Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups after Antivir Virus, DDS and GMER logs attached


  • This topic is locked This topic is locked
15 replies to this topic

#1 ccmail

ccmail

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 04 August 2010 - 04:38 PM

Hi,

Need help !!

I was infected with the antivir virus, managed to stop it running, removed it using, malware bytes,

I have run AVG 9.0, Malware Bytes, Super Antispyware, Lavasoft Adaware. I am scanning all the time and they sometimes find someting. I get popup tabs in both Firefox and IE.

Below is my DDS log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 22:19:15.80 on 04/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.126 [GMT 1:00]

AV: AVG Anti-Virus Business Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.co.uk
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Credential Manager for ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hpq\iam\bin\ItIeAddIN.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\MagicDisc.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\DVD Check.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\FLIR Camera Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Notify.lnk.disabled
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxp://192.168.1.51:8080/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {4850DA6B-CCB7-41DB-A92F-EF3E147C58A1} = 192.168.2.241
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0
LSA: Notification Packages = scecli AsWlnPkg
Hosts: 192.168.1.1 Jaycare.Alder.Net
Hosts: 192.168.1.170 JAYCARE
Hosts: 192.168.1.170 WADD_JAYCARE

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\f7qp4j28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - prefs.js: network.proxy.ftp - 192.168.1.241
FF - prefs.js: network.proxy.ftp_port - 800
FF - prefs.js: network.proxy.gopher - 192.168.1.241
FF - prefs.js: network.proxy.gopher_port - 800
FF - prefs.js: network.proxy.http - 192.168.1.241
FF - prefs.js: network.proxy.http_port - 800
FF - prefs.js: network.proxy.socks - 192.168.1.241
FF - prefs.js: network.proxy.socks_port - 800
FF - prefs.js: network.proxy.ssl - 192.168.1.241
FF - prefs.js: network.proxy.ssl_port - 800
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\f7qp4j28.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-23 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-23 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-23 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-23 243024]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 7tmapmem;7tmapmem;c:\windows\system32\drivers\7TMAPMEM.SYS [2002-6-20 4224]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
R2 CameraMonitor;FLIR Camera Monitor;c:\program files\flir systems\thermacam quickview 2\T3Srv.exe [2006-6-8 140896]
R2 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-11-23 86016]
R2 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-11-23 1065480]
R2 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-11-23 32768]
R2 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-11-23 850432]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-7-14 326488]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-23 79528]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S2 gupdate1c9d4ca310281e0;Google Update Service (gupdate1c9d4ca310281e0);c:\program files\google\update\GoogleUpdate.exe [2009-5-14 133104]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [2009-9-10 20992]
S3 IGSSCommDrvMgrV8;IGSS Communication Manager 8.00.00;c:\program files\7t\igss32\v8.0\gss\7tdrvmgr.exe [2009-9-17 38272]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-23 79528]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [2009-11-23 79528]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-07-26 20:18:08 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-07-25 21:33:06 0 d-----w- c:\windows\pss
2010-07-25 21:08:48 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-07-25 19:51:24 0 d-----w- C:\sh4ldr
2010-07-25 19:48:22 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-07-25 08:17:49 0 d-----w- c:\program files\CCleaner
2010-07-25 07:53:31 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-25 07:53:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 07:53:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 07:53:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-25 07:53:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 21:42:30 0 d-----w- c:\program files\Enigma Software Group
2010-07-17 21:39:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-17 21:39:04 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2010-07-17 21:38:48 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-07-17 21:37:16 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 21:10:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-07-14 07:18:25 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-06-26 20:43:12 67760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-25 07:07:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 07:07:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-25 07:05:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-09 11:10:48 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-04-10 02:11:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041020090411\index.dat

============= FINISH: 22:21:35.27 ===============

GMER kept crashing or freezing, I could only get it to run in safemode; log below

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-01 07:21:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugriqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

? nwfilter.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[644] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C
.text C:\WINDOWS\system32\svchost.exe[644] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\svchost.exe[644] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FF000A
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1036] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Thanks,

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 13 August 2010 - 07:04 AM

Hello ccmail

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 13 August 2010 - 01:04 PM

Hi kahdah,

Really appreciate the help and the work you guys do.

