Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removed malware, now browser loses connection in 10 min


  • This topic is locked This topic is locked
21 replies to this topic

#1 lowpine

lowpine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 23 January 2010 - 01:42 PM

Hi, I'm having a problem with spyware removal. I found a bunch of stuff and removed it, but now my internet connection dies after 10 minutes, but ping still works. I've read the faq and will try to include all requested info.

I'm not getting any popups.

Here's what I've tried so far: I initially ran superantispyware and removed over a hundred spyware. then ran malebyteware and found and removed 4 more. Then I noticed that my internet would go out on the laptop after 10 mins, my wired desktop still has connectivity and is not affected. I've also run the latest hijackthis and have the log. I also have run spybotS&D and have the teatimer on now (it was not installed before)

I'm running XP sp2, on a laptop, via wireless. If I hardwire to the router, I still get the timeout.

I tried flushing the DNS with this command: ipconfig /flushdns

I've also tried fixing the winsock with lspfix and winsockfix. I have to admit that I don't fully understand what they do, but other forums have suggested it. None of these things have fixed the issue.

I have run dds and rootrepeal, logs follow.

Thank You!

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by HarikrishnanA at 12:51:47.29 on Sat 01/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1281 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\IBM\Ayudame Utility\ayudame.exe
C:\Program Files\IBM\Ayudame Utility\ayudame.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
C:\program files\marimba\tuner\Tuner.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\HarikrishnanA\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Client Access Service] c:\cae\cwbsvstr.exe
mRun: [Client Access Help Update] c:\cae\cwbinhlp.exe
mRun: [Client Access Check Version] c:\cae\cwbckver.exe LOGIN
mRun: [Client Access Express Welcome] c:\cae\cwbwlwiz.exe
mRun: [Client Access PC5250 Sound] c:\cae\emulator\pcssnd.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPKBDLED] c:\windows\system32\TpScrLk.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [TpShocks] TpShocks.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [lcfep] "c:\tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-system: ConnectHomeDirToRoot = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ccsra1.cc.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199645599578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 TivoliAP
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\harikr~1\applic~1\mozilla\firefox\profiles\ym0zi97h.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-10-5 3840]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2009-2-18 16384]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-17 381424]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 IBMFORTH;IBM Ayudame;c:\program files\ibm\ayudame utility\ayudame.exe [2006-6-13 556544]
R2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2009-2-17 172032]
R2 MarimbaTuner;Marimba Tuner;c:\program files\marimba\tuner\Tuner.exe [2007-10-8 32873]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-11 569344]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-8-20 370872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-8-10 81920]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100119.008\naveng.sys [2010-1-20 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100119.008\navex15.sys [2010-1-20 1323568]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\harikrishnana\my documents\downloads\sabkutil.sys --> c:\documents and settings\harikrishnana\my documents\downloads\SABKUTIL.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [2009-10-24 184832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2010-01-23 17:14:15 0 d-sha-r- C:\cmdcons
2010-01-23 17:13:07 98816 ----a-w- c:\windows\sed.exe
2010-01-23 17:13:07 77312 ----a-w- c:\windows\MBR.exe
2010-01-23 17:13:07 261632 ----a-w- c:\windows\PEV.exe
2010-01-23 17:13:07 161792 ----a-w- c:\windows\SWREG.exe
2010-01-18 16:13:27 13528 ------w- C:\index.php.html
2010-01-18 16:13:27 0 d-----w- C:\index.php_files
2010-01-15 22:06:48 0 d-----w- C:\murach
2010-01-14 16:49:44 0 d-----w- c:\program files\Trend Micro
2010-01-14 16:16:43 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 16:16:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-14 03:18:46 0 d-----w- c:\documents and settings\harikrishnana\DoctorWeb
2010-01-12 05:27:09 0 d-----w- c:\docume~1\harikr~1\applic~1\Malwarebytes
2010-01-12 05:27:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 05:27:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 05:27:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 05:27:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-12 04:32:11 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-12 04:32:05 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-12 04:32:04 0 d-----w- c:\docume~1\harikr~1\applic~1\SUPERAntiSpyware.com
2010-01-12 04:20:29 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-07 03:46:52 0 d-----w- c:\documents and settings\harikrishnana\.datastudio
2010-01-07 03:44:28 0 d-----w- C:\datastudio
2010-01-07 03:25:32 0 d---a-w- C:\xampplite
2010-01-07 02:41:48 0 d-----w- c:\program files\Apache Software Foundation

==================== Find3M ====================

2009-12-17 21:31:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 01:26:36 139152 ----a-w- c:\docume~1\harikr~1\applic~1\PnkBstrK.sys

============= FINISH: 12:51:54.59 ===============




ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/18/2009 3:11:55 AM
System Uptime: 1/23/2010 12:26:25 PM (0 hours ago)

Motherboard: LENOVO | | 7663D83
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | None | 1994/200mhz
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | None | 1994/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 70.085 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva

==== System Restore Points ===================

RP131: 1/7/2010 10:20:16 PM - System Checkpoint
RP132: 1/9/2010 1:01:27 PM - System Checkpoint
RP133: 1/10/2010 12:00:24 PM - Removed AT&T Global Network Client
RP134: 1/11/2010 11:21:18 PM - Removed Active@ ISO Burner
RP135: 1/11/2010 11:24:07 PM - Removed Microsoft Silverlight
RP136: 1/11/2010 11:25:35 PM - Removed Steam
RP137: 1/11/2010 11:32:03 PM - Installed SUPERAntiSpyware Free Edition
RP138: 1/13/2010 7:32:50 PM - System Checkpoint
RP139: 1/14/2010 9:44:42 AM - Restore Operation
RP140: 1/14/2010 9:49:31 AM - Restore Operation
RP141: 1/14/2010 9:53:56 AM - Restore Operation
RP142: 1/14/2010 10:16:23 AM - Restore Operation
RP143: 1/14/2010 10:21:13 AM - Restore Operation
RP144: 1/15/2010 5:23:36 PM - System Checkpoint
RP145: 1/17/2010 2:06:55 PM - System Checkpoint
RP146: 1/18/2010 3:10:41 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP147: 1/19/2010 10:21:26 PM - System Checkpoint
RP148: 1/20/2010 10:45:42 PM - System Checkpoint
RP149: 1/21/2010 8:36:38 AM - Restore Operation
RP150: 1/21/2010 8:45:01 AM - Restore Operation
RP151: 1/21/2010 9:00:51 AM - Restore Operation
RP152: 1/21/2010 9:17:22 AM - Restore Operation
RP153: 1/21/2010 9:20:31 AM - Restore Operation
RP154: 1/22/2010 9:57:53 AM - System Checkpoint
RP155: 1/23/2010 10:23:47 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.1
Apache Tomcat 6.0.20
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
FileZilla Client 3.1.5
Google SketchUp 7
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
IBM Ayudame
IBM Informix Client-SDK 2.90
IBM iSeries Access for Windows
IBM ThinkPad Battery MaxiMiser and Power Management Features
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
ISeries Client Access Shortcuts
ISPI Tools 1.07.0000
ISPI Tools 1.07.0001
Java DB 10.4.2.1
Java™ 6 Update 17
Java™ SE Development Kit 6 Update 17
LiveUpdate 3.0 (Symantec Corporation)
Lotus Notes 7.0.2
Malwarebytes' Anti-Malware
Marimba Tuner
mCore
mDriver
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Visio Standard 2003
Microsoft Office Visio Viewer 2007
mMHouse
Mozilla Firefox (3.5.7)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NetBeans IDE 6.8
NVIDIA Drivers
On Screen Display
Open Workbench
Printer Software Uninstall
Productivity Center Supplement for ThinkPad
Quake II
RecordNow Audio
RecordNow Copy
RecordNow Data
Rescue and Recovery
Scroll Lock Indicator Utility
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
Spybot - Search & Destroy
Sun GlassFish Enterprise Server v3
SUPERAntiSpyware Free Edition
Sybase ASE
Symantec AntiVirus
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VPN Client
WebFldrs XP
Windows 7 Upgrade Advisor Beta
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Enterprise Deployment
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/23/2010 12:24:25 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 9 time(s).
1/23/2010 12:24:05 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 8 time(s).
1/23/2010 12:23:31 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 7 time(s).
1/23/2010 12:23:00 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 6 time(s).
1/23/2010 12:22:43 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 5 time(s).
1/23/2010 12:22:36 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 4 time(s).
1/23/2010 12:22:03 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 3 time(s).
1/23/2010 12:21:43 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 2 time(s).
1/23/2010 12:21:13 PM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).
1/23/2010 12:21:13 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
1/23/2010 12:21:13 PM, error: Service Control Manager [7034] - The Tivoli Endpoint service terminated unexpectedly. It has done this 1 time(s).
1/23/2010 12:21:13 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
1/21/2010 9:28:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC eeCtrl Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SAVRT SAVRTPEL SPBBCDrv SYMTDI Tcpip TPHKDRV TPPWR TSMAPIP vsdatant
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The Cisco Systems, Inc. VPN Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:28:06 AM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/21/2010 9:27:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/20/2010 10:11:59 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/18/2010 4:36:32 PM, error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================












