Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection occuring whenever browser open


  • This topic is locked This topic is locked
12 replies to this topic

#1 asherrswift

asherrswift

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 28 February 2010 - 07:39 PM

Last week I allowed a friend to use my laptop and discovered she had somehow downloaded a trojan "security essentials 2010". Had a hard time removing this one. I think I have finally gotten it clear but I am still experiencing redirections whenever I have Internet Explorer open. I am also seeing schost crashing approx 5-10 mins after opening explorer.

System: Windows XP Service Pack 3
Internet Explorer 8

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:40 PM, on 2/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
C:\WINDOWS\Explorer.EXE
C:\SFU\usr\sbin\inetd
C:\SFU\usr\sbin\cron
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://itdept/issuetrak
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-930775291-1011467947-637194653-4282\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-930775291-1011467947-637194653-4680\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-930775291-1011467947-637194653-4978\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1261091132951
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.lyonsmfg.com/Remote/msrdp.cab
O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} (JDEWebRTFEdit Control) - http://oneworld:81/jde/axctls/jdewebctls.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DEA985BB-7945-11D4-97AF-0006297090B0} (JDEExcelAuto Control) - http://oneworld:81/jde/axctls/jdeexpimp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.webex.com/client/T26L10NS...bex/ieatgpc.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://rvam1-jfk.globalcrossing.net/dana-c...SetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maesimi.com
O17 - HKLM\Software\..\Telephony: DomainName = maesimi.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = maesimi.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = maesimi.com
O20 - AppInit_DLLs: metunoba.dll c:\windows\system32\zagotumo.dll
O21 - SSODL: tutefivaw - {7b2eb60d-3de9-4765-8b6b-6138edcdd10f} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {7b2eb60d-3de9-4765-8b6b-6138edcdd10f} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Projects\Personal\tropical_sunset_Space_Dual_3200x1200.jpg

--
End of file - 12111 bytes

Edited by Orange Blossom, 28 February 2010 - 08:20 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 06 March 2010 - 04:55 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic,

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 asherrswift

asherrswift
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 07 March 2010 - 08:00 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 16:42:21
Windows 5.1.2600 Service Pack 3
Running: oliwbhly.exe; Driver: C:\DOCUME~1\jcarter\LOCALS~1\Temp\fwlyrfob.sys


---- System - GMER 1.0.15 ----

SSDT 8A6C7980 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB811887E]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAC96B350]
SSDT 8A585590 ZwQueryValueKey
SSDT 8A6DB590 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAC96B580]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device -> \Driver\iaStor \Device\Harddisk0\DR0 8B2A381A

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

info.txt logfile of random's system information tool 1.06 2010-03-07 16:26:24

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apollo Loop Calculator-->MsiExec.exe /X{73C53B05-C23F-4E15-AD34-10BCEB7DEC58}
AudioBurst FX Engine-->C:\Program Files\QO Labs\AudioBurst\uninstall.exe
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
eDrawings 2007-->MsiExec.exe /I{75FEB085-179F-4C85-B0E4-B517D2160750}
Enabling SMARTEAM in .NET 2.0 environment-->MsiExec.exe /X{244EB695-9A5C-4625-8777-BCA1ACC83E27}
Enterprise Vault User Extensions-->MsiExec.exe /I{03522506-11CE-42CF-86A1-1BE43F443E9A}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FastStone Image Viewer 3.6-->C:\Program Files\FastStone Image Viewer\uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Juniper Networks Network Connect 6.4.0-->"C:\Program Files\Juniper Networks\Network Connect 6.4.0\uninstall.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 5.2.13-->"d:\software\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 3.0 - ENU-->MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Microsoft Windows Services for UNIX-->MsiExec.exe /I{51065952-A485-4AA5-8884-2E093B3C6206}
MSDN Library for Visual Studio 2008 - ENU-->C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU-->MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
National Instruments Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Oz776 SCR Driver V1.1.4.2-->C:\Program Files\InstallShield Installation Information\{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}\setup.exe -runfromtemp -l0x0409
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\setup.exe" -l0x9 -cluninstall
RazorPC(Clients: Issues,Versions,Threads)-->C:\WINDOWS\IsUninst.exe -fC:\Visible\RazorPC.isu
RazorSCC(3rd party IDE integration)-->C:\WINDOWS\IsUninst.exe -fC:\Visible\RazorSCC.isu
RF-SMART for OneWorld-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{863016A2-F945-4F8F-8AAB-76D14951BBD9}\setup.exe"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SMARTEAM - Editor-->MsiExec.exe /i{806580F0-A2CF-44F3-8B15-3166D028F6FD}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sonic Foundry ACID 4.0e-->MsiExec.exe /I{9B7DE025-A6AF-446B-86BE-3BD9604B498A}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Telelogic DOORS 8.3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{20E46ECE-1207-4236-8A0D-060406070547}
UltraEdit 14.10-->MsiExec.exe /I{3DC39FD3-6453-455B-9727-B8FD15000CEF}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual DJ - Atomix Productions-->F:\PROGRA~1\VIRTUA~1\UNWISE.EXE F:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

======System event log======

Computer Name: L-MSSI-53CPWG1
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 959 minutes.
NtpClient has no source of accurate time.

Record Number: 759566
Source Name: W32Time
Time Written: 20090705092857.000000-420
Event Type: error
User:

Computer Name: L-MSSI-53CPWG1
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 960 minutes.

Record Number: 759565
Source Name: W32Time
Time Written: 20090705092857.000000-420
Event Type: warning
User:

Computer Name: L-MSSI-53CPWG1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 733524
Source Name: W32Time
Time Written: 20090705072252.000000-420
Event Type: warning
User:

Computer Name: L-MSSI-53CPWG1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001F3C9AFD6C. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 713139
Source Name: Dhcp
Time Written: 20090705054408.000000-420
Event Type: warning
User:

Computer Name: L-MSSI-53CPWG1
Event Code: 5719
Message: No Domain Controller is available for domain MAESIMI due to the following:
There are currently no logon servers available to service the logon request.
.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Record Number: 703254
Source Name: NETLOGON
Time Written: 20090705045616.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: L-MSSI-53CPWG1
Event Code: 1
Message:

Successfully opened configuration database.

Record Number: 46
Source Name: NI Configuration Manager
Time Written: 20100218132300.000000-480
Event Type:
User: NT AUTHORITY\SYSTEM

Computer Name: L-MSSI-53CPWG1
Event Code: 1
Message:

Opening configuration database.

Record Number: 45
Source Name: NI Configuration Manager
Time Written: 20100218132259.000000-480
Event Type:
User: NT AUTHORITY\SYSTEM

Computer Name: L-MSSI-53CPWG1
Event Code: 1
Message:

Opening configuration database.

Record Number: 44
Source Name: NI Configuration Manager
Time Written: 20100218132259.000000-480
Event Type:
User: NT AUTHORITY\SYSTEM

Computer Name: L-MSSI-53CPWG1
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 6
Source Name: AutoEnrollment
Time Written: 20100218132251.000000-480
Event Type: error
User:

Computer Name: L-MSSI-53CPWG1
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 5
Source Name: Userenv
Time Written: 20100218132251.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DISPLAY"=localhost:0.0
"EDITOR"=vi
"FP_NO_HOST_CHECK"=NO
"FTP_PASSIVE"=1
"INTERIX_ROOT"=/dev/fs/C/SFU/
"INTERIX_ROOT_WIN"=C:\SFU\
"KMP_DUPLICATE_LIB_OK"=TRUE
"LD_LIBRARY_PATH"=/usr/lib:/usr/X11R6/lib
"MKL_SERIAL"=YES
"NUMBER_OF_PROCESSORS"=2
"OPENNT_ROOT"=/dev/fs/C/SFU/
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\SMARTEAM\bin;C:\SFU\common;C:\strawberry\c\bin;C:\strawberry\perl\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"SFUDIR"=C:\SFU\
"SFUDIR_INTERIX"=/dev/fs/C/SFU/
"TELELOGIC_LICENSE_FILE"=19353@ussvs001doors.maesimi.com;19353@engrsrvr.maesimi.com;36677@ussvs001doors.maesimi.com;19353@ussvs001doors;;36677@ussvs001doors.maesimi.com;19353@ussvs001doors;25734@stwebapps01.maesimi.com;;19353@engrsrvr.maesimi.com;36677@ussvs001doors.maesimi.com;19353@ussvs001doors;;36677@ussvs001doors.maesimi.com;19353@ussvs001doors;
"TEMP"=%SystemRoot%\TEMP
"TERM"=dumb
"TMP"=%SystemRoot%\TEMP
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"windir"=%SystemRoot%
"XAPPLRESDIR"=/usr/X11R6/lib/X11/app-defaults
"XCMSDB"=/usr/X11R6/lib/X11/Xcms.txt
"XKEYSYMDB"=/usr/X11R6/lib/X11/XKeysymDB
"XNLSPATH"=/usr/X11R6/lib/X11/locale

-----------------EOF-----------------

vice: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Projects\Personal\tropical_sunset_Space_Dual_3200x1200.jpg