Please find below report for OTL, and Extra,

OTL logfile created on: 13/08/2010 18:34:01 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.84 Gb Total Space | 26.42 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.68 Gb Total Space | 6.42 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HPLAPTOP01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgupd.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)
PRC - C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe ()
PRC - C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe (FLIR Systems)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj02.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe File not found
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (IGSSCommDrvMgrV8) -- C:\Program Files\7T\IGSS32\V8.0\gss\7tdrvmgr.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH)
SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe ()
SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE ()
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (CameraMonitor) -- C:\Program Files\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe (FLIR Systems)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (Visual Studio Analyzer RPC bridge) -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found
DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
DRV - (EntDrv51) -- C:\WINDOWS\System32\drivers\EntDrv51.sys File not found
DRV - (IntelIde) -- C:\WINDOWS\system32\DRIVERS\intelide.sys ()
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (ncpvaxp) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFiltMP) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (NcpFilt) -- C:\WINDOWS\system32\drivers\ncpvaxp.sys (NCP Engineering GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (FLIRUSBNET) -- C:\WINDOWS\system32\drivers\FLIRUSB.sys (FLIR Systems)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (b57w2k) Broadcom NetLink ™ -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (7tmapmem) -- C:\WINDOWS\System32\drivers\7tmapmem.sys ()
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - prefs.js..network.proxy.ftp: "192.168.1.241"
FF - prefs.js..network.proxy.ftp_port: 800
FF - prefs.js..network.proxy.gopher: "192.168.1.241"
FF - prefs.js..network.proxy.gopher_port: 800
FF - prefs.js..network.proxy.http: "192.168.1.241"
FF - prefs.js..network.proxy.http_port: 800
FF - prefs.js..network.proxy.no_proxies_on: ", "
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.1.241"
FF - prefs.js..network.proxy.socks_port: 800
FF - prefs.js..network.proxy.ssl: "192.168.1.241"
FF - prefs.js..network.proxy.ssl_port: 800
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/05 00:05:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/08/17 22:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/21 20:27:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/20 20:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 23:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 20:36:04 | 000,000,000 | ---D | M]