RootRepeal ARK.txt
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/23 12:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xBAC20000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xBA988000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAACFD000 Size: 815104 File Visible: No Signed: -
Status: -

Name: PCI_PNP1770
Image Path: \Driver\PCI_PNP1770
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xAC71F000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4809000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spyz.sys
Image Path: spyz.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\minint
Status: Locked to the Windows API!

Path: C:\preboot
Status: Locked to the Windows API!

Path: C:\RRbackups
Status: Locked to the Windows API!

Path: \\?\C:\minint\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\biosinfo.inf
Status: Invisible to the Windows API!

Path: C:\minint\bootfix.nib
Status: Invisible to the Windows API!

Path: C:\minint\Fonts
Status: Invisible to the Windows API!

Path: C:\minint\help
Status: Invisible to the Windows API!

Path: C:\minint\inf
Status: Invisible to the Windows API!

Path: C:\minint\msagent
Status: Invisible to the Windows API!

Path: C:\minint\ntdetect.com
Status: Invisible to the Windows API!

Path: C:\minint\NTLDR.zip
Status: Invisible to the Windows API!

Path: C:\minint\pdalang.txt
Status: Invisible to the Windows API!

Path: C:\minint\pdaversion.txt
Status: Invisible to the Windows API!

Path: C:\minint\setupldr.bin
Status: Invisible to the Windows API!

Path: C:\minint\spcmdcon.sys
Status: Invisible to the Windows API!

Path: C:\minint\system32
Status: Invisible to the Windows API!

Path: C:\minint\txtsetup.sif
Status: Invisible to the Windows API!

Path: C:\minint\winbom.ini
Status: Invisible to the Windows API!

Path: C:\minint\WinSxS
Status: Invisible to the Windows API!

Path: C:\minint\Z088Z.pdt
Status: Invisible to the Windows API!

Path: C:\minint\Z089Z.pdt
Status: Invisible to the Windows API!

Path: C:\minint\Z480Z.pdt
Status: Invisible to the Windows API!

Path: C:\minint\Z501ZEXE.pdt
Status: Invisible to the Windows API!

Path: \\?\C:\preboot\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\preboot\helps
Status: Invisible to the Windows API!

Path: C:\preboot\opera
Status: Invisible to the Windows API!

Path: C:\preboot\operafav
Status: Invisible to the Windows API!

Path: C:\preboot\pdalang.txt
Status: Invisible to the Windows API!

Path: C:\preboot\pdaversion.txt
Status: Invisible to the Windows API!

Path: C:\preboot\python24
Status: Invisible to the Windows API!

Path: C:\preboot\Recovery
Status: Invisible to the Windows API!

Path: C:\preboot\rr
Status: Invisible to the Windows API!

Path: C:\preboot\startup
Status: Invisible to the Windows API!

Path: C:\preboot\swwork
Status: Invisible to the Windows API!

Path: C:\preboot\sysinfo
Status: Invisible to the Windows API!

Path: C:\preboot\usrintfc
Status: Invisible to the Windows API!

Path: C:\preboot\utils
Status: Invisible to the Windows API!

Path: C:\preboot\warnt
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\common
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: \\?\C:\minint\Fonts\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\Fonts\8514fix.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514fixt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oem.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oeme.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514oemt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sys.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514syse.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sysg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514sysr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\8514syst.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85s874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ahronbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\andlso.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ANGSAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\app866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arial.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arialbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ariali.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ariblk.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\artrbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\artro.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\BROWAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga80woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\comic.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\comicbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIA.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAU.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAUZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\CORDIAZ.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coue1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cour.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coure.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couree.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coureg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couret.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courf.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courfr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\courft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\couri.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\david.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\davidtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\dos737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\dosapp.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega40woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ega80woa.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\estre.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\85f874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\arialbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\cga40869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\coue1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\davidbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\framd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mangal.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sere1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smae1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserife.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trado.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga737.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\framdit.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\frank.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Gautami.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgia.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\georgiaz.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\impact.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Kartika.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\latha.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsans.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansdi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lsansi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lucon.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lvnm.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\lvnmbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\l_10646.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\marlett.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\micross.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\modern.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriam.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamc.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamfx.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mriamtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\msdlg874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\mvboli.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\nrkis.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\pala.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palabi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\palai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Raavi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\rod.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\rodtr.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\roman.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\script.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sere1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serife.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifeg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriff.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\seriffr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\serifft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Shruti.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpfxo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\simpo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smae1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smalle.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smalleg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smaller.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallf.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallfr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\smallft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssee874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\ssef874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifee.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifeg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifer.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifet.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriff.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sseriffr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sserifft.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\sylfaen.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\symbol.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tahoma.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tahomabd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\times.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\timesi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\tradbdo.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebuc.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucbd.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucbi.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\trebucit.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Tunga.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCDL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCEL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCFL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCII.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCIL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCJL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCKL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLB.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLBI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLI.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\UPCLL.TTF
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdana.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanab.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanai.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\verdanaz.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga850.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga852.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga855.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga857.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga860.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga863.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga865.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga866.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vga869.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaf874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafix.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixe.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgafixt.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgaoem.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas1255.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas1256.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgas874.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasys.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasyse.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasysg.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasysr.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\vgasyst.fon
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\Vrinda.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\webdings.ttf
Status: Invisible to the Windows API!

Path: C:\minint\Fonts\wingding.ttf
Status: Invisible to the Windows API!

Path: \\?\C:\minint\help\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\help\agt0401.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0405.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0406.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0407.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0408.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040b.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040c.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040d.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt040e.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0410.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0413.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0414.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0415.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0416.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0419.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt041d.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt041f.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0816.hlp
Status: Invisible to the Windows API!

Path: C:\minint\help\agt0c0a.hlp
Status: Invisible to the Windows API!

Path: \\?\C:\minint\inf\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\minint\inf\1394.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\B57WIN32.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\B57XP32.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\battery.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\bcm4sbxp.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\cdrom.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\cpu.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\disk.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\display.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\E1000325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100A325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100ANT5.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E100B325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\E101D325.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1e5132.cat
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1e5132.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1e6032.INF
Status: Invisible to the Windows API!