--
End of file - 11343 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Visible\RazorPC\bin\Issues.exe"="C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:The problem tracking tool from the Razor suite"
"C:\Visible\RazorPC\bin\Versions.exe"="C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:This is the file-control tool from the Razor suite."
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe"="C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:DOORS"
"F:\World of Warcraft\Launcher.exe"="F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"F:\Program Files\Ventrilo\Ventrilo.exe"="F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe"="C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Disabled:Adobe Flash CS4 Professional"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Visible\RazorPC\bin\Issues.exe"="C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:razor_Issues"
"C:\Visible\RazorPC\bin\rzFrame.exe"="C:\Visible\RazorPC\bin\rzFrame.exe:*:Enabled:razor_rzFrame"
"C:\Visible\RazorPC\bin\Threads.exe"="C:\Visible\RazorPC\bin\Threads.exe:*:Enabled:razor_Threads"
"C:\Visible\RazorPC\bin\Versions.exe"="C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:razor_Versions"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe"="C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:Doors"

======File associations======

.ini - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"
.txt - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-07 16:26:15 ----D---- C:\rsit
2010-03-01 16:56:46 ----A---- C:\ComboFix.txt
2010-03-01 16:26:44 ----A---- C:\Boot.bak
2010-03-01 16:26:38 ----RASHD---- C:\cmdcons
2010-03-01 16:24:11 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-01 16:24:11 ----A---- C:\WINDOWS\MBR.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\zip.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWSC.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWREG.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\sed.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\PEV.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\grep.exe
2010-03-01 16:23:52 ----D---- C:\WINDOWS\ERDNT
2010-03-01 16:23:19 ----AD---- C:\Qoobox
2010-02-28 15:57:24 ----D---- C:\Program Files\Trend Micro
2010-02-28 13:44:10 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-02-22 14:40:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-02-19 21:53:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-19 21:00:29 ----D---- C:\Program Files\Lavasoft
2010-02-19 21:00:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-19 19:58:21 ----D---- C:\Program Files\Common Files\iS3
2010-02-18 16:43:08 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-18 16:40:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-18 13:11:39 ----D---- C:\Documents and Settings\jcarter\Application Data\Malwarebytes
2010-02-18 12:55:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 12:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-18 11:11:55 ----D---- C:\Documents and Settings\jcarter\Application Data\Sun
2010-02-17 16:16:12 ----D---- C:\Documents and Settings\jcarter\Application Data\Help

======List of files/folders modified in the last 1 months======

2010-03-07 16:26:19 ----D---- C:\WINDOWS\Prefetch
2010-03-07 16:26:08 ----SD---- C:\WINDOWS\Tasks
2010-03-07 16:25:26 ----D---- C:\WINDOWS\Temp
2010-03-07 16:24:38 ----D---- C:\MDT
2010-03-07 16:24:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-07 16:24:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-07 16:23:05 ----SHD---- C:\WINDOWS\CSC
2010-03-06 17:03:40 ----D---- C:\WINDOWS\system32
2010-03-05 17:13:03 ----SHD---- C:\WINDOWS\Installer
2010-03-05 17:13:03 ----D---- C:\Config.Msi
2010-03-05 17:13:03 ----A---- C:\WINDOWS\ODBC.INI
2010-03-05 08:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-03-05 08:07:14 ----D---- C:\WINDOWS\system32\drivers
2010-03-05 08:06:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-05 08:06:18 ----RD---- C:\Program Files
2010-03-04 11:38:37 ----A---- C:\WINDOWS\Razor.ini
2010-03-04 10:55:20 ----D---- C:\WINDOWS\security
2010-03-01 16:50:10 ----D---- C:\WINDOWS
2010-03-01 16:50:10 ----A---- C:\WINDOWS\system.ini
2010-03-01 16:45:33 ----D---- C:\WINDOWS\system32\config
2010-03-01 16:42:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-01 16:39:45 ----D---- C:\WINDOWS\AppPatch
2010-03-01 16:39:45 ----D---- C:\Program Files\Common Files
2010-03-01 16:26:44 ----RASH---- C:\boot.ini
2010-03-01 16:23:15 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-25 11:36:38 ----SD---- C:\Documents and Settings\jcarter\Application Data\Microsoft
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-22 11:06:27 ----D---- C:\WINDOWS\Internet Logs
2010-02-22 11:06:16 ----HD---- C:\WINDOWS\inf
2010-02-21 18:28:13 ----A---- C:\WINDOWS\wininit.ini
2010-02-19 23:58:02 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-19 21:53:24 ----D---- C:\WINDOWS\WinSxS
2010-02-19 21:01:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-19 20:13:32 ----D---- C:\WINDOWS\Minidump
2010-02-19 19:58:36 ----D---- C:\Documents and Settings
2010-02-19 09:11:15 ----D---- C:\Program Files\Mozilla Firefox
2010-02-19 09:09:07 ----D---- C:\Program Files\BitTorrent
2010-02-18 23:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2010-02-18 23:05:17 ----SHD---- C:\System Volume Information
2010-02-18 23:05:17 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 22:54:49 ----D---- C:\WINDOWS\Registration
2010-02-18 14:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-18 12:34:48 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-14 15:52:50 ----D---- C:\Documents and Settings\jcarter\Application Data\BSplayer
2010-02-09 08:32:06 ----D---- C:\Documents and Settings\jcarter\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-07 278984]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-07 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2009-03-11 23552]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-03-26 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100226.006\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100226.006\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 Portmap;Portmap; \??\C:\WINDOWS\system32\drivers\portmap.sys []
R3 PsxDrv;PsxDrv; \??\C:\WINDOWS\system32\drivers\PSXDRV.SYS []
R3 RpcXdr;RpcXdr; \??\C:\WINDOWS\system32\drivers\rpcxdr.sys []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2009-03-11 611624]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-03-27 165160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-29 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-19 1229232]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2008-06-17 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2008-06-17 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2008-06-17 50736]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2008-04-02 12696]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2008-06-17 213552]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-11-06 8656]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2008-06-20 607848]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-15 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-15 103736]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [2007-05-10 94208]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 zzInterix;Interix Subsystem Startup; C:\WINDOWS\system32\PSXRUN.EXE [2003-11-08 66480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2008-06-12 1007616]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 CronService;Windows Cron Service; C:\SFU\common\cron.exe [2003-11-08 47536]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Edited by asherrswift, 07 March 2010 - 08:03 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 07 March 2010 - 08:49 PM

  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Click Start >> Run then copy and paste the following bold command line into the Run box and click OK.
  • Double click on TDSSKiller.exe to run it.
  • If it finds something and asks you what to do, follow the instructions to type in "delete".
  • When done, a log file should be created on your C: drive called TDSSKiller.txt please post this log in your next reply.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • TDSSKiller.txt
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#5 asherrswift

asherrswift
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 07 March 2010 - 11:45 PM

20:17:30:250 3744 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
20:17:30:250 3744 ================================================================================
20:17:30:250 3744 SystemInfo:

