/20 16:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/12/29 11:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/04/21 11:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/11/29 12:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2010/01/04 09:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/08 07:27:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/01/02 10:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/10/13 08:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/14 20:23:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/08 11:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\aicon
[2008/10/27 06:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Autodesk
[2009/10/14 06:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Benubird
[2009/09/28 08:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\CompanionLink
[2008/04/25 08:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Facebook
[2009/06/02 16:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\gtk-2.0
[2009/04/29 07:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\IObit
[2008/04/08 15:01:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Minitab
[2009/02/23 13:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\OpenOffice.org
[2009/10/08 08:10:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\ProjectWise
[2008/03/13 10:33:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Serif
[2009/04/21 11:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies
[2009/04/21 11:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\SMART Technologies Inc
[2009/08/08 07:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Smith Micro
[2009/12/24 11:17:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Vso
[2010/01/07 07:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Wave Systems Corp
[2009/05/10 21:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Desktop Search
[2008/10/18 07:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kgmtthen\Application Data\Windows Live Writer
[2010/01/08 07:31:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/01/07 18:00:00 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/01/08 04:39:56 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B4F47FF-222D-426F-B8DE-0893C654FEF4}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#15 chamber

chamber

    Bleepin' Geek


  • Members
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:~/
  • Local time:10:15 PM

Posted 08 January 2010 - 10:04 AM

I need to check some stuff out about those entries, hang tight.

For now though, a warning.

One or more of the identified infections is a backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Posted Image

watch me and tremble, for I bring the purity of oblivion

Sudo apt-get me a sandwich!

Proud graduate of GeekU





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users