Path: C:\minint\inf\e1g6032.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\fdc.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\flpydisk.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\font.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\input.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\intl.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\keyboard.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\ks.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\layout.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\machine.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\mf.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\monitor.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\mshdc.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\msmouse.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\msports.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net10.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net1394.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net21x4.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net3c556.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net3c589.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net3sr.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net5515n.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net557.inf
Status: Invisible to the Windows API!

Path: C:\minint\inf\net55SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89996c60

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89998c60

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x89c0fe98

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x897b4258

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafcffd0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafe9334

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8999bc60

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89cc2e98

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafd0600

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafea090

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xab2c1cc0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spyz.sys" at address 0xba6c6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spyz.sys" at address 0xba6c7030

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x899edc60

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x89c208a0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89b2b958

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafea250

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8989a950

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8998dc60

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafd0440

#: 119 Function Name: NtOpenKey
Status: Hooked by "spyz.sys" at address 0xba6a80c0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a7ad060

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8987bac0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spyz.sys" at address 0xba6c7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x89c0ae98

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafea530

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafea7d0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89c2b430

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89805898

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\vsdatant.sys" at address 0xaafd0770

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89834138

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x897f9138

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xab2c1f20

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x899f1c60

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89b6bae8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89a58918

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x899bdc60

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x898a8928

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x89c13e98

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a80d1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x89856500 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x8a8921f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x8a8131f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x8a8101f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x8a88f1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x8a8911f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x8a8151f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8a81b1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x8a8901f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x8a81a1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8a8951f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a6d81f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x897be500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a8261f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8a88c1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x89cb1500 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8a8191f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x8a8221f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x8a88d1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a8971f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x8a8181f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8a81d1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x8a81c1f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x8a8161f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x8a8231f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x8a8111f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x8a8141f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x897da500 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x8a8931f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x8a8211f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_PNP]
Process: System Address: 0x8a80f1f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CREATE]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CLOSE]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_POWER]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_PNP]
Process: System Address: 0x8a8941f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_CREATE]
Process: System Address: 0x8a88e==EOF==








BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 29 January 2010 - 06:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 30 January 2010 - 01:33 AM

Hi,

Thank you for the assistance!

<this is posted above, but I repeat here for your convienence>
Hi, I'm having a problem with spyware removal. I found a bunch of stuff and removed it, but now my internet connection dies after 10 minutes, but ping still works. I've read the faq and will try to include all requested info.

I'm not getting any popups.

Here's what I've tried so far: I initially ran superantispyware and removed over a hundred spyware. then ran malebyteware and found and removed 4 more. Then I noticed that my internet would go out on the laptop after 10 mins, my wired desktop still has connectivity and is not affected. I've also run the latest hijackthis and have the log. I also have run spybotS&D and have the teatimer on now (it was not installed before)

I'm running XP sp2, on a laptop, via wireless. If I hardwire to the router, I still get the timeout.

I tried flushing the DNS with this command: ipconfig /flushdns

I've also tried fixing the winsock with lspfix and winsockfix. I have to admit that I don't fully understand what they do, but other forums have suggested it. None of these things have fixed the issue.

I also have combofix installed, but have not tried to fix anything.

OLT.txt
OTL logfile created on: 1/30/2010 12:42:28 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\HarikrishnanA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 70.18 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LTCORPL3BP433
Current User Name: HarikrishnanA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
PRC - [2010/01/08 11:45:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 16:31:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/17 16:31:42 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/17 11:38:18 | 00,032,873 | ---- | M] (Marimba, Inc.) -- C:\Program Files\marimba\tuner\Tuner.exe
PRC - [2009/02/17 11:38:17 | 00,020,574 | ---- | M] () -- C:\Program Files\marimba\tuner\lib\jre\bin\java.exe
PRC - [2008/08/20 20:42:42 | 00,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2007/08/10 17:30:40 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/08/10 17:30:12 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/11 20:53:58 | 00,540,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/07/11 20:53:50 | 01,126,400 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/07/11 20:44:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/07/11 20:38:44 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/07/11 20:32:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/07/11 20:22:44 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/11 19:19:00 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 15:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 15:00:34 | 01,642,496 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe
PRC - [2007/07/05 14:58:40 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 14:51:48 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 23:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/27 01:33:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/04/16 11:33:18 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 11:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 11:17:58 | 00,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/04/16 11:14:24 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 15:23:56 | 01,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 18:40:48 | 00,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/09 13:49:42 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 12:16:48 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/27 18:09:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/09/06 15:39:10 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/07/05 00:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/07/04 03:05:00 | 00,225,280 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/06/15 01:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 01:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/06/13 11:22:26 | 00,556,544 | ---- | M] () -- C:\Program Files\IBM\Ayudame Utility\ayudame.exe
PRC - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 17:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/01/16 18:44:48 | 00,270,336 | ---- | M] () -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
PRC - [2006/01/16 18:44:48 | 00,172,032 | ---- | M] () -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
PRC - [2005/08/01 05:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/10 13:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/10/08 21:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/04/30 14:23:46 | 00,057,603 | ---- | M] (Oracle Corporation) -- c:\oracle\ora92\bin\omtsreco.exe


========== Modules (SafeList) ==========

MOD - [2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
MOD - [2007/08/10 17:30:34 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2007/05/17 23:53:00 | 01,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/17 23:53:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 16:31:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/17 11:38:18 | 00,032,873 | ---- | M] (Marimba, Inc.) [Auto | Running] -- C:\Program Files\marimba\tuner\Tuner.exe -- (MarimbaTuner)
SRV - [2008/08/20 20:42:42 | 00,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2007/07/11 20:53:50 | 01,126,400 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/07/11 20:44:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/07/11 20:38:44 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/07/11 20:22:44 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/11 19:19:00 | 00,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/17 23:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/04/16 11:33:18 | 00,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 11:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 11:14:24 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/27 18:09:06 | 00,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/09/27 06:38:06 | 00,007,680 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/06/15 01:40:28 | 00,115,952 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/13 11:22:26 | 00,556,544 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\Ayudame Utility\ayudame.exe -- (IBMFORTH)
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/01/16 18:44:48 | 00,172,032 | ---- | M] () [Auto | Running] -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe -- (lcfd)
SRV - [2005/02/10 13:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/04/30 14:23:46 | 00,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 18:34:38 | 00,242,328 | ---- | M] () [On_Demand | Stopped] -- c:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2010/01/13 20:20:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/22 17:53:27 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/27 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100128.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100128.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/18 03:18:56 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/08/20 19:57:26 | 00,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/01/06 12:43:30 | 00,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/01/06 12:40:48 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/01/06 12:40:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/10 17:25:28 | 00,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/07/11 20:05:52 | 00,017,792 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/05/22 15:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/17 23:53:00 | 06,346,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/11 09:58:40 | 00,252,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/04/30 06:37:20 | 02,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/13 12:08:26 | 00,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/02 11:24:08 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 15:19:36 | 00,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/23 06:59:48 | 00,094,848 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/09 02:57:02 | 00,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/02 17:49:00 | 00,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 17:47:00 | 00,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 18:08:32 | 00,021,040 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/02/27 17:02:00 | 00,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/26 17:29:22 | 00,081,920 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/01/24 17:27:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/01/10 10:33:17 | 00,003,840 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/12/22 10:56:00 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 10:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 10:55:00 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/23 09:23:28 | 00,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/06/19 13:26:00 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/05/13 02:55:20 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (PMEM)
DRV - [2006/05/05 16:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 17:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/23 16:53:00 | 00,005,120 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/01/27 01:36:36 | 00,381,424 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/01/24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/08 09:27:20 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/08/01 05:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 05:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 05:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 05:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 05:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 05:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 05:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 03:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 09:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 05:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/17 10:20:06 | 00,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/04/19 20:40:00 | 00,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/02/10 13:16:00 | 00,297,547 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/02/08 10:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/10/01 02:54:46 | 00,184,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8180.sys -- (LSWPCv4)
DRV - [2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 07:11:22 | 00,035,328 | ---- | M] (AMD Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcntpci5.sys -- (PCnet)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ccity.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Msproxy.ccs.com:80