20:17:30:250 3744 OS Version: 5.1.2600 ServicePack: 3.0
20:17:30:250 3744 Product type: Workstation
20:17:30:250 3744 ComputerName: L-MSSI-53CPWG1
20:17:30:250 3744 UserName: jcarter
20:17:30:250 3744 Windows directory: C:\WINDOWS
20:17:30:250 3744 Processor architecture: Intel x86
20:17:30:250 3744 Number of processors: 2
20:17:30:250 3744 Page size: 0x1000
20:17:30:250 3744 Boot type: Normal boot
20:17:30:250 3744 ================================================================================
20:17:30:265 3744 UnloadDriverW: NtUnloadDriver error 2
20:17:30:265 3744 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:17:30:281 3744 Initialize success
20:17:30:281 3744
20:17:30:281 3744 Scanning Services ...
20:17:30:281 3744 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:17:30:281 3744 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:17:30:281 3744 wfopen_ex: Trying to KLMD file open
20:17:30:281 3744 wfopen_ex: File opened ok (Flags 2)
20:17:30:281 3744 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:17:30:281 3744 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:17:30:281 3744 wfopen_ex: Trying to KLMD file open
20:17:30:281 3744 wfopen_ex: File opened ok (Flags 2)
20:17:30:406 3744 GetAdvancedServicesInfo: Raw services enum returned 410 services
20:17:30:421 3744 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:17:30:421 3744 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:17:30:421 3744
20:17:30:421 3744 Scanning Kernel memory ...
20:17:30:421 3744 Devices to scan: 5
20:17:30:421 3744
20:17:30:421 3744 Driver Name: Disk
20:17:30:421 3744 IRP_MJ_CREATE : B810EBB0
20:17:30:421 3744 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
20:17:30:421 3744 IRP_MJ_CLOSE : B810EBB0
20:17:30:421 3744 IRP_MJ_READ : B8108D1F
20:17:30:421 3744 IRP_MJ_WRITE : B8108D1F
20:17:30:421 3744 IRP_MJ_QUERY_INFORMATION : 804F4562
20:17:30:421 3744 IRP_MJ_SET_INFORMATION : 804F4562
20:17:30:421 3744 IRP_MJ_QUERY_EA : 804F4562
20:17:30:421 3744 IRP_MJ_SET_EA : 804F4562
20:17:30:421 3744 IRP_MJ_FLUSH_BUFFERS : B81092E2
20:17:30:421 3744 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
20:17:30:421 3744 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
20:17:30:421 3744 IRP_MJ_DIRECTORY_CONTROL : 804F4562
20:17:30:421 3744 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
20:17:30:421 3744 IRP_MJ_DEVICE_CONTROL : B81093BB
20:17:30:421 3744 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
20:17:30:421 3744 IRP_MJ_SHUTDOWN : B81092E2
20:17:30:421 3744 IRP_MJ_LOCK_CONTROL : 804F4562
20:17:30:421 3744 IRP_MJ_CLEANUP : 804F4562
20:17:30:421 3744 IRP_MJ_CREATE_MAILSLOT : 804F4562
20:17:30:421 3744 IRP_MJ_QUERY_SECURITY : 804F4562
20:17:30:421 3744 IRP_MJ_SET_SECURITY : 804F4562
20:17:30:421 3744 IRP_MJ_POWER : B810AC82
20:17:30:421 3744 IRP_MJ_SYSTEM_CONTROL : B810F99E
20:17:30:421 3744 IRP_MJ_DEVICE_CHANGE : 804F4562
20:17:30:421 3744 IRP_MJ_QUERY_QUOTA : 804F4562
20:17:30:421 3744 IRP_MJ_SET_QUOTA : 804F4562
20:17:30:437 3744 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:17:30:437 3744 sion
20:17:30:437 3744 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:17:30:437 3744
20:17:30:437 3744 Driver Name: USBSTOR
20:17:30:437 3744 IRP_MJ_CREATE : B835D218
20:17:30:437 3744 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
20:17:30:437 3744 IRP_MJ_CLOSE : B835D218
20:17:30:437 3744 IRP_MJ_READ : B835D23C
20:17:30:437 3744 IRP_MJ_WRITE : B835D23C
20:17:30:437 3744 IRP_MJ_QUERY_INFORMATION : 804F4562
20:17:30:437 3744 IRP_MJ_SET_INFORMATION : 804F4562
20:17:30:437 3744 IRP_MJ_QUERY_EA : 804F4562
20:17:30:437 3744 IRP_MJ_SET_EA : 804F4562
20:17:30:437 3744 IRP_MJ_FLUSH_BUFFERS : 804F4562
20:17:30:437 3744 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
20:17:30:437 3744 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
20:17:30:437 3744 IRP_MJ_DIRECTORY_CONTROL : 804F4562
20:17:30:437 3744 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
20:17:30:437 3744 IRP_MJ_DEVICE_CONTROL : B835D180
20:17:30:437 3744 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83589E6
20:17:30:437 3744 IRP_MJ_SHUTDOWN : 804F4562
20:17:30:437 3744 IRP_MJ_LOCK_CONTROL : 804F4562
20:17:30:437 3744 IRP_MJ_CLEANUP : 804F4562
20:17:30:437 3744 IRP_MJ_CREATE_MAILSLOT : 804F4562
20:17:30:437 3744 IRP_MJ_QUERY_SECURITY : 804F4562
20:17:30:437 3744 IRP_MJ_SET_SECURITY : 804F4562
20:17:30:437 3744 IRP_MJ_POWER : B835C5F0
20:17:30:437 3744 IRP_MJ_SYSTEM_CONTROL : B835AA6E
20:17:30:437 3744 IRP_MJ_DEVICE_CHANGE : 804F4562
20:17:30:437 3744 IRP_MJ_QUERY_QUOTA : 804F4562
20:17:30:437 3744 IRP_MJ_SET_QUOTA : 804F4562
20:17:30:437 3744 siohd: 0
20:17:30:453 3744 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:17:30:453 3744
20:17:30:453 3744 Driver Name: Disk
20:17:30:453 3744 IRP_MJ_CREATE : B810EBB0
20:17:30:453 3744 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
20:17:30:453 3744 IRP_MJ_CLOSE : B810EBB0
20:17:30:453 3744 IRP_MJ_READ : B8108D1F
20:17:30:453 3744 IRP_MJ_WRITE : B8108D1F
20:17:30:453 3744 IRP_MJ_QUERY_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_SET_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_EA : 804F4562
20:17:30:453 3744 IRP_MJ_SET_EA : 804F4562
20:17:30:453 3744 IRP_MJ_FLUSH_BUFFERS : B81092E2