[2009/04/10 22:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/04/10 22:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/12 10:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\extensions
[2010/05/04 21:56:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/25 15:43:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/29 21:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\extensions\TFToolbarX@torrent-finder
[2009/08/19 20:18:38 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\searchplugins\winamp-search.xml
[2010/08/13 16:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/25 09:43:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/28 11:34:17 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/07/23 03:09:38 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/23 03:09:38 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/07/23 03:09:38 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2003/07/14 23:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/07/19 10:32:35 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/02 00:53:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/19 10:32:43 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/07/19 10:32:31 | 000,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/07/25 15:43:09 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/23 01:29:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/05 00:01:47 | 000,412,174 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.1 Jaycare.Alder.Net
O1 - Hosts: 192.168.1.170 JAYCARE
O1 - Hosts: 192.168.1.170 WADD_JAYCARE
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 14245 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FLIR Camera Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Notify.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} http://192.168.1.51:8080/businessobjects/e...rintControl.cab (Crystal Reports Print Control 11.5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:43:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 00:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (12398509726629888)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/13 16:04:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/10 22:36:35 | 000,078,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsofile.dll
[2010/08/10 22:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nucleus Kernel VBA Password Recovery Demo
[2010/08/09 21:03:42 | 000,070,608 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2010/08/08 23:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Antimalware
[2010/07/31 21:15:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/26 21:18:08 | 000,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/25 22:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/25 20:48:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010/07/25 15:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/25 15:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/25 09:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/25 08:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/25 08:53:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 08:53:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 08:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 08:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/17 22:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/07/17 22:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/17 22:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010/07/17 22:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/07/17 19:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qarwacanp
[2010/07/17 19:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/16 08:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nasacort Info
[2010/07/15 21:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/15 21:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/15 19:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gxjggdtog
[2010/07/14 22:31:22 | 000,662,360 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer(2).exe
[2010/07/14 22:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\tumlfgamp
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/13 18:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/13 18:40:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/13 18:40:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/13 18:40:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/08/13 18:40:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/08/13 18:37:43 | 063,370,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/13 18:35:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/08/13 18:33:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/13 18:25:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 18:25:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/13 18:25:23 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/13 16:05:11 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/13 16:05:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/13 16:04:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/13 16:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\B3A7EFE291B46442.job
[2010/08/13 11:41:49 | 000,010,625 | ---- | M] () -- C:\WINDOWS\intellect.ini
[2010/08/13 11:41:37 | 000,021,745 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\top camera.dvtisys
[2010/08/13 11:41:25 | 000,010,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\top camera.dvtiprod
[2010/08/13 10:41:02 | 000,011,375 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Side Camera.dvtiprod
[2010/08/12 17:48:39 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\T5 fiitings.xls
[2010/08/12 17:47:24 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Portsmouth Lighting Upgrade.doc
[2010/08/12 17:13:49 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2010/08/12 16:56:18 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/12 06:50:38 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 00:40:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/12 00:38:10 | 000,585,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 00:38:10 | 000,502,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 00:38:10 | 000,092,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 16:20:52 | 000,001,296 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100811_162045.reg
[2010/08/11 15:56:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/11 13:50:15 | 000,119,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Portsmouth Light Replacement v2.pdf
[2010/08/10 23:08:01 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100810_230752.reg
[2010/08/10 23:07:25 | 000,006,858 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100810_230719.reg
[2010/08/10 20:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/10 17:30:53 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\F3 Lighting.xls
[2010/08/10 17:30:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Compressed Air Cold Intake Savings.doc
[2010/08/10 16:58:42 | 000,688,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Copy of Publication-List-March-2010.xls
[2010/08/10 16:55:42 | 000,336,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Energy_Motors.pdf
[2010/08/10 16:19:16 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 15:21:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\It is important when using the E Tracker energy logger when measuring 3 phase motors that the supply voltage reference plug is plugged into a mains supply.doc
[2010/08/10 14:25:12 | 000,372,911 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\enNOGEnergySavBro0.pdf
[2010/08/10 13:56:02 | 000,000,117 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/08/09 21:03:42 | 000,070,608 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2010/08/09 20:57:47 | 000,005,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelide.sys