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ccity.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Msproxy.ccs.com:80

IE - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 09:30:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 11:45:35 | 00,000,000 | ---D | M]

[2009/09/23 22:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Extensions
[2010/01/28 21:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions
[2010/01/06 22:33:23 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/06 22:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions\firebug@software.joehewitt.com
[2010/01/28 21:18:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/23 12:28:08 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\CAE\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\CAE\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\CAE\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\CAE\Emulator\pcssnd.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\CAE\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [lcfep] C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 1
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: adi-dist.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: amphire.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cexp.com ([ib2b] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cc.com ([eworkspace] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: egain.net ([ems00640] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: jamestower.com ([datamediator] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: keynomics.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcmconnect.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([partner] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: spiderweareops.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: spiderwearops.com ([prod.cc] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vinimaya.net ([supplier] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: adi-dist.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: amphire.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cexp.com ([ib2b] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cc.com ([eworkspace] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: egain.net ([ems00640] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: jamestower.com ([datamediator] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: keynomics.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcmconnect.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([partner] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: spiderweareops.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: spiderwearops.com ([prod.cc] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vinimaya.net ([supplier] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://ccsra1.cc.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199645599578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cc.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINDOWS\System32\TivoliAP.dll (IBM Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 12:52:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/04 12:49:17 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - Security Update for Microsoft .NET Framework 2.0 (KB928365)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.msrt24 - C:\WINDOWS\System32\msrt24.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/30 00:41:08 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
[2010/01/26 21:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Desktop\samples
[2010/01/23 12:56:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HarikrishnanA\Desktop\RootRepeal.exe
[2010/01/23 12:14:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/23 12:13:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/23 12:13:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/23 12:13:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/23 12:13:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/23 12:10:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 11:58:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/18 16:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\SUPERSystemInspector
[2010/01/18 11:38:30 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/18 11:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\tmp
[2010/01/18 11:13:27 | 00,000,000 | ---D | C] -- C:\index.php_files
[2010/01/15 17:06:48 | 00,000,000 | ---D | C] -- C:\murach
[2010/01/14 23:47:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/01/14 13:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help_files
[2010/01/14 11:49:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/14 11:16:43 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/14 11:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/13 22:18:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\DoctorWeb
[2010/01/12 00:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Application Data\Malwarebytes
[2010/01/12 00:27:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/12 00:27:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/12 00:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/12 00:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/11 23:32:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/11 23:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/11 23:32:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Application Data\SUPERAntiSpyware.com
[2010/01/11 23:20:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/10 21:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\IBM
[2010/01/10 11:58:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\AGNS
[2010/01/06 22:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\.datastudio
[2010/01/06 22:44:28 | 00,000,000 | ---D | C] -- C:\datastudio
[2010/01/06 22:25:32 | 00,000,000 | ---D | C] -- C:\xampplite
[2010/01/06 21:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Apache Software Foundation
[2010/01/06 21:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\education
[2010/01/06 08:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Application Data\WinRAR
[2010/01/06 08:15:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/11 13:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/08 10:17:16 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2009/04/27 20:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008/01/04 13:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/04 13:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/01/04 12:52:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/01/04 12:52:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp files -> C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
[2010/01/30 00:38:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 00:38:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 00:38:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/29 08:11:23 | 03,670,016 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\NTUSER.DAT
[2010/01/23 12:56:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\settings.dat
[2010/01/23 12:55:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HarikrishnanA\Desktop\RootRepeal.exe
[2010/01/23 12:32:03 | 00,470,652 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/23 12:32:03 | 00,401,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/23 12:32:03 | 00,062,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/23 12:28:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/23 12:28:08 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/23 12:14:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/23 12:11:24 | 03,834,785 | R--- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\ComboFix.exe
[2010/01/18 11:13:27 | 00,013,528 | ---- | M] () -- C:\index.php.html
[2010/01/14 13:46:00 | 00,086,816 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help.html
[2010/01/14 13:45:17 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.zip
[2010/01/14 13:45:01 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\dds.scr
[2010/01/14 11:49:45 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\HijackThis.lnk
[2010/01/14 11:16:49 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Spybot - Search & Destroy.lnk
[2010/01/14 10:17:56 | 03,184,944 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\IconCache.db
[2010/01/12 00:27:07 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 23:32:08 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/09 12:30:06 | 00,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:46:27 | 00,000,550 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\datastudio.exe.lnk
[2010/01/06 22:34:05 | 00,000,392 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to xampplite.lnk
[2010/01/06 21:00:14 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to JavaEETutorial.pdf.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp files -> C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 12:56:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\settings.dat
[2010/01/23 12:14:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/23 12:14:20 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/23 12:13:07 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/23 12:13:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/23 12:13:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/23 12:13:07 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/23 12:13:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/23 11:44:13 | 03,834,785 | R--- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\ComboFix.exe
[2010/01/18 11:13:27 | 00,013,528 | ---- | C] () -- C:\index.php.html
[2010/01/14 13:54:45 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.exe
[2010/01/14 13:46:00 | 00,086,816 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help.html
[2010/01/14 13:45:34 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.zip
[2010/01/14 13:45:30 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\dds.scr
[2010/01/14 11:49:45 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\HijackThis.lnk
[2010/01/14 11:16:49 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Spybot - Search & Destroy.lnk
[2010/01/12 00:27:07 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 23:32:08 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 22:45:44 | 00,000,550 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\datastudio.exe.lnk
[2010/01/06 22:34:05 | 00,000,392 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to xampplite.lnk
[2010/01/06 21:00:14 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to JavaEETutorial.pdf.lnk
[2009/12/19 22:43:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/18 10:52:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/12/01 12:27:21 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/11/21 20:26:36 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Application Data\PnkBstrK.sys
[2009/10/22 17:53:27 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/18 03:20:24 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/02/18 03:20:01 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/02/18 03:17:54 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/18 03:16:53 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009/02/17 11:27:38 | 00,000,221 | ---- | C] () -- C:\WINDOWS\multi.ini
[2009/02/17 11:26:28 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/02/17 11:26:27 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/01/09 17:30:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 20:52:45 | 00,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/01/04 20:49:20 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/01/04 20:49:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/01/04 20:49:20 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/01/04 20:49:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/01/04 20:49:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/01/04 20:49:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/01/04 20:49:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/01/04 20:49:18 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/01/04 20:44:54 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\C000046W.sys
[2008/01/04 20:44:42 | 00,000,036 | ---- | C] () -- C:\WINDOWS\notes.ini
[2008/01/04 20:29:22 | 02,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/04 19:18:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/04 13:39:01 | 00,000,359 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/10 07:02:35 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/10 07:02:35 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/10 07:02:32 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/10 07:02:27 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/17 07:27:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/15 21:16:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dsedit.INI
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/07/30 08:24:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\Storage\IaStor.sys
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\others\storage\iastor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >





Extras.txt
OTL Extras logfile created on: 1/30/2010 12:42:37 AM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\HarikrishnanA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 70.18 Gb Free Space | 62.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LTCORPL3BP433
Current User Name: HarikrishnanA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe" = C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe" = C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd -- ()
"C:\Program Files\Java\jdk1.6.0_17\jre\bin\javaw.exe" = C:\Program Files\Java\jdk1.6.0_17\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0_17\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_17\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0_17\bin\jconsole.exe" = C:\Program Files\Java\jdk1.6.0_17\bin\jconsole.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\xampplite\mysql\bin\mysqld.exe" = C:\xampplite\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\xampplite\apache\bin\httpd.exe" = C:\xampplite\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\NetBeans 6.8\bin\netbeans.exe" = C:\Program Files\NetBeans 6.8\bin\netbeans.exe:*:Enabled:netbeans -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{27754BF9-6B4A-479B-A7B5-3248DFCB752D}" = Sybase ASE
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3540787C-3A9E-4817-8BF8-7277E0F761BF}" = ISPI Tools 1.07.0000
"{399A871A-01F4-2215-F9CF-50C575174D82}" = Marimba Tuner
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{50E00EBC-A515-4997-9D56-B35D2B102989}" = IBM Informix Client-SDK 2.90
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{707F91CE-E7A8-4F53-BEF0-CA1EE2DAFD2A}" = ISPI Tools 1.07.0001
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{76E4A642-BC3E-438A-8450-0C15A36B5B18}" = MetaFrame Presentation Server Client
"{786547F9-59BB-4FA3-B2D8-327FF1F14870}" = Adobe Flash Player 9 ActiveX
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{A0E54EC6-EA51-4088-A6EE-BEF1D1D128AB}" = Lotus Notes 7.0.2
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A163F878-A93B-4E19-A023-612F0244A444}" = IBM Ayudame
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B183F729-30F5-490C-8B7F-A106D6266DB1}" = ISeries Client Access Shortcuts
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D9F50DFC-5894-460A-9B14-44889BF42DFB}" = Cisco AnyConnect VPN Client
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F375CA9B-9398-40E1-B06F-26E6BD33D476}" = Rescue and Recovery
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ClientAccessExpress" = IBM iSeries Access for Windows
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"FileZilla Client" = FileZilla Client 3.1.5
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-tomcat-6.0.20.0.0" = Apache Tomcat 6.0.20
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OEM_HostCD" = Printer Software Uninstall
"OnScreenDisplay" = On Screen Display
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Quake2UninstallKey" = Quake II
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TPKBDLED" = Scroll Lock Indicator Utility
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 8:02:51 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/28/2010 10:06:33 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/28/2010 10:06:37 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/28/2010 10:07:35 PM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/29/2010 6:07:35 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/29/2010 3:48:38 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/29/2010 3:49:38 PM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/30/2010 1:38:31 AM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2010 1:38:38 AM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2010 1:39:36 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ Application Events ]
Error - 1/28/2010 8:02:51 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/28/2010 10:06:33 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/28/2010 10:06:37 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/28/2010 10:07:35 PM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/29/2010 6:07:35 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/29/2010 3:48:38 PM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/29/2010 3:49:38 PM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/30/2010 1:38:31 AM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2010 1:38:38 AM | Computer Name = LTCORPL3BP433 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2010 1:39:36 AM | Computer Name = LTCORPL3BP433 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 1/29/2010 5:51:51 AM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.

Error - 1/29/2010 6:21:34 AM | Computer Name = LTCORPL3BP433 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain cc due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 1/29/2010 3:48:37 PM | Computer Name = LTCORPL3BP433 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain cc due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 1/29/2010 3:48:47 PM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/29/2010 3:48:47 PM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/29/2010 4:03:47 PM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 1/30/2010 1:38:30 AM | Computer Name = LTCORPL3BP433 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain cc due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 1/30/2010 1:38:42 AM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/30/2010 1:38:42 AM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 1/30/2010 1:53:42 AM | Computer Name = LTCORPL3BP433 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.


< End of report >


thanks!

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 30 January 2010 - 09:46 AM

Hi,

I see that you have a proxy set up for some of usergroups:
QUOTE
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ccity.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Msproxy.ccs.com:80


Do you know the websites ccity.com and msproxy.ccs.com?

Can I please see the logs from SuperAntiSpyware and Malwarebytes when you first ran them? Maybe they deleted something legit by accident?

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the first log from ComboFix (C:\combofix.txt) please post it in your next reply as well.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 30 January 2010 - 11:04 AM

thanks Marti!

A techy friend of my suggested combofix, once I installed it and read the 'experts only' warning, I decided not to fool with it. It's waiting in the wings, if needed.

I am familiar with the proxy, it can be deleted if need be.

here's the SAS log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2010 at 00:12 AM

Application Version : 4.26.1004

Core Rules Database Version : 4469
Trace Rules Database Version: 2288

Scan type : Complete Scan
Total Scan Time : 00:37:24

Memory items scanned : 652
Memory threats detected : 0
Registry items scanned : 5207
Registry threats detected : 0
File items scanned : 29100
File threats detected : 168

Adware.Tracking Cookie
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@trafficmp[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@yieldmanager[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@2o7[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ehg-morningstar.hitbox[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@tribalfusion[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@www.googleadservices[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@chitika[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@doubleclick[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@a1.interclick[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@eas.apm.emediate[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@smartadserver[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@xiti[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ads.undertone[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@burstnet[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@burstbeacon[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@at.atwola[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@cdn4.specificclick[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@collective-media[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@zedo[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@bluestreak[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@statcounter[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@adbrite[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@advertising[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ad.wsod[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@kontera[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@server.iad.liveperson[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@eyewonder[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@server.iad.liveperson[4].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@lucidmedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@richmedia.yahoo[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@specificclick[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@sales.liveperson[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@realmedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@tacoda[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ext-us.bestofmedia[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ad.yieldmanager[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ads.uncovering[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@microsoftwlcashback.112.2o7[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@apmebf[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@server.iad.liveperson[3].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@questionmarket[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@specificmedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@insightexpressai[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@www.burstnet[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@tracking.foxnews[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@mediaplex[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@sales.liveperson[3].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@ads.pointroll[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@imrworldwide[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@bs.serving-sys[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@www.burstbeacon[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@hitbox[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@adserver.adtechus[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@serving-sys[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@oasn04.247realmedia[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@bizrate[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@casalemedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@content.yieldmanager[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@foxinteractivemedia.122.2o7[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@revsci[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@247realmedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@www.googleadservices[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@content.yieldmanager[3].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@fastclick[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@atdmt[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@linksynergy[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@pointroll[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@network.realmedia[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@snapemedia[2].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@interclick[1].txt
C:\Documents and Settings\HarikrishnanA\Cookies\harikrishnana@www.googleadservices[3].txt
C:\Documents and Settings\kh\Cookies\kh@doubleclick[2].txt
C:\Documents and Settings\kh\Cookies\kh@revsci[2].txt
C:\Documents and Settings\kh\Cookies\kh@ads.cnn[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@clickagents[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.members.tripod[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@pathfinder[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@data.coremetrics[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hitbox[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@advertising[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@Middlesex-County[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@advertising[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hitbox[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@server.iad.liveperson[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@valueclick[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@valueclick[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.clickxchange[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.timesofindia[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@valueclick(1).txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ehg.hitbox[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@atdmt[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.commission-junction[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@insightfirst[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.commission-junction[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@atdmt[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@adserver[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@doubleclick(2).txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hc2.humanclick[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hc2.humanclick[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@trafficmp[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@doubleclick(1).txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@trafficmp[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@pennyweb[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bravenet[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.screensaver[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads4.clearchannel[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ehg-dig.hitbox[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@click-safe[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@timesofindia.indiatimes[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@zedo[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.shop-vermontcountrystore[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@counter.hitslink[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@linksynergy[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@fastclick[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ru4[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@doubleclick[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bluestreak[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bluestreak[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@fastclick[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@overture[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@overture[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@zedo[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@realmedia[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@doubleclick[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@fastclick[4].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@banners.adtractive[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@tripod[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@tripod[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads.link4ads[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads.link4ads[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.qksrv[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@addynamix[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@mediaplex[4].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hg1.hitbox[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@hg1.hitbox[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@mediaplex[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.qksrv[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@mediaplex[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@tribalfusion[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@tribalfusion[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@clickagents[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bfast[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bfast[3].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@db3.sitestats[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@bfast.txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads2.ah-ha[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@media3.sitebrand[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@members.tripod[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@adsys2.bannerhosts[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@statse.webtrendslive[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads.enliven[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.popuptraffic[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@servedby.advertising[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@servedby.advertising[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.vermontcountrystore[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@questionmarket[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@questionmarket[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@phg.hitbox[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@mediamgr.ugo[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@ads.cpabank[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@www.clickheretofind[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@adserver.ads360[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@clickability[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@adservingcentral[2].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@tpl1.realtracker[1].txt
C:\Documents and Settings\kh\My Documents\WINNT\Profiles\kh\Cookies\kh@data.coremetrics[1].txt