20:17:30:453 3744 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_DIRECTORY_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_DEVICE_CONTROL : B81093BB
20:17:30:453 3744 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
20:17:30:453 3744 IRP_MJ_SHUTDOWN : B81092E2
20:17:30:453 3744 IRP_MJ_LOCK_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_CLEANUP : 804F4562
20:17:30:453 3744 IRP_MJ_CREATE_MAILSLOT : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_SECURITY : 804F4562
20:17:30:453 3744 IRP_MJ_SET_SECURITY : 804F4562
20:17:30:453 3744 IRP_MJ_POWER : B810AC82
20:17:30:453 3744 IRP_MJ_SYSTEM_CONTROL : B810F99E
20:17:30:453 3744 IRP_MJ_DEVICE_CHANGE : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_QUOTA : 804F4562
20:17:30:453 3744 IRP_MJ_SET_QUOTA : 804F4562
20:17:30:453 3744 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:17:30:453 3744 sion
20:17:30:453 3744 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:17:30:453 3744
20:17:30:453 3744 Driver Name: Disk
20:17:30:453 3744 IRP_MJ_CREATE : B810EBB0
20:17:30:453 3744 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
20:17:30:453 3744 IRP_MJ_CLOSE : B810EBB0
20:17:30:453 3744 IRP_MJ_READ : B8108D1F
20:17:30:453 3744 IRP_MJ_WRITE : B8108D1F
20:17:30:453 3744 IRP_MJ_QUERY_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_SET_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_EA : 804F4562
20:17:30:453 3744 IRP_MJ_SET_EA : 804F4562
20:17:30:453 3744 IRP_MJ_FLUSH_BUFFERS : B81092E2
20:17:30:453 3744 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
20:17:30:453 3744 IRP_MJ_DIRECTORY_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_DEVICE_CONTROL : B81093BB
20:17:30:453 3744 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
20:17:30:453 3744 IRP_MJ_SHUTDOWN : B81092E2
20:17:30:453 3744 IRP_MJ_LOCK_CONTROL : 804F4562
20:17:30:453 3744 IRP_MJ_CLEANUP : 804F4562
20:17:30:453 3744 IRP_MJ_CREATE_MAILSLOT : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_SECURITY : 804F4562
20:17:30:453 3744 IRP_MJ_SET_SECURITY : 804F4562
20:17:30:453 3744 IRP_MJ_POWER : B810AC82
20:17:30:453 3744 IRP_MJ_SYSTEM_CONTROL : B810F99E
20:17:30:453 3744 IRP_MJ_DEVICE_CHANGE : 804F4562
20:17:30:453 3744 IRP_MJ_QUERY_QUOTA : 804F4562
20:17:30:453 3744 IRP_MJ_SET_QUOTA : 804F4562
20:17:30:453 3744 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:17:30:453 3744 sion
20:17:30:468 3744 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:17:30:468 3744
20:17:30:468 3744 Driver Name: iaStor
20:17:30:468 3744 IRP_MJ_CREATE : 8B1DA81A
20:17:30:468 3744 IRP_MJ_CREATE_NAMED_PIPE : 8B1DA81A
20:17:30:468 3744 IRP_MJ_CLOSE : 8B1DA81A
20:17:30:468 3744 IRP_MJ_READ : 8B1DA81A
20:17:30:468 3744 IRP_MJ_WRITE : 8B1DA81A
20:17:30:468 3744 IRP_MJ_QUERY_INFORMATION : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SET_INFORMATION : 8B1DA81A
20:17:30:468 3744 IRP_MJ_QUERY_EA : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SET_EA : 8B1DA81A
20:17:30:468 3744 IRP_MJ_FLUSH_BUFFERS : 8B1DA81A
20:17:30:468 3744 IRP_MJ_QUERY_VOLUME_INFORMATION : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SET_VOLUME_INFORMATION : 8B1DA81A
20:17:30:468 3744 IRP_MJ_DIRECTORY_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_FILE_SYSTEM_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_DEVICE_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SHUTDOWN : 8B1DA81A
20:17:30:468 3744 IRP_MJ_LOCK_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_CLEANUP : 8B1DA81A
20:17:30:468 3744 IRP_MJ_CREATE_MAILSLOT : 8B1DA81A
20:17:30:468 3744 IRP_MJ_QUERY_SECURITY : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SET_SECURITY : 8B1DA81A
20:17:30:468 3744 IRP_MJ_POWER : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SYSTEM_CONTROL : 8B1DA81A
20:17:30:468 3744 IRP_MJ_DEVICE_CHANGE : 8B1DA81A
20:17:30:468 3744 IRP_MJ_QUERY_QUOTA : 8B1DA81A
20:17:30:468 3744 IRP_MJ_SET_QUOTA : 8B1DA81A
20:17:30:468 3744 ihd: 4, FFDF0308, 333, 121, 3, 109, 1
20:17:30:468 3744 Driver "iaStor" Irp handler infected by TDSS rootkit ... 20:17:30:468 3744 cured
20:17:30:468 3744 siohd: 1
20:17:30:468 3744 Driver "iaStor" StartIo handler infected by TDSS rootkit ... 20:17:30:468 3744 cured
20:17:30:500 3744 C:\WINDOWS\system32\DRIVERS\iaStor.sys - Verdict: Infected
20:17:30:500 3744 File C:\WINDOWS\system32\DRIVERS\iaStor.sys infected by TDSS rootkit ... 20:17:30:500 3744 Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:17:30:500 3744 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
20:17:30:750 3744 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\OemDir\*) error 3
20:17:31:156 3744 !fdfb7
20:17:31:187 3744 vfvi6
20:17:31:531 3744 dsvbh1
20:17:31:531 3744 Backup copy2 found, using it..
20:17:31:546 3744 will be cured on next reboot
20:17:31:546 3744 Reboot required for cure complete..
20:17:31:562 3744 Cure on reboot scheduled successfully
20:17:31:562 3744
20:17:31:562 3744 Completed
20:17:31:562 3744
20:17:31:562 3744 Results:
20:17:31:562 3744 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
20:17:31:562 3744 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:17:31:562 3744 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:17:31:562 3744
20:17:31:562 3744 UnloadDriverW: NtUnloadDriver error 1
20:17:31:562 3744 KLMD_Unload: UnloadDriverW(klmd21) error 1
20:17:31:562 3744 KLMD(ARK) unloaded successfully