[2010/08/09 14:03:15 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\data(3).csv
[2010/08/09 12:34:00 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\data.csv
[2010/08/09 11:50:02 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\data(2).csv
[2010/08/07 20:56:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 00:01:47 | 000,412,174 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/04 23:40:28 | 000,000,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100805-000147.backup
[2010/08/01 21:36:25 | 000,070,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\analysisReportViewer.xls
[2010/08/01 21:14:45 | 001,732,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TI-Energy%20-%20Staff%20Training-Energy%20management%20in%20plastics%20processing.pdf
[2010/08/01 20:58:35 | 003,413,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TI-Energy - Staff Training-Energy management in plastics processing.ppt
[2010/07/29 21:05:39 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100729_210534.reg
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 22:37:37 | 001,041,423 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\compressed_air_sourcebook.pdf
[2010/07/26 21:18:08 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2010/07/26 13:48:05 | 000,001,021 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/26 13:48:05 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/26 13:48:05 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/07/25 22:08:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/25 20:10:48 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 09:29:35 | 000,017,278 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100725_092916.reg
[2010/07/25 09:27:17 | 000,219,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100725_092653.reg
[2010/07/23 22:18:20 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Copy of load_dutyw.xls
[2010/07/23 20:52:24 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2-6934931892647314539-129f140f370.asx
[2010/07/22 20:38:51 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2-5588945246407635721-129d2973ab5.asx
[2010/07/20 22:30:20 | 000,029,321 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\comp_air_leaks.pdf
[2010/07/20 22:27:35 | 000,099,795 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\comp_air_cost.pdf
[2010/07/17 22:43:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/16 13:12:25 | 001,947,314 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DOC140710-006.pdf
[2010/07/15 15:44:39 | 000,820,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GEHO0310BRZG-e-e.pdf
[2010/07/14 22:31:18 | 000,662,360 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer(2).exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 18:40:59 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/13 11:41:37 | 000,021,745 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\top camera.dvtisys
[2010/08/13 11:41:25 | 000,010,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\top camera.dvtiprod
[2010/08/13 10:41:02 | 000,011,375 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Side Camera.dvtiprod
[2010/08/12 17:48:39 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\T5 fiitings.xls
[2010/08/12 16:56:18 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/12 15:11:47 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Portsmouth Lighting Upgrade.doc
[2010/08/11 16:20:47 | 000,001,296 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100811_162045.reg
[2010/08/11 13:50:15 | 000,119,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Portsmouth Light Replacement v2.pdf
[2010/08/10 23:13:56 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 23:07:54 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100810_230752.reg
[2010/08/10 23:07:22 | 000,006,858 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100810_230719.reg
[2010/08/10 16:58:42 | 000,688,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Copy of Publication-List-March-2010.xls
[2010/08/10 16:55:42 | 000,336,970 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Energy_Motors.pdf
[2010/08/10 16:28:15 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Compressed Air Cold Intake Savings.doc
[2010/08/10 14:25:12 | 000,372,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\enNOGEnergySavBro0.pdf
[2010/08/10 13:49:19 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\It is important when using the E Tracker energy logger when measuring 3 phase motors that the supply voltage reference plug is plugged into a mains supply.doc
[2010/08/09 17:23:50 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\F3 Lighting.xls
[2010/08/09 14:03:20 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\data(3).csv
[2010/08/09 12:34:02 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\data.csv
[2010/08/09 11:50:10 | 000,002,183 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\data(2).csv
[2010/08/08 21:03:56 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/08 21:03:55 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/08 21:03:54 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/08/01 21:36:43 | 000,070,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\analysisReportViewer.xls
[2010/08/01 21:14:44 | 001,732,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TI-Energy%20-%20Staff%20Training-Energy%20management%20in%20plastics%20processing.pdf
[2010/08/01 20:58:40 | 003,413,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TI-Energy - Staff Training-Energy management in plastics processing.ppt
[2010/08/01 07:35:19 | 938,921,984 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/29 21:05:37 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100729_210534.reg
[2010/07/26 22:37:37 | 001,041,423 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\compressed_air_sourcebook.pdf
[2010/07/26 13:48:04 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FLIR Camera Monitor.lnk.disabled
[2010/07/26 13:48:04 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
[2010/07/26 13:48:04 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk.disabled
[2010/07/25 22:08:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/07/25 20:10:48 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 09:29:17 | 000,017,278 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100725_092916.reg
[2010/07/25 09:26:59 | 000,219,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100725_092653.reg
[2010/07/23 22:18:17 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Copy of load_dutyw.xls
[2010/07/23 20:52:32 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2-6934931892647314539-129f140f370.asx
[2010/07/22 20:39:03 | 000,000,233 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2-5588945246407635721-129d2973ab5.asx
[2010/07/20 22:30:20 | 000,029,321 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\comp_air_leaks.pdf
[2010/07/20 22:27:35 | 000,099,795 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\comp_air_cost.pdf
[2010/07/17 22:43:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/07/16 13:12:25 | 001,947,314 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DOC140710-006.pdf
[2010/07/15 15:44:39 | 000,820,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GEHO0310BRZG-e-e.pdf
[2010/02/11 23:45:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\sysconfig.INI
[2009/12/23 00:53:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ECMonitoringLogger.INI
[2009/12/18 13:27:27 | 000,290,905 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2009/11/22 21:54:55 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/11/18 19:59:35 | 000,000,177 | ---- | C] () -- C:\WINDOWS\SmartLink.ini