and the MBam log:
Malwarebytes' Anti-Malware 1.44
Database version: 3545
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/12/2010 2:07:05 AM
mbam-log-2010-01-12 (02-07-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 340963
Time elapsed: 1 hour(s), 33 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HarikrishnanA\Start Menu\Programs\Startup\Update Tool Notifier.exe (Trojan.Agent) -> Quarantined and deleted successfully.




#6 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 30 January 2010 - 11:09 AM

and the combofix.txt:
ComboFix 10-01-23.02 - HarikrishnanA 01/23/2010 12:21:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1344 [GMT -5:00]
Running from: c:\documents and settings\HarikrishnanA\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AegisP.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-21 14:31 . 2010-01-21 14:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-01-21 14:30 . 2010-01-21 14:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-01-21 14:28 . 2010-01-21 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-18 21:35 . 2010-01-18 21:40 -------- d-----w- c:\documents and settings\HarikrishnanA\Local Settings\Application Data\SUPERSystemInspector
2010-01-18 16:38 . 2010-01-18 16:38 -------- d-----w- C:\rsit
2010-01-18 16:13 . 2010-01-18 16:13 -------- d-----w- C:\index.php_files
2010-01-15 22:06 . 2010-01-15 22:06 -------- d-----w- C:\murach
2010-01-15 04:47 . 2010-01-15 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-01-14 16:49 . 2010-01-14 16:49 -------- d-----w- c:\program files\Trend Micro
2010-01-14 16:16 . 2010-01-14 16:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-14 16:16 . 2010-01-14 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-14 03:18 . 2010-01-14 03:18 -------- d-----w- c:\documents and settings\HarikrishnanA\DoctorWeb
2010-01-12 05:27 . 2010-01-12 05:27 -------- d-----w- c:\documents and settings\HarikrishnanA\Application Data\Malwarebytes
2010-01-12 05:27 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 05:27 . 2010-01-12 05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 05:27 . 2010-01-12 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 05:27 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 04:32 . 2010-01-12 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-12 04:32 . 2010-01-14 15:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-12 04:32 . 2010-01-12 04:32 -------- d-----w- c:\documents and settings\HarikrishnanA\Application Data\SUPERAntiSpyware.com
2010-01-12 04:20 . 2010-01-12 04:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-10 16:58 . 2010-01-10 16:58 -------- d-----w- c:\documents and settings\HarikrishnanA\Local Settings\Application Data\AGNS
2010-01-07 03:46 . 2010-01-17 18:43 -------- d-----w- c:\documents and settings\HarikrishnanA\.datastudio
2010-01-07 03:44 . 2010-01-07 03:45 -------- d-----w- C:\datastudio
2010-01-07 03:25 . 2009-03-07 19:23 -------- d---a-w- C:\xampplite
2010-01-07 02:41 . 2010-01-07 02:41 -------- d-----w- c:\program files\Apache Software Foundation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 17:27 . 2008-01-04 23:29 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-18 20:10 . 2008-01-05 01:02 -------- d-----w- c:\program files\Java
2010-01-15 04:43 . 2009-12-18 00:25 -------- d-----w- c:\program files\NetBeans 6.8
2010-01-14 01:21 . 2010-01-12 04:32 52224 ----a-w- c:\documents and settings\HarikrishnanA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 01:21 . 2010-01-12 04:32 117760 ----a-w- c:\documents and settings\HarikrishnanA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-12 05:27 . 2010-01-12 05:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 04:21 . 2008-01-04 23:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 16:04 . 2009-12-18 00:33 -------- d-----w- c:\program files\sges-v3
2009-12-19 16:03 . 2009-12-17 21:40 -------- d-----w- c:\documents and settings\HarikrishnanA\Application Data\updatetool
2009-12-18 16:19 . 2009-12-18 16:18 -------- d-----w- c:\program files\apache-ant-1.7.1
2009-12-17 21:32 . 2009-12-17 21:32 -------- d-----w- c:\program files\Sun
2009-12-17 21:31 . 2009-12-17 21:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 16:50 . 2009-12-09 16:50 287 ----a-w- c:\windows\EReg072.dat
2009-12-09 16:46 . 2009-12-09 16:46 -------- d-----w- c:\program files\Electronic Arts
2009-12-08 17:22 . 2009-12-08 17:22 -------- d-----w- c:\program files\Google
2009-12-07 17:13 . 2009-09-03 20:52 46048 ----a-w- c:\documents and settings\HarikrishnanA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 16:28 . 2009-12-01 16:25 -------- d-----w- c:\program files\Quake2
2009-11-22 01:26 . 2009-11-22 01:26 139152 ----a-w- c:\documents and settings\HarikrishnanA\Application Data\PnkBstrK.sys
2009-11-22 01:26 . 2009-11-22 01:26 139152 ----a-w- c:\documents and settings\HarikrishnanA\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"Client Access Service"="c:\cae\cwbsvstr.exe" [2005-06-06 20530]
"Client Access Help Update"="c:\cae\cwbinhlp.exe" [2005-06-06 24626]
"Client Access Check Version"="c:\cae\cwbckver.exe" [2005-06-06 45106]
"Client Access Express Welcome"="c:\cae\cwbwlwiz.exe" [2005-06-06 20480]
"Client Access PC5250 Sound"="c:\cae\Emulator\pcssnd.exe" [2005-06-06 40960]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-07-12 540672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-18 8433664]
"nwiz"="nwiz.exe" [2007-05-18 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-18 81920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-09 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"TpShocks"="TpShocks.exe" [2007-03-29 181808]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-05 110592]
"lcfep"="c:\tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" [2006-01-16 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-17 149280]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ConnectHomeDirToRoot"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-14 01:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 15:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 TivoliAP

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Tivoli\\lcf\\bin\\w32-ix86\\mrt\\lcfd.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_17\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_17\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_17\\bin\\jconsole.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\Program Files\\NetBeans 6.8\\bin\\netbeans.exe"=

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [10/5/2007 5:39 AM 3840]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/22/2009 5:53 PM 717296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 5:47 PM 19760]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2/18/2009 3:19 AM 16384]
R2 IBMFORTH;IBM Ayudame;c:\program files\IBM\Ayudame Utility\ayudame.exe [6/13/2006 11:22 AM 556544]
R2 lcfd;Tivoli Endpoint;c:\tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe [2/17/2009 11:27 AM 172032]
R2 MarimbaTuner;Marimba Tuner;c:\program files\marimba\tuner\Tuner.exe [10/8/2007 2:49 PM 32873]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 1:40 AM 115952]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [7/11/2007 8:38 PM 569344]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [8/20/2008 8:42 PM 370872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 9:48 PM 102448]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8/10/2007 7:01 AM 81920]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 3:59 PM 30336]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\HarikrishnanA\My Documents\Downloads\SABKUTIL.sys --> c:\documents and settings\HarikrishnanA\My Documents\Downloads\SABKUTIL.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [10/24/2009 1:21 AM 184832]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2007-10-10 23:55 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2009-02-18 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ccsra1.cc.com/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\documents and settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NetSP - restore settings on power failure - c:\program files\AT&T Global Network Client\NetSP.exe
Notify-ACNotify - ACNotify.dll
ActiveSetup-{125SYBASEASE} - c:\windows\System32\REG IMPORT sybase12.reg



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 12:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spyz.sys >>UNKNOWN [0x8A846938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba96cfc3
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> 0x8a8951f8
\Driver\iaStor -> iaStor.sys @ 0xba56a8e0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 1 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(252)
c:\windows\system32\TivoliAP.dll

- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\marimba\tuner\lib\jre\bin\java.exe
.
**************************************************************************
.
Completion time: 2010-01-23 12:33:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 17:33

Pre-Run: 75,227,623,424 bytes free
Post-Run: 75,223,519,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 156D9E259647C0F324AB50B999ABEB72


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 05 February 2010 - 06:57 AM

Hi,

very sorry about the delay. Do you still get disconnected?