OTL Extras logfile created on: 3/7/2010 8:29:22 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\jcarter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 5.73 Gb Free Space | 15.37% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.12 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 791.89 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-MSSI-53CPWG1
Current User Name: jcarter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
.ini [@ = UltraEdit.ini] -- C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\av.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\av.exe File not found

[HKEY_USERS\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "F:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Visible\RazorPC\bin\Issues.exe" = C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:razor_Issues -- (Visible Systems Corporation)
"C:\Visible\RazorPC\bin\rzFrame.exe" = C:\Visible\RazorPC\bin\rzFrame.exe:*:Enabled:razor_rzFrame -- (Visible Systems Corporation)
"C:\Visible\RazorPC\bin\Threads.exe" = C:\Visible\RazorPC\bin\Threads.exe:*:Enabled:razor_Threads -- (Visible Systems Corporation)
"C:\Visible\RazorPC\bin\Versions.exe" = C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:razor_Versions -- (Visible Systems Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe" = C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:Doors -- (Telelogic AB)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Visible\RazorPC\bin\Issues.exe" = C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:The problem tracking tool from the Razor suite -- (Visible Systems Corporation)
"C:\Visible\RazorPC\bin\Versions.exe" = C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:This is the file-control tool from the Razor suite. -- (Visible Systems Corporation)
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe" = C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:DOORS -- (Telelogic AB)
"F:\World of Warcraft\Launcher.exe" = F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Program Files\Ventrilo\Ventrilo.exe" = F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Disabled:Adobe Flash CS4 Professional -- (Adobe Systems Incorporated.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03522506-11CE-42CF-86A1-1BE43F443E9A}" = Enterprise Vault User Extensions
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03C631E5-D677-43AB-9676-D07D64D255CA}" = NI Logos LabVIEW 8.6 Support
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{071ED036-038F-4F6C-8188-B5E02602C8AD}" = NI LabVIEW MAX XML
"{07A06373-45B0-4A7C-AA53-7A81CE05664E}" = NI LabVIEW 8.6 CINtools
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FCF7010-B3AF-4401-B372-EA72ED4A781D}" = NI MDF Support
"{14AE4373-C1DD-4578-9C47-1BDA49A5A8FE}" = NI LabVIEW 8.6 Manuals
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16AF46BD-5ED9-4E2B-84D4-DC40354BAD19}" = NI Trace Engine
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199DA648-61E8-45F1-B535-E69DF1113060}" = NI Remote Provider for MAX
"{1C85CCAA-9616-439B-897D-8E618EA2EA61}" = NI Assistant Framework LabVIEW Code Generator 8.6
"{20E46ECE-1207-4236-8A0D-060406070547}" = Telelogic DOORS 8.3
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{217561B1-75F4-4FE0-BF0F-5B077E4B7C27}" = NI LabVIEW 8.6 Examples
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{244EB695-9A5C-4625-8777-BCA1ACC83E27}" = Enabling SMARTEAM in .NET 2.0 environment
"{24B7F9A4-4FA8-437A-8289-2E473E7B4B53}" = NI Logos 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{297BDF30-471F-4E8C-9C05-09C3882300CD}" = NI LabWindows/CVI 8.1.1 Run-Time Engine
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CA542BC-E002-4064-84DB-49B3E558A26D}" = NI LabVIEW Run-Time Engine 8.6
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FE50CEF-94F7-4B3E-9C63-107C022ACCA2}" = NI LabVIEW 8.6 License
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31D97B83-B350-4963-9E66-485711792BB6}" = NI Assistant Framework
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3CBD90A7-D07E-493C-AB65-6AF205E614A0}" = NI LabVIEW 8.6 MeasAppChm File
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DC39FD3-6453-455B-9727-B8FD15000CEF}" = UltraEdit 14.10
"{3F99A228-0BBD-40B6-8AEB-A6F689688969}" = NI LabWindows/CVI Code Generator
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A7F0806-FA7A-4D0A-82E1-93EFCD5CA164}" = NI Assistant Framework LabVIEW 8.6 Support
"{4D0918D4-1046-47B9-9A8E-53778E84C511}" = NI MXS
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4F42CCF8-B3A7-41B9-9875-1083CB62BAFA}" = NI Variable Engine
"{50F88190-99D8-4BE3-9D96-B80C6A60A5D1}" = NI Portable Configuration
"{51065952-A485-4AA5-8884-2E093B3C6206}" = Microsoft Windows Services for UNIX
"{5107C9DC-43B2-4A84-9F3F-725C65108221}" = NI USI 1.5.1
"{51A6EDD9-CC43-4BF2-9210-4EBDF38C618A}" = NI MAX LabVIEW Support
"{52393FB0-79B6-4F01-8C85-62E35D3312D1}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59939D1F-953D-4F78-8707-2DB5F9DCABED}" = NI-DAQmx - LabVIEW shared documentation
"{59D81E1A-0557-4C3E-AE04-A5E625951118}" = NI LabVIEW 8.6 Deployment Framework
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D23734B-6D69-44DF-9014-C4F70FB82B1E}" = NI Measurement & Automation Explorer 4.5
"{5DD3139C-F37C-4DA5-A994-ED0ACA622C39}" = NI LabVIEW 8.6 WWW
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61C9A5EF-19A6-439F-BD48-5340BC10E4EC}" = NI EULA Depot
"{63E5B6C7-E565-43D5-8368-B64A23E6BCD1}" = NI Variable Engine LabVIEW 8.6 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65F9B90C-F705-468C-8CD2-01C086F871E9}" = NI LabVIEW Deployable License 8.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6713539F-43AB-4F2E-AAC5-54BF46408A17}" = NI LabVIEW 8.6 User.lib
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6991DAF8-91DB-4EA4-8D80-04789C646B66}" = NI Logos XT Support
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6F769B5E-17FE-45FC-B316-866869DD2E27}" = NI LabVIEW 8.6 Simulation
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{70F0DCA7-0B32-4EC7-9AEF-96033A779836}" = NI LabVIEW 8.6 Project
"{726C8445-8CBB-4A92-851F-660BAED4D604}" = NI LabVIEW 8.6 VI.lib
"{73C53B05-C23F-4E15-AD34-10BCEB7DEC58}" = Apollo Loop Calculator
"{7557CD26-31B9-42AB-9263-B3C485AD201A}" = NI Distributed System Manager
"{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007
"{77F29E62-CEE0-44A5-932A-B69813C853EB}" = NI Measurement Studio MAX Configuration Support for VS2005
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{806580F0-A2CF-44F3-8B15-3166D028F6FD}" = SMARTEAM - Editor
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{863016A2-F945-4F8F-8AAB-76D14951BBD9}" = RF-SMART for OneWorld
"{87F52851-470E-48D9-AE00-B8EE2D65BDC2}" = NI LabVIEW Merge Utility 8.6.0
"{8A64016B-5822-44B4-82E0-65E052C8683F}" = NI LabVIEW Web Server
"{8D5BB34F-54A7-40D7-8712-F78ADC5336CB}" = NI LVBrokerAux 8.6.0
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B0CFC5C-99C3-4859-87EF-C7E56A531D78}" = NI Remote PXI Provider for MAX
"{9B7DE025-A6AF-446B-86BE-3BD9604B498A}" = Sonic Foundry ACID 4.0e
"{9C7F62C5-03E8-409F-A7E4-F51E2AE15AD4}" = NI LabVIEW Web Server for Run-Time Engine
"{9CE48FF2-D311-4B61-A086-7F0D8C22DA11}" = NI LabVIEW Real-Time NBFifo
"{9CED85C4-6316-45CD-8B92-3775C27D9466}" = NI MXS 4.5.0f0 for LabVIEW Real-Time
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3370DAC-E7A9-4843-B84C-31EF654A5938}" = NI Example Finder 8.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4AAFE37-4DA2-4F38-9A50-6003F2494096}" = LabVIEW Web Services
"{A52BFE95-969C-4FEF-B455-BE0F6E9CF126}" = NI Service Locator
"{A760668E-EA7B-421D-B770-4D071F87F82E}" = NI OPC Support
"{A82D8A98-7C9A-435C-9DD5-CC0901AB3F0B}" = NI License Manager
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACE8D32F-1365-4442-A956-9EC1719E79FF}" = NI Instrument IO Assistant for LabVIEW 8.6
"{AE47B3A0-6895-4552-9B5A-A56AA90799E8}" = NI LabVIEW 8.6 Menus
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2A28DB4-3423-4BF6-A800-D9B1442A5C93}" = NI LabVIEW Web Services Runtime
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B82FFD5A-4607-47F7-B5E7-4BCD85B12B92}" = NI LabVIEW 8.6 Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"{BC520820-FFB2-435B-9630-034569D100C8}" = NI Light Weight PSP Control Environment
"{BF682781-39CD-4700-B52A-51D48D3D2D5A}" = NI LabVIEW 8.6 Resource
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15E9A95-652B-4A37-8829-53C0593613E2}" = NI LabVIEW 8.6 gMath
"{C1B34503-2ECA-41F5-B0F6-712A5977906C}" = NI LabVIEW 8.6 iMath
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{C3A9861F-D0CC-4486-9316-CF945BCEFE43}" = NI LabVIEW 8.6 Templates
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4200803-B0DB-41AC-8573-B05498BF3842}" = NI Uninstaller
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFB0F311-C051-4760-A64A-12CA2609E91A}" = NI TDMS
"{CFF2AF40-7799-4BB8-AFF9-88FE6350A31C}" = NI DataSocket 4.6.0
"{D279F25D-AB71-42AA-AC97-0921E796C59E}" = NI LabVIEW 8.6
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D4C63BBB-D9DC-463F-A235-91B0233E3DF2}" = NI LabVIEW 8.6 Applibs
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DA735A4B-1FF3-46AC-BBEF-717927B6B3FC}" = NI LabVIEW 8.6 Help File
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DC282383-CD5E-4805-8517-80C8E00C7409}" = NI LabVIEW 8.6 Instr.lib
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E4637ACC-37D1-47F5-911B-01C38D3E6399}" = NI-RPC 4.0.0f0 for Phar Lap ETS
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F30A86E1-6A82-4D9C-870F-7A81D999C405}" = NI Software Provider for MAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD3730F0-977F-47B7-8DD4-8E672CE4ED0C}" = NI LabVIEW Broker
"{FE159BC0-1D40-449B-A0AE-CB4F642CF3DC}" = NI-RPC 4.0.0f0
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"AudioBurst" = AudioBurst FX Engine
"BSPlayerf" = BS.Player FREE
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON Printer and Utilities" = EPSON Printer Software
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20E46ECE-1207-4236-8A0D-060406070547}" = Telelogic DOORS 8.3
"InstallShield_{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"LimeWire" = LimeWire 5.2.13
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"RazorPC" = RazorPC(Clients: Issues,Versions,Threads)
"RazorSCC" = RazorSCC(3rd party IDE integration)
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2010 8:50:34 PM | Computer Name = L-MSSI-53CPWG1 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 3/8/2010 12:19:53 AM | Computer Name = L-MSSI-53CPWG1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/8/2010 12:19:54 AM | Computer Name = L-MSSI-53CPWG1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 3/8/2010 12:19:54 AM | Computer Name = L-MSSI-53CPWG1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 3/8/2010 12:20:03 AM | Computer Name = L-MSSI-53CPWG1 | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 3/8/2010 12:20:03 AM | Computer Name = L-MSSI-53CPWG1 | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 3/8/2010 12:20:14 AM | Computer Name = L-MSSI-53CPWG1 | Source = Interix | ID = 1014
Description = Could not connect to Mapping Server at host localhost:while connecting
:
RPC: Port mapper failure - RPC: Unable to receive