[2009/09/28 10:37:32 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/04 21:01:37 | 000,000,216 | ---- | C] () -- C:\WINDOWS\IntellectEmulator.INI
[2009/09/04 20:58:59 | 000,010,625 | ---- | C] () -- C:\WINDOWS\intellect.ini
[2009/09/04 20:58:57 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\Wct32f.dll
[2009/09/04 20:58:57 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\Wrt32f.dll
[2009/09/04 20:58:57 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\Dvtcom.dll
[2009/09/04 20:58:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\HyperShare.dll
[2009/08/24 22:07:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/26 22:12:10 | 000,000,635 | ---- | C] () -- C:\WINDOWS\FESTO.INI
[2009/07/01 21:15:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/04/09 21:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/23 09:27:17 | 000,006,837 | ---- | C] () -- C:\WINDOWS\opera.ini
[2007/06/06 07:51:10 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007/06/06 07:49:26 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007/06/06 07:20:04 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2007/01/31 19:17:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/31 19:17:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/31 19:17:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/31 19:17:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/31 19:17:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/31 19:17:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/31 17:23:30 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2007/01/31 17:08:32 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/31 15:15:36 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2007/01/31 15:15:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\qxdaedrs.dll
[2007/01/31 15:15:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2007/01/31 15:15:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2007/01/31 15:15:11 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2007/01/31 15:15:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2007/01/31 15:15:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2007/01/31 15:15:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2007/01/31 15:15:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2007/01/31 15:15:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2007/01/31 15:13:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/01/31 15:13:35 | 000,000,268 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/01/31 15:09:48 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2007/01/05 14:06:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/01/05 14:06:02 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2007/01/05 14:05:46 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/01/05 14:05:34 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2007/01/05 14:05:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2007/01/05 14:05:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2007/01/05 14:04:58 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007/01/05 14:03:13 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2007/01/05 14:01:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2006/07/11 07:00:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/11 06:58:24 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/02/15 17:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 20:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/07 14:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 01:59:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelide.sys
[2004/07/09 17:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/06/01 10:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/20 12:34:30 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\7TMAPMEM.SYS
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 01:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 01:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2010/02/11 23:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\7T
[2009/10/06 13:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2009/12/11 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\boldplantitle
[2009/05/06 08:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DassaultSystemes
[2009/04/09 21:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DWGeditor
[2007/01/31 19:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2009/04/13 17:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/09/30 12:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\item
[2009/04/09 23:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/02/01 21:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mirkes.de
[2009/04/19 22:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2009/07/02 22:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/07/02 23:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2006/07/11 07:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2009/07/17 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\sldIM
[2009/09/10 11:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThermaCAM Connect 3
[2010/07/05 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/28 20:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebCompiler2
[2010/02/11 23:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7t
[2009/09/29 22:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/04/10 21:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/05/06 08:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/02/11 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DefDeskTop
[2007/01/31 19:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009/08/17 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/03 21:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License
[2009/05/23 20:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/07/02 22:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/09/19 20:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf-watermark-remover-wm
[2010/02/11 23:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RunDeskTop
[2010/07/17 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/04 20:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/19 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winlog
[2009/12/02 00:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/22 22:59:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/08/13 18:40:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/08/13 18:40:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/08/13 18:40:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/08/13 18:40:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/08/13 18:41:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/13 16:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\Tasks\B3A7EFE291B46442.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/13 18:25:20 | 000,011,420 | ---- | M] () -- C:\aaw7boot.log
[2010/07/17 22:43:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/07/26 13:48:05 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010/08/13 18:25:23 | 938,921,984 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/31 21:03:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/31 21:03:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2009/04/09 23:53:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/13 18:25:20 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2010/08/09 20:55:43 | 000,056,620 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_20.51.48_log.txt
[2010/08/09 21:05:50 | 000,054,688 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_09.08.2010_21.03.42_log.txt
[2007/01/31 15:07:15 | 000,000,546 | ---- | M] () -- C:\WT61CE.UWL
[2007/01/31 15:07:15 | 000,000,546 | ---- | M] () -- C:\WT61OZ.UWL
[2007/01/31 15:07:15 | 000,000,546 | ---- | M] () -- C:\WT61UK.UWL
[2007/01/31 15:07:15 | 000,008,198 | ---- | M] () -- C:\WT61US.UWL