Please provide a fresh log from OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 February 2010 - 10:55 AM

Hi Myrti,

Thanks for getting back to me, I should have PM'd you.... I know you're busy.

I reran OTL, twice actually. The extra.txt doc was not produced either time???? Anyway, here's the OTL.txt.

I just noticed a line 'Zone Labs', is this zone alarm? I know multi-firewalls are bad, I didn't install a second one. Anyway, just wanted to point that out


Thanks!



OTL logfile created on: 2/5/2010 10:37:55 AM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\HarikrishnanA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 70.14 Gb Free Space | 62.74% Space Free | Partition Type: NTFS
Drive D: | 698.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LTCORPL3BP433
Current User Name: HarikrishnanA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
PRC - [2010/01/08 11:45:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/17 16:31:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/17 16:31:42 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/02/17 11:38:18 | 00,032,873 | ---- | M] (Marimba, Inc.) -- C:\Program Files\marimba\tuner\Tuner.exe
PRC - [2008/08/20 20:42:42 | 00,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2007/08/10 17:30:40 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/08/10 17:30:12 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/07/11 20:53:58 | 00,540,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/07/11 20:53:50 | 01,126,400 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/07/11 20:44:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/07/11 20:38:44 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/07/11 20:32:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/07/11 20:22:44 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/11 19:19:00 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 15:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 14:58:40 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 14:51:48 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 23:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/27 01:33:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/04/16 11:33:18 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 11:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 11:17:58 | 00,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/04/16 11:14:24 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/04/09 15:23:56 | 01,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 18:40:48 | 00,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/09 13:49:42 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 12:16:48 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/27 18:09:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2006/09/06 15:39:10 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/07/05 00:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2006/06/15 01:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 01:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/06/13 11:22:26 | 00,556,544 | ---- | M] () -- C:\Program Files\IBM\Ayudame Utility\ayudame.exe
PRC - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 17:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/01/16 18:44:48 | 00,270,336 | ---- | M] () -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
PRC - [2006/01/16 18:44:48 | 00,172,032 | ---- | M] () -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe
PRC - [2005/08/01 05:10:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/02/10 13:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002/10/08 21:28:42 | 00,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/04/30 14:23:46 | 00,057,603 | ---- | M] (Oracle Corporation) -- c:\oracle\ora92\bin\omtsreco.exe


========== Modules (SafeList) ==========

MOD - [2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
MOD - [2008/05/13 10:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2007/08/10 17:30:34 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2007/05/17 23:53:00 | 01,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/17 23:53:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:56:42 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/17 16:31:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/17 11:38:18 | 00,032,873 | ---- | M] (Marimba, Inc.) [Auto | Running] -- C:\Program Files\marimba\tuner\Tuner.exe -- (MarimbaTuner)
SRV - [2008/08/20 20:42:42 | 00,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2007/07/11 20:53:50 | 01,126,400 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/07/11 20:44:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/07/11 20:38:44 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/07/11 20:22:44 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/11 19:19:00 | 00,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/17 23:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/04/16 11:33:18 | 00,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 11:21:20 | 00,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 11:14:24 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/27 18:09:06 | 00,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/27 17:35:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/09/27 06:38:06 | 00,007,680 | ---- | M] (IBM Corp) [Disabled | Stopped] -- C:\notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/06/15 01:40:28 | 00,115,952 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/13 11:22:26 | 00,556,544 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\Ayudame Utility\ayudame.exe -- (IBMFORTH)
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/01/16 18:44:48 | 00,172,032 | ---- | M] () [Auto | Running] -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe -- (lcfd)
SRV - [2005/02/10 13:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/04/30 14:23:46 | 00,057,603 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 18:34:38 | 00,242,328 | ---- | M] () [On_Demand | Stopped] -- c:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - [2010/01/13 20:20:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/10/22 17:53:27 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/27 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/27 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.009\NAVENG.SYS -- (NAVENG)
DRV - [2009/05/26 10:05:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/05/26 10:05:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/18 03:18:56 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/08/20 19:57:26 | 00,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/01/06 12:43:30 | 00,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/01/06 12:40:48 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/01/06 12:40:42 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/10 17:25:28 | 00,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/07/11 20:05:52 | 00,017,792 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/05/22 15:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/17 23:53:00 | 06,346,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/11 09:58:40 | 00,252,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/04/30 06:37:20 | 02,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/13 12:08:26 | 00,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/02 11:24:08 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 15:19:36 | 00,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/23 06:59:48 | 00,094,848 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/09 02:57:02 | 00,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/02 17:49:00 | 00,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 17:47:00 | 00,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 18:08:32 | 00,021,040 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/02/27 17:02:00 | 00,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/26 17:29:22 | 00,081,920 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/01/24 17:27:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/01/10 10:33:17 | 00,003,840 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/12/22 10:56:00 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 10:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 10:55:00 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/23 09:23:28 | 00,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/06/19 13:26:00 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/05/13 02:55:20 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (PMEM)
DRV - [2006/05/05 16:19:50 | 00,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 17:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/23 16:53:00 | 00,005,120 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/01/27 01:36:36 | 00,381,424 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/01/24 20:06:36 | 00,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 20:06:32 | 00,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 20:41:58 | 00,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 00,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/08 09:27:20 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/08/01 05:10:00 | 00,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 05:10:00 | 00,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 05:10:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 05:10:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 05:10:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 05:10:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 05:10:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/28 03:30:00 | 00,088,704 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/07/07 09:03:34 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 09:02:56 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/07/07 05:10:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/17 10:20:06 | 00,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/04/19 20:40:00 | 00,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/02/10 13:16:00 | 00,297,547 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/02/08 10:27:00 | 00,005,185 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2003/10/01 02:54:46 | 00,184,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8180.sys -- (LSWPCv4)
DRV - [2003/07/24 18:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 07:11:22 | 00,035,328 | ---- | M] (AMD Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcntpci5.sys -- (PCnet)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ccity.com
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Msproxy.ccs.com:80

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ccity.com
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = Msproxy.ccs.com:80

IE - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/21 09:30:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/08 11:45:35 | 00,000,000 | ---D | M]