Error - 3/8/2010 12:20:41 AM | Computer Name = L-MSSI-53CPWG1 | Source = UserInit | ID = 1000
Description = Could not execute the following script URLs.bat. The system cannot
find the file specified. .

Error - 3/8/2010 12:24:16 AM | Computer Name = L-MSSI-53CPWG1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/8/2010 12:24:19 AM | Computer Name = L-MSSI-53CPWG1 | Source = LoadPerf | ID = 3006
Description = Unable to read the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

[ System Events ]
Error - 3/7/2010 9:01:24 PM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 3/7/2010 9:31:24 PM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 3/7/2010 10:31:24 PM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 3/8/2010 12:19:53 AM | Computer Name = L-MSSI-53CPWG1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MAESIMI due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 3/8/2010 12:19:53 AM | Computer Name = L-MSSI-53CPWG1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 3/8/2010 12:20:13 AM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 3/8/2010 12:20:13 AM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 3/8/2010 12:20:21 AM | Computer Name = L-MSSI-53CPWG1 | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 3/8/2010 12:20:21 AM | Computer Name = L-MSSI-53CPWG1 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/8/2010 12:35:15 AM | Computer Name = L-MSSI-53CPWG1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >


OTL logfile created on: 3/7/2010 8:28:52 PM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\jcarter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 5.73 Gb Free Space | 15.37% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.12 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 791.89 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-MSSI-53CPWG1
Current User Name: jcarter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
PRC - [2010/02/19 22:45:26 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/19 22:45:22 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/11 09:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2008/06/17 16:38:28 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2008/06/17 16:38:16 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2008/06/17 16:38:08 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2008/06/17 15:21:50 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/02 15:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/07/30 22:54:38 | 002,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/20 16:48:00 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/07/20 16:30:28 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/12/18 15:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/27 20:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/28 21:08:46 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2004/03/01 13:46:10 | 000,522,800 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PSXSS.EXE
PRC - [2003/11/08 11:49:42 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\zzInterix
PRC - [2003/11/08 11:49:38 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\inetd
PRC - [2003/11/08 11:49:38 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\init
PRC - [2003/11/08 11:49:36 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\cron
PRC - [2003/11/08 11:45:14 | 000,066,480 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PSXRUN.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 22:45:22 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/30 13:39:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/11 09:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/06/17 16:38:28 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/06/17 16:38:16 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/06/17 16:38:08 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2008/06/17 15:21:50 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/06/12 17:12:40 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2008/04/02 15:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 05:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/10/14 02:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2003/11/08 11:46:12 | 000,047,536 | R--- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\SFU\common\cron.exe -- (CronService)
SRV - [2003/11/08 11:45:14 | 000,066,480 | R--- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\PSXRUN.EXE -- (zzInterix)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/02/16 01:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100226.006\navex15.sys -- (NAVEX15)
DRV - [2010/02/16 01:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100226.006\naveng.sys -- (NAVENG)
DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/20 18:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/27 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/03/11 08:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/07 12:05:11 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/07 12:05:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/09/26 01:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/11 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/06/02 14:41:06 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/24 14:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 13:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/26 10:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/03/01 16:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/20 17:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/08 11:45:14 | 000,006,128 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PSXDRV.SYS -- (PsxDrv)
DRV - [2003/11/08 11:42:38 | 000,055,872 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rpcxdr.sys -- (RpcXdr)
DRV - [2003/11/08 11:42:38 | 000,035,072 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\portmap.sys -- (Portmap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://itdept/issuetrak
IE - HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/02/19 09:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 16:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/03/01 16:49:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1261091132951 (WUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.lyonsmfg.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} http://oneworld:81/jde/axctls/jdewebctls.cab (JDEWebRTFEdit Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEA985BB-7945-11D4-97AF-0006297090B0} http://oneworld:81/jde/axctls/jdeexpimp.cab (JDEExcelAuto Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercall.webex.com/client/T26L10NS...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rvam1-jfk.globalcrossing.net/dana-c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maesimi.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - C:\Projects\Personal\tropical_sunset_Space_Dual_3200x1200.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 14:32:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/02 04:13:21 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/29 06:16:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 20:27:55 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
[2010/03/07 20:17:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/04 16:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\FSCU Images
[2010/03/03 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/02 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/02 12:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/02 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/03/01 16:26:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/01 16:24:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/01 16:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/01 16:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/01 16:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/01 16:23:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/01 16:23:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/28 16:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\TMRBLog
[2010/02/28 16:33:13 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/28 16:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\log
[2010/02/28 16:30:47 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\jcarter\Desktop\cwshredder.exe
[2010/02/28 15:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/27 13:29:40 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\jcarter\Desktop\TDSSKiller.exe
[2010/02/27 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/27 01:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/19 22:46:53 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/19 21:53:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/19 21:01:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/19 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/19 21:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/19 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/02/19 05:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/18 16:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/18 16:40:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/02/18 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/18 13:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Malwarebytes
[2010/02/18 12:55:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 12:55:44 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 12:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 12:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/18 11:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Sun
[2010/02/17 16:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Help
[2010/02/06 17:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\LimeWire
[2010/02/06 02:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Auslogics
[2009/09/14 11:09:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/18 01:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/02/29 14:32:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
[2010/03/07 20:22:38 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/07 20:21:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/07 20:20:53 | 000,250,783 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/07 20:20:53 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/07 20:20:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 20:19:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 20:19:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/03/07 20:18:34 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\jcarter\NTUSER.DAT
[2010/03/07 20:17:07 | 000,154,657 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\tdsskiller.zip
[2010/03/07 20:15:30 | 000,250,783 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/03/07 16:30:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\oliwbhly.exe
[2010/03/07 16:25:59 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\RSIT.exe
[2010/03/05 17:13:03 | 000,000,520 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/04 11:38:37 | 000,001,488 | ---- | M] () -- C:\WINDOWS\Razor.ini
[2010/03/04 09:41:57 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 02:11:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jcarter\ntuser.ini
[2010/03/03 16:36:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/02 16:15:22 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Smoke Test.doc
[2010/03/01 16:50:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 16:49:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 16:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/01 16:22:38 | 003,875,750 | R--- | M] () -- C:\Documents and Settings\jcarter\Desktop\ComboFix.exe
[2010/03/01 11:59:08 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 16:33:13 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/28 16:30:48 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\jcarter\Desktop\cwshredder.exe
[2010/02/28 15:57:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\HijackThis.lnk
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\jcarter\Desktop\TDSSKiller.exe
[2010/02/26 18:14:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wsorulasej.dat
[2010/02/26 16:14:53 | 001,104,508 | -H-- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\IconCache.db
[2010/02/26 16:04:43 | 000,320,000 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\me.mpp
[2010/02/26 14:23:32 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.xls
[2010/02/26 14:18:23 | 002,731,008 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.mpp
[2010/02/26 14:12:20 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Book1.xls
[2010/02/26 13:42:49 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Testing Effort.mpp
[2010/02/26 08:26:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vkezodobuvogep.bin
[2010/02/24 12:03:07 | 000,009,246 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 15:47:06 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\DCTT.xls
[2010/02/21 18:28:13 | 000,000,307 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/20 14:57:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\housecall.guid.cache
[2010/02/19 22:46:53 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/19 22:46:43 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/19 20:09:49 | 000,000,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 20:17:05 | 000,154,657 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\tdsskiller.zip
[2010/03/07 16:30:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\oliwbhly.exe
[2010/03/07 16:25:56 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\RSIT.exe
[2010/03/02 16:48:55 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Smoke Test.doc
[2010/03/01 16:26:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/01 16:26:40 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/01 16:24:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/01 16:24:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/01 16:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/01 16:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/01 16:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/01 16:22:38 | 003,875,750 | R--- | C] () -- C:\Documents and Settings\jcarter\Desktop\ComboFix.exe
[2010/03/01 11:59:23 | 000,013,932 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\A0x8Vs
[2010/03/01 11:59:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 15:57:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\HijackThis.lnk
[2010/02/28 13:44:10 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/26 16:04:43 | 000,320,000 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\me.mpp
[2010/02/26 14:19:33 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.xls
[2010/02/26 14:18:23 | 002,731,008 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.mpp
[2010/02/26 13:42:48 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Testing Effort.mpp
[2010/02/26 08:46:08 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Book1.xls
[2010/02/23 14:31:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\DCTT.xls
[2010/02/22 16:01:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/22 15:55:54 | 000,250,783 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/22 15:55:53 | 000,250,783 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/22 15:55:47 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/02/22 15:55:43 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/22 13:00:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wsorulasej.dat
[2010/02/22 13:00:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vkezodobuvogep.bin
[2010/02/20 14:57:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\housecall.guid.cache
[2010/02/19 21:02:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/19 20:09:23 | 000,000,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/12/19 17:59:14 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/03/23 08:15:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/26 17:36:34 | 000,115,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/24 13:53:48 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\mcs.rma
[2009/01/24 13:53:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\7605C7
[2008/12/27 19:28:45 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/12/15 19:04:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/15 19:04:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\PnkBstrK.sys
[2008/12/15 19:03:50 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/14 05:19:30 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 12:05:11 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/07 12:05:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/29 16:55:57 | 000,001,488 | ---- | C] () -- C:\WINDOWS\Razor.ini
[2008/07/29 13:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/06/13 14:47:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2008/04/07 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2008/03/28 15:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/29 18:11:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/29 17:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/29 17:09:49 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/29 16:44:14 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/09 13:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/13 18:00:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/02/28 04:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/26 13:28:28 | 000,023,037 | ---- | C] () -- C:\WINDOWS\avx.ini
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/04 11:04:30 | 000,033,131 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2006/02/28 04:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2006/02/28 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 08 March 2010 - 01:13 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} http://oneworld:81/jde/axctls/jdewebctls.cab (JDEWebRTFEdit Control)
    O16 - DPF: {DEA985BB-7945-11D4-97AF-0006297090B0} http://oneworld:81/jde/axctls/jdeexpimp.cab (JDEExcelAuto Control)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/bejeweled...ploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rvam1-jfk.globalcrossing.net/dana-c...SetupClient.cab (JuniperSetupClientControl
    O32 - AutoRun File - [2010/03/02 04:13:21 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
    [2010/02/26 18:14:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wsorulasej.dat
    [2010/02/26 08:26:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vkezodobuvogep.bin
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.



Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\syscorecfg256.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Virustotal link.

Thanks

unite.jpg


#7 asherrswift

asherrswift
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 08 March 2010 - 02:47 AM

All processes killed
========== OTL ==========
Unable to set value : HKU\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry value HKEY_USERS\S-1-5-21-930775291-1011467947-637194653-5011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-930775291-1011467947-637194653-5011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
File 1O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} http://oneworld:81/jde/axctls/jdewebctls.cab not found.
Starting removal of ActiveX control {DEA985BB-7945-11D4-97AF-0006297090B0}
C:\WINDOWS\Downloaded Program Files\jdeexpimp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DEA985BB-7945-11D4-97AF-0006297090B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA985BB-7945-11D4-97AF-0006297090B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DEA985BB-7945-11D4-97AF-0006297090B0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DEA985BB-7945-11D4-97AF-0006297090B0}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Starting removal of ActiveX control {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
C:\WINDOWS\Downloaded Program Files\JuniperSetupClient.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
F:\autorun.inf moved successfully.
C:\WINDOWS\Wsorulasej.dat moved successfully.
C:\WINDOWS\Vkezodobuvogep.bin moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DisableNotifications"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: cpham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 575 bytes

User: david.krigman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 575 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 575 bytes

User: dqtruong
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 920 bytes

User: jcarter
->Temp folder emptied: 959473 bytes
->Temporary Internet Files folder emptied: 119352516 bytes
->Java cache emptied: 25921 bytes
->Flash cache emptied: 21906 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 22535681 bytes
->Java cache emptied: 26 bytes
->Flash cache emptied: 6989 bytes

User: NetworkService
->Temp folder emptied: 167672 bytes
->Temporary Internet Files folder emptied: 176818579 bytes
->Java cache emptied: 8712 bytes
->Flash cache emptied: 28114 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 7501 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91571711 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 36348 bytes

Total Files Cleaned = 395.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03072010_232619

Files\Folders moved on Reboot...
C:\Documents and Settings\jcarter\Local Settings\Temporary Internet Files\Content.IE5\R0IW2MJ4\iframe[1].htm moved successfully.
C:\Documents and Settings\jcarter\Local Settings\Temporary Internet Files\Content.IE5\75GNS31D\topic299283[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_844.dat not found!

Registry entries deleted on Reboot...