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 06:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 06:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/07 06:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/25 08:05:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/06/01 21:35:48 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/06/25 08:07:45 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/08/09 20:57:47 | 000,005,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\intelide.sys
[2010/08/09 21:03:42 | 000,070,608 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\system32\drivers\klmd.sys
[2010/06/21 16:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/06/01 13:55:56 | 000,061,952 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp35z.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 13/08/2010 18:34:02 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 9.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.84 Gb Total Space | 26.42 Gb Free Space | 38.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.68 Gb Total Space | 6.42 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HPLAPTOP01
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\WINDOWS\system32\mstsc.exe" = C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection -- (Microsoft Corporation)
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Cognex\DVT\intellect141\Intellect.exe" = C:\Program Files\Cognex\DVT\intellect141\Intellect.exe:*:Enabled:DVT Intellect 1.4 User Interface Application -- (Cognex Corporation)
"C:\Program Files\Cognex\DVT\intellect141\intellectEmulator.exe" = C:\Program Files\Cognex\DVT\intellect141\intellectEmulator.exe:*:Enabled:IntellectEmulator -- (Cognex Corporation)
"C:\Program Files\DVT\SmartLink124\SmartLink.exe" = C:\Program Files\DVT\SmartLink124\SmartLink.exe:*:Enabled:SmartLink -- (DVT, Corporation)
"C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe" = C:\Program Files\WatchGuard\Mobile VPN\NCPMON.exe:*:Enabled:ncpmon.exe -- (NCP engineering GmbH)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DVT\Intellect121\Intellect.exe" = C:\Program Files\DVT\Intellect121\Intellect.exe:*:Enabled:DVT Intellect 1.2 User Interface Application -- (DVT Corporation)
"C:\Program Files\Cognex\DVT\intellect131\Intellect.exe" = C:\Program Files\Cognex\DVT\intellect131\Intellect.exe:*:Enabled:DVT Intellect 1.3 User Interface Application -- (Cognex Corporation)
"C:\Program Files\7T\IGSS32\V8.0\gss\dc.exe" = C:\Program Files\7T\IGSS32\V8.0\gss\dc.exe:*:Enabled:IGSS32 Data Collection module -- ()
"C:\Program Files\Cognex\DVT\intellect131\intellectEmulator.exe" = C:\Program Files\Cognex\DVT\intellect131\intellectEmulator.exe:*:Enabled:IntellectEmulator -- (Cognex Corporation)
"C:\Documents and Settings\Administrator\My Documents\Downloads\mod_RSsim_8_19\mod_RSsim.exe" = C:\Documents and Settings\Administrator\My Documents\Downloads\mod_RSsim_8_19\mod_RSsim.exe:*:Enabled:mod_RSsim protocol test simulator -- (Embedded Intelligence Limited)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0100A64F-7650-4580-9717-12F26CFF23CB}" = PrimoPDF
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{19CDDD43-B19A-4A26-A020-90F9225E2690}" = PowerPackPro
"{1C016A32-6BE3-475A-AA57-83195D07EE0C}" = GroupWise
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}" = SolidWorks Installation Manager
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 G2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 F1
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}" = HP Embedded Security for ProtectTools
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{559FAB96-A0CD-4105-A02F-1C21DEBCEF89}" = SolidWorks Explorer 2007 sp0
"{5783F2D7-7009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - English
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142130}" = Java 2 Runtime Environment, SE v1.4.2_13
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75FEB085-179F-4C85-B0E4-B517D2160750}" = eDrawings 2007
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADC27DB-E2C8-446C-A576-166C05C2DD24}" = HPSU306Stub
"{8DCAD415-02AD-4FD4-A1C2-20D76A1AD04F}" = IGSS32 8.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FCA50A-CF7D-457E-AF69-F058F8BC2844}" = SolidWorks 2007 SP0