[2009/09/23 22:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Extensions
[2010/02/04 21:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions
[2010/01/06 22:33:23 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/06 22:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HarikrishnanA\Application Data\Mozilla\Firefox\Profiles\ym0zi97h.default\extensions\firebug@software.joehewitt.com
[2010/02/04 21:47:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/23 12:28:08 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\CAE\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\CAE\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\CAE\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\CAE\Emulator\pcssnd.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\CAE\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [lcfep] C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe ()
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 1
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2078081759-132531100-1713639893-9348_Classes\Software\Policies\Microsoft\Internet Explorer\Main present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: adi-dist.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: amphire.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cexp.com ([ib2b] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cc.com ([eworkspace] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: egain.net ([ems00640] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: jamestower.com ([datamediator] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: keynomics.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcmconnect.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: microsoft.com ([partner] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: spiderweareops.com ([www] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: spiderwearops.com ([prod.cc] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vinimaya.net ([supplier] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: adi-dist.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: amphire.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cexp.com ([ib2b] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cc.com ([eworkspace] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: egain.net ([ems00640] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: jamestower.com ([datamediator] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: keynomics.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcmconnect.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: microsoft.com ([partner] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: spiderweareops.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: spiderwearops.com ([prod.cc] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vinimaya.net ([supplier] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://ccsra1.cc.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199645599578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cc.net
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINDOWS\System32\TivoliAP.dll (IBM Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/04 12:52:33 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/20 09:29:09 | 00,000,143 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/30 00:41:08 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
[2010/01/26 21:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\Desktop\samples
[2010/01/23 12:56:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HarikrishnanA\Desktop\RootRepeal.exe
[2010/01/23 12:14:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/23 12:13:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/23 12:13:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/23 12:13:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/23 12:13:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/23 12:10:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/23 11:58:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/18 11:38:30 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/18 11:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\tmp
[2010/01/18 11:13:27 | 00,000,000 | ---D | C] -- C:\index.php_files
[2010/01/15 17:06:48 | 00,000,000 | ---D | C] -- C:\murach
[2010/01/14 13:45:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help_files
[2010/01/13 22:18:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\DoctorWeb
[2010/01/12 00:27:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/12 00:27:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/10 21:36:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\IBM
[2010/01/06 22:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\.datastudio
[2010/01/06 22:44:28 | 00,000,000 | ---D | C] -- C:\datastudio
[2010/01/06 22:25:32 | 00,000,000 | ---D | C] -- C:\xampplite
[2010/01/06 21:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HarikrishnanA\My Documents\education
[2009/05/08 10:17:16 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp files -> C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/05 10:05:46 | 00,470,652 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/05 10:05:46 | 00,401,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/05 10:05:46 | 00,062,688 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/05 10:05:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/05 10:00:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/05 10:00:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/05 09:12:41 | 03,932,160 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\NTUSER.DAT
[2010/02/02 10:36:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/02 10:23:40 | 03,843,764 | R--- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\ComboFix.exe
[2010/01/30 00:41:08 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HarikrishnanA\Desktop\OTL.exe
[2010/01/23 12:56:50 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\settings.dat
[2010/01/23 12:55:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HarikrishnanA\Desktop\RootRepeal.exe
[2010/01/23 12:28:08 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/23 12:14:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/18 11:13:27 | 00,013,528 | ---- | M] () -- C:\index.php.html
[2010/01/14 13:46:00 | 00,086,816 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help.html
[2010/01/14 13:45:17 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.zip
[2010/01/14 13:45:01 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\dds.scr
[2010/01/14 11:49:45 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\HijackThis.lnk
[2010/01/14 11:16:49 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Spybot - Search & Destroy.lnk
[2010/01/14 10:17:56 | 03,184,944 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Local Settings\Application Data\IconCache.db
[2010/01/12 00:27:07 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 23:32:08 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/09 12:30:06 | 00,189,480 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 22:46:27 | 00,000,550 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\datastudio.exe.lnk
[2010/01/06 22:34:05 | 00,000,392 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to xampplite.lnk
[2010/01/06 21:00:14 | 00,000,718 | ---- | M] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to JavaEETutorial.pdf.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp files -> C:\Documents and Settings\HarikrishnanA\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/30 22:20:35 | 03,843,764 | R--- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\ComboFix.exe
[2010/01/23 12:56:50 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\settings.dat
[2010/01/23 12:14:27 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/23 12:14:20 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/23 12:13:07 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/23 12:13:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/23 12:13:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/23 12:13:07 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/23 12:13:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/18 11:13:27 | 00,013,528 | ---- | C] () -- C:\index.php.html
[2010/01/14 13:54:45 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.exe
[2010/01/14 13:46:00 | 00,086,816 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\My Documents\305963-new-instructions-read-before-posting-malware-removal-help.html
[2010/01/14 13:45:34 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\gmer.zip
[2010/01/14 13:45:30 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\dds.scr
[2010/01/14 11:49:45 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\HijackThis.lnk
[2010/01/14 11:16:49 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Spybot - Search & Destroy.lnk
[2010/01/12 00:27:07 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 23:32:08 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/06 22:45:44 | 00,000,550 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\datastudio.exe.lnk
[2010/01/06 22:34:05 | 00,000,392 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to xampplite.lnk
[2010/01/06 21:00:14 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Desktop\Shortcut to JavaEETutorial.pdf.lnk
[2009/12/19 22:43:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/18 10:52:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/12/01 12:27:21 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/11/21 20:26:36 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\HarikrishnanA\Application Data\PnkBstrK.sys
[2009/10/22 17:53:27 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/18 03:20:24 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/02/18 03:20:01 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/02/18 03:17:54 | 00,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/18 03:16:53 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009/02/17 11:27:38 | 00,000,221 | ---- | C] () -- C:\WINDOWS\multi.ini
[2009/02/17 11:26:28 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/02/17 11:26:27 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/01/09 17:30:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/04 20:52:45 | 00,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/01/04 20:49:20 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/01/04 20:49:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/01/04 20:49:20 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/01/04 20:49:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/01/04 20:49:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/01/04 20:49:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/01/04 20:49:18 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/01/04 20:49:18 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/01/04 20:44:54 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\C000046W.sys
[2008/01/04 20:44:42 | 00,000,036 | ---- | C] () -- C:\WINDOWS\notes.ini
[2008/01/04 20:29:22 | 02,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/04 19:18:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/04 13:39:01 | 00,000,359 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/08/10 07:02:35 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/10 07:02:35 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/10 07:02:32 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/10 07:02:27 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/10/17 07:27:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/15 21:16:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dsedit.INI
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/07/30 08:24:34 | 00,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 00:05:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\Storage\IaStor.sys
[2007/07/12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\others\storage\iastor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 05 February 2010 - 12:44 PM

Hi,

vsdatant.sys is indeed part of the zonealarm firewall, however it seems to be a leftover (or is used by another program) since it is the only file from ZoneAlarm present on the PC.

Which firewall do you currently use? Are you still getting disconnected?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 February 2010 - 12:51 PM

I use the XP firewall. I am still getting disconnected

thanks

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 05 February 2010 - 02:45 PM

Hi,

please run the following batch to get more infoe about the zonelabs service:

Open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
sc query vsdatant >"%temp%\log.txt"
"%tempt%\log.txt"
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 February 2010 - 02:55 PM

here you go:


SERVICE_NAME: vsdatant
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 05 February 2010 - 03:05 PM

Hi,

then please run the following batch:

Open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
sc config vsdatant start= disabled
  • Save the file as disable.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "disable.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • After running it please reboot and run the first batch regquery.bat again and post the log in your next reply.

Please also check if you get disconnected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 lowpine

lowpine
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 05 February 2010 - 04:15 PM

Hi Myrti,

I ran the disable script, but the settings seem not to have changed. Here's the output from the regquery.bat:


SERVICE_NAME: vsdatant
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

thanks

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:48 PM

Posted 05 February 2010 - 04:44 PM

Hi,

it seems like we will need something a little more powerful then.

Please run a registry backup wit Erunt:

Please follow steps 1-3 behind this link to backup your registry with ERUNT (use current date while naming the location).

And then run the following fix:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    DRV - [2006/01/27 01:36:36 | 00,381,424 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users