OTL logfile created on: 3/7/2010 11:32:07 PM - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\jcarter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.08 Gb Free Space | 16.33% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 37.12 Gb Free Space | 99.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 791.89 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: L-MSSI-53CPWG1
Current User Name: jcarter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
PRC - [2010/02/19 22:45:26 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/19 22:45:22 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/11 09:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2008/06/17 16:38:28 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2008/06/17 16:38:16 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2008/06/17 16:38:08 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2008/06/17 15:21:50 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/02 15:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/07/30 22:54:38 | 002,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/07/20 16:48:00 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/07/20 16:30:28 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2006/12/18 15:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/27 20:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/28 21:08:46 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2004/03/01 13:46:10 | 000,522,800 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PSXSS.EXE
PRC - [2003/11/08 11:49:42 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\zzInterix
PRC - [2003/11/08 11:49:38 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\inetd
PRC - [2003/11/08 11:49:38 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\init
PRC - [2003/11/08 11:49:36 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\SFU\usr\sbin\cron
PRC - [2003/11/08 11:45:14 | 000,066,480 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PSXRUN.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 22:45:22 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/30 13:39:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/27 14:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/11 09:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2008/06/17 16:38:28 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2008/06/17 16:38:16 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2008/06/17 16:38:08 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2008/06/17 15:21:50 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/06/12 17:12:40 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2008/04/02 15:29:48 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/11/07 07:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/11/06 14:07:32 | 000,008,656 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 05:29:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/10/14 02:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2003/11/08 11:46:12 | 000,047,536 | R--- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\SFU\common\cron.exe -- (CronService)
SRV - [2003/11/08 11:45:14 | 000,066,480 | R--- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\PSXRUN.EXE -- (zzInterix)


========== Driver Services (SafeList) ==========

DRV - [2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/02/16 01:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100226.006\navex15.sys -- (NAVEX15)
DRV - [2010/02/16 01:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100226.006\naveng.sys -- (NAVENG)
DRV - [2010/02/04 07:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/20 18:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/27 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/03/11 08:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/11/07 12:05:11 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/07 12:05:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/07 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/09/26 01:01:00 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/11 14:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/06/02 14:41:06 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/24 14:27:00 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/24 13:20:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/26 10:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/03/01 16:53:00 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/20 17:55:00 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/08 11:45:14 | 000,006,128 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PSXDRV.SYS -- (PsxDrv)
DRV - [2003/11/08 11:42:38 | 000,055,872 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rpcxdr.sys -- (RpcXdr)
DRV - [2003/11/08 11:42:38 | 000,035,072 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\portmap.sys -- (Portmap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://itdept/issuetrak
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


[2010/02/19 09:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 16:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/03/01 16:49:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1261091132951 (WUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.lyonsmfg.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} http://oneworld:81/jde/axctls/jdewebctls.cab (JDEWebRTFEdit Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWire...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercall.webex.com/client/T26L10NS...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maesimi.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 () - C:\Projects\Personal\tropical_sunset_Space_Dual_3200x1200.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 14:32:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/07 23:29:07 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/29 06:16:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 23:26:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/07 20:27:55 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
[2010/03/07 20:17:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/07 16:26:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/04 16:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\FSCU Images
[2010/03/03 16:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/03/02 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/02 12:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/02 12:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/03/01 16:26:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/01 16:24:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/01 16:24:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/01 16:24:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/01 16:24:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/01 16:23:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/01 16:23:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/28 16:33:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\TMRBLog
[2010/02/28 16:33:13 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/28 16:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Desktop\log
[2010/02/28 16:30:47 | 000,532,480 | ---- | C] (Trend Micro Incorporated) -- C:\Documents and Settings\jcarter\Desktop\cwshredder.exe
[2010/02/28 15:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/27 13:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/27 13:29:40 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\jcarter\Desktop\TDSSKiller.exe
[2010/02/27 01:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/27 01:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/19 22:46:53 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/19 21:53:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/19 21:01:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/19 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/19 21:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/19 19:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/02/19 05:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/18 16:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/18 16:40:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/02/18 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/18 13:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Malwarebytes
[2010/02/18 12:55:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 12:55:44 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 12:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 12:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/18 11:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/18 11:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Sun
[2010/02/17 16:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Help
[2010/02/06 17:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\LimeWire
[2010/02/06 02:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jcarter\Application Data\Auslogics
[2009/09/14 11:09:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/18 01:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/02/29 14:32:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/07 23:31:51 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/07 23:31:08 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/07 23:30:06 | 000,250,783 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/03/07 23:30:06 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/07 23:29:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 23:28:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 23:28:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 23:27:50 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\jcarter\NTUSER.DAT
[2010/03/07 23:25:14 | 000,250,783 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/03/07 20:27:57 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jcarter\Desktop\OTL.exe
[2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/03/07 20:17:07 | 000,154,657 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\tdsskiller.zip
[2010/03/07 16:30:41 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\oliwbhly.exe
[2010/03/07 16:25:59 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\RSIT.exe
[2010/03/05 17:13:03 | 000,000,520 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/04 11:38:37 | 000,001,488 | ---- | M] () -- C:\WINDOWS\Razor.ini
[2010/03/04 09:41:57 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 02:11:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jcarter\ntuser.ini
[2010/03/03 16:36:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/02 16:15:22 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Smoke Test.doc
[2010/03/01 16:50:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 16:49:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 16:26:44 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/01 16:22:38 | 003,875,750 | R--- | M] () -- C:\Documents and Settings\jcarter\Desktop\ComboFix.exe
[2010/03/01 11:59:08 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 16:33:13 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/28 16:30:48 | 000,532,480 | ---- | M] (Trend Micro Incorporated) -- C:\Documents and Settings\jcarter\Desktop\cwshredder.exe
[2010/02/28 15:57:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\HijackThis.lnk
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\jcarter\Desktop\TDSSKiller.exe
[2010/02/26 16:14:53 | 001,104,508 | -H-- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\IconCache.db
[2010/02/26 16:04:43 | 000,320,000 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\me.mpp
[2010/02/26 14:23:32 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.xls
[2010/02/26 14:18:23 | 002,731,008 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.mpp
[2010/02/26 14:12:20 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Book1.xls
[2010/02/26 13:42:49 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\Testing Effort.mpp
[2010/02/24 12:03:07 | 000,009,246 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 15:47:06 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\jcarter\Desktop\DCTT.xls
[2010/02/21 18:28:13 | 000,000,307 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/20 14:57:14 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\housecall.guid.cache
[2010/02/19 22:46:53 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/19 22:46:43 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/19 20:09:49 | 000,000,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 20:17:05 | 000,154,657 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\tdsskiller.zip
[2010/03/07 16:30:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\oliwbhly.exe
[2010/03/07 16:25:56 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\RSIT.exe
[2010/03/02 16:48:55 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Smoke Test.doc
[2010/03/01 16:26:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/01 16:26:40 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/01 16:24:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/01 16:24:10 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/01 16:24:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/01 16:24:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/01 16:24:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/01 16:22:38 | 003,875,750 | R--- | C] () -- C:\Documents and Settings\jcarter\Desktop\ComboFix.exe
[2010/03/01 11:59:23 | 000,013,932 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\A0x8Vs
[2010/03/01 11:59:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/02/28 15:57:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\HijackThis.lnk
[2010/02/28 13:44:10 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/26 16:04:43 | 000,320,000 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\me.mpp
[2010/02/26 14:19:33 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.xls
[2010/02/26 14:18:23 | 002,731,008 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\QUAL GROUP baseline schedule___2010-02-26.mpp
[2010/02/26 13:42:48 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Testing Effort.mpp
[2010/02/26 08:46:08 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\Book1.xls
[2010/02/23 14:31:11 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\jcarter\Desktop\DCTT.xls
[2010/02/22 16:01:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/22 15:55:54 | 000,250,783 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/02/22 15:55:53 | 000,250,783 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/02/22 15:55:47 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/02/22 15:55:43 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/20 14:57:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\housecall.guid.cache
[2010/02/19 21:02:01 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/19 20:09:23 | 000,000,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2009/12/19 17:59:14 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/03/23 08:15:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/01/26 17:36:34 | 000,115,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/24 13:53:48 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\mcs.rma
[2009/01/24 13:53:48 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\7605C7
[2008/12/27 19:28:45 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/12/15 19:04:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/15 19:04:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\jcarter\Application Data\PnkBstrK.sys
[2008/12/15 19:03:50 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/14 05:19:30 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\jcarter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 12:05:11 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/07 12:05:11 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/29 16:55:57 | 000,001,488 | ---- | C] () -- C:\WINDOWS\Razor.ini
[2008/07/29 13:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/06/13 14:47:30 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2008/04/07 09:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2008/03/28 15:49:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/29 18:11:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/02/29 17:09:49 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/29 17:09:49 | 000,000,307 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/29 16:44:14 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/09 13:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/13 18:00:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/02/28 04:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/26 13:28:28 | 000,023,037 | ---- | C] () -- C:\WINDOWS\avx.ini
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/07/04 11:04:30 | 000,033,131 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/17 15:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2010/03/07 20:18:53 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2006/02/28 04:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2006/02/28 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >




http://www.virustotal.com/analisis/fad5db8...a1c5-1268034332

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 08 March 2010 - 03:57 PM

Hi asherrswift,

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O32 - AutoRun File - [2010/03/07 23:29:07 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
    :Reg
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [purity]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.


Then please post back here with the following logs:
  • MBAM log
  • OTL results
  • New Rsit log.txt

Thanks

unite.jpg


#9 asherrswift

asherrswift
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 10 March 2010 - 08:42 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/9/2010 1:59:55 AM
mbam-log-2010-03-09 (01-59-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 309173
Time elapsed: 1 hour(s), 23 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


All processes killed
========== OTL ==========
F:\autorun.inf moved successfully.
========== REGISTRY ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: cpham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: david.krigman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dqtruong
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jcarter
->Temp folder emptied: 177570 bytes
->Temporary Internet Files folder emptied: 52932632 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1393 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 23216 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4924 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16063 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 708064 bytes

Total Files Cleaned = 51.00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03102010_173507

Files\Folders moved on Reboot...
C:\Documents and Settings\jcarter\Local Settings\Temporary Internet Files\Content.IE5\A88FM5FX\iframe[1].htm moved successfully.
C:\Documents and Settings\jcarter\Local Settings\Temporary Internet Files\Content.IE5\A88FM5FX\topic299283[1].htm moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7f4.dat not found!

Registry entries deleted on Reboot...


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 11 March 2010 - 06:05 PM

You haven't posted a new Rsit log, can you please post it, also can you tell me how the computer is running?

unite.jpg


#11 asherrswift

asherrswift
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 11 March 2010 - 11:25 PM

Whoops sorry. Computer seems to be running ok now. No more redirections or crashes of svchost. I say ok and not good because it seems to be really running slow now compared to before the attack.

Logfile of random's system information tool 1.06 (written by random/random)
Run by jcarter at 2010-03-11 20:22:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 3582 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:06 PM, on 3/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\inetd
C:\SFU\usr\sbin\cron
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
F:\World of Warcraft\BackgroundDownloader.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jcarter\Desktop\Cleanup\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jcarter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://itdept/issuetrak
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email06.secureserver.net/Download.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1261091132951
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.lyonsmfg.com/Remote/msrdp.cab
O16 - DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} (JDEWebRTFEdit Control) - http://oneworld:81/jde/axctls/jdewebctls.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.webex.com/client/T26L10NS...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maesimi.com
O17 - HKLM\Software\..\Telephony: DomainName = maesimi.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = maesimi.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = maesimi.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - C:\Projects\Personal\tropical_sunset_Space_Dual_3200x1200.jpg

--
End of file - 10988 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Visible\RazorPC\bin\Issues.exe"="C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:The problem tracking tool from the Razor suite"
"C:\Visible\RazorPC\bin\Versions.exe"="C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:This is the file-control tool from the Razor suite."
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe"="C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:DOORS"
"F:\World of Warcraft\Launcher.exe"="F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"F:\Program Files\Ventrilo\Ventrilo.exe"="F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe"="C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Disabled:Adobe Flash CS4 Professional"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"F:\World of Warcraft\BackgroundDownloader.exe"="F:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Visible\RazorPC\bin\Issues.exe"="C:\Visible\RazorPC\bin\Issues.exe:*:Enabled:razor_Issues"
"C:\Visible\RazorPC\bin\rzFrame.exe"="C:\Visible\RazorPC\bin\rzFrame.exe:*:Enabled:razor_rzFrame"
"C:\Visible\RazorPC\bin\Threads.exe"="C:\Visible\RazorPC\bin\Threads.exe:*:Enabled:razor_Threads"
"C:\Visible\RazorPC\bin\Versions.exe"="C:\Visible\RazorPC\bin\Versions.exe:*:Enabled:razor_Versions"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe"="C:\Program Files\Telelogic\DOORS_8.3\bin\doors.exe:*:Enabled:Doors"

======File associations======

.ini - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"
.js - edit -
.js - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"
.txt - open - "C:\Documents and Settings\jcarter\My Documents\UltraEdit\Uedit32.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-10 17:41:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-03-07 23:26:19 ----D---- C:\_OTL
2010-03-07 20:17:30 ----A---- C:\TDSSKiller.2.2.7.1_07.03.2010_20.17.30_log.txt
2010-03-07 20:17:15 ----SHD---- C:\RECYCLER
2010-03-07 16:26:15 ----D---- C:\rsit
2010-03-01 16:56:46 ----A---- C:\ComboFix.txt
2010-03-01 16:26:44 ----A---- C:\Boot.bak
2010-03-01 16:26:38 ----RASHD---- C:\cmdcons
2010-03-01 16:24:11 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-01 16:24:11 ----A---- C:\WINDOWS\MBR.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\zip.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWSC.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\SWREG.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\sed.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\PEV.exe
2010-03-01 16:24:10 ----A---- C:\WINDOWS\grep.exe
2010-03-01 16:23:52 ----D---- C:\WINDOWS\ERDNT
2010-03-01 16:23:19 ----AD---- C:\Qoobox
2010-02-28 15:57:24 ----D---- C:\Program Files\Trend Micro
2010-02-28 13:44:10 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-02-19 21:53:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-19 21:00:29 ----D---- C:\Program Files\Lavasoft
2010-02-19 21:00:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-19 19:58:21 ----D---- C:\Program Files\Common Files\iS3
2010-02-18 16:43:08 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-18 16:40:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-02-18 13:11:39 ----D---- C:\Documents and Settings\jcarter\Application Data\Malwarebytes
2010-02-18 12:55:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-18 12:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-18 11:11:55 ----D---- C:\Documents and Settings\jcarter\Application Data\Sun
2010-02-17 16:16:12 ----D---- C:\Documents and Settings\jcarter\Application Data\Help

======List of files/folders modified in the last 1 months======

2010-03-11 20:23:06 ----D---- C:\WINDOWS\Prefetch
2010-03-11 17:49:18 ----D---- C:\WINDOWS\Temp
2010-03-11 17:34:18 ----D---- C:\WINDOWS\system32
2010-03-11 17:32:13 ----SD---- C:\WINDOWS\Tasks
2010-03-11 17:30:35 ----D---- C:\MDT
2010-03-11 17:30:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 17:29:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-11 17:07:00 ----D---- C:\WINDOWS\security
2010-03-11 17:06:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 14:56:32 ----A---- C:\WINDOWS\Razor.ini
2010-03-11 09:19:37 ----D---- C:\WINDOWS
2010-03-09 12:02:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-07 20:19:00 ----D---- C:\WINDOWS\system32\drivers
2010-03-07 16:45:42 ----SHD---- C:\WINDOWS\CSC
2010-03-05 17:13:03 ----SHD---- C:\WINDOWS\Installer
2010-03-05 17:13:03 ----D---- C:\Config.Msi
2010-03-05 17:13:03 ----A---- C:\WINDOWS\ODBC.INI
2010-03-05 08:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-03-05 08:06:18 ----RD---- C:\Program Files
2010-03-01 16:50:10 ----A---- C:\WINDOWS\system.ini
2010-03-01 16:45:33 ----D---- C:\WINDOWS\system32\config
2010-03-01 16:39:45 ----D---- C:\WINDOWS\AppPatch
2010-03-01 16:39:45 ----D---- C:\Program Files\Common Files
2010-03-01 16:26:44 ----RASH---- C:\boot.ini
2010-03-01 16:23:15 ----D---- C:\Program Files\Symantec AntiVirus
2010-02-25 11:36:38 ----SD---- C:\Documents and Settings\jcarter\Application Data\Microsoft
2010-02-24 09:16:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-02-22 11:06:27 ----D---- C:\WINDOWS\Internet Logs
2010-02-22 11:06:16 ----HD---- C:\WINDOWS\inf
2010-02-21 18:28:13 ----A---- C:\WINDOWS\wininit.ini
2010-02-19 23:58:02 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-19 21:53:24 ----D---- C:\WINDOWS\WinSxS
2010-02-19 21:01:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-19 20:13:32 ----D---- C:\WINDOWS\Minidump
2010-02-19 19:58:36 ----D---- C:\Documents and Settings
2010-02-19 09:11:15 ----D---- C:\Program Files\Mozilla Firefox
2010-02-19 09:09:07 ----D---- C:\Program Files\BitTorrent
2010-02-18 23:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2010-02-18 23:05:17 ----SHD---- C:\System Volume Information
2010-02-18 23:05:17 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 22:54:49 ----D---- C:\WINDOWS\Registration
2010-02-18 14:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-18 12:34:48 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-14 15:52:50 ----D---- C:\Documents and Settings\jcarter\Application Data\BSplayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-07 278984]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2008-04-07 4096]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-07 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2009-03-11 23552]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-03-26 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100226.006\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100226.006\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 PsxDrv;PsxDrv; \??\C:\WINDOWS\system32\drivers\PSXDRV.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 Portmap;Portmap; \??\C:\WINDOWS\system32\drivers\portmap.sys []
S3 RpcXdr;RpcXdr; \??\C:\WINDOWS\system32\drivers\rpcxdr.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2009-03-11 611624]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-03-27 165160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-29 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-19 1229232]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2008-06-17 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2008-06-17 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2008-06-17 50736]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2008-04-02 12696]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2008-06-17 213552]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-11-06 8656]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2008-06-20 607848]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-15 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-15 103736]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [2007-05-10 94208]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 zzInterix;Interix Subsystem Startup; C:\WINDOWS\system32\PSXRUN.EXE [2003-11-08 66480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2008-06-12 1007616]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 CronService;Windows Cron Service; C:\SFU\common\cron.exe [2003-11-08 47536]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------




#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 12 March 2010 - 03:08 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:15 PM

Posted 17 March 2010 - 09:45 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users