"{9A57B8BC-F022-4C7A-A01C-E7C980354034}" = ThermaCAM QuickView 2
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BE2AFE1-617E-478F-9BE5-DABB63B4380A}" = COSMOSMotion 2007 SP0
"{9EEE2E92-B0E8-49A5-9B69-7A370F2781F4}" = Mobile Net Switch
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A0466DD7-F335-427E-BDE1-3CA371477E1F}" = Mod_RSsim
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AC76BA86-7AD7-2448-0000-705000000001}" = Adobe Reader Chinese Traditional Fonts
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 G1
"{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E}" = COSMOSWorks 2007 SP0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A98363-1DF2-4259-954D-33F7FFFC5187}" = ITP Tools Suite
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E05C9D01-CCED-4328-9EE0-0B6893087C6F}" = HP User Guides 0022
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B6
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E68C446D-D95A-4160-AC39-DE7062422985}" = OLYMPUS Master 2
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5125699-C01A-4ED8-BD3A-265DF29859FE}" = DWGeditor
"{F6187F55-C11A-49CC-A901-1F4755B0C063}" = ATI Catalyst Control Center
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{Nh66R3T8-BJt5-hq2U-yAM4-8ac7038K15kI}" = AIRMaster+
"{Nh66R3T8-BJt5-hq2U-yFy4-8ac7038K15kI}" = MotorMaster+ International
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AutoCAD LT 2009 - English" = AutoCAD LT 2009 - English
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"ClientAccessExpress" = IBM iSeries Access for Windows
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Document Creator_is1" = Document Creator OEM v2.22
"DVT intellect 1.2.1" = DVT intellect 1.2.1
"DVT SmartLink 1.2.4" = DVT SmartLink 1.2.4
"DVTParser" = DVTSID ActiveX Control 1.4.0
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"EngNet Tools_is1" = EngNet Tools 1.4.7.1
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"IBM Printer Software Uninstall" = IBM Printer Software Uninstall
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"intellect 1.3.1" = intellect 1.3.1
"intellect 1.4.1" = Cognex intellect 1.4.1
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"NCP RWS/GA" = WatchGuard Mobile VPN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Novell Client for Windows" = Novell Client for Windows
"PDF Watermark Remover_is1" = PDF Watermark Remover 1.0
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 6.0" = RealPlayer
"ST6UNST #1" = Handheld LPC Data Retrieval Software
"SWnD5-GPPW" = GX Developer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VGA USB Camera" = VGA USB Camera
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WETCable" = Windows Easy Transfer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winlog Lite" = Winlog Lite
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2010 09:52:01 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 13/08/2010 09:52:05 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 09:52:05 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 09:52:08 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 09:52:10 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 10:34:15 | Computer Name = HPLAPTOP01 | Source = Google Update | ID = 20
Description =

Error - 13/08/2010 13:41:32 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 13/08/2010 13:41:47 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 13/08/2010 13:41:48 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 13:42:01 | Computer Name = HPLAPTOP01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 13/08/2010 09:48:59 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 13/08/2010 09:48:59 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 13/08/2010 10:04:00 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 13/08/2010 10:04:00 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 13/08/2010 10:34:00 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 13/08/2010 10:34:00 | Computer Name = HPLAPTOP01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 13/08/2010 13:26:08 | Computer Name = HPLAPTOP01 | Source = Service Control Manager | ID = 7000
Description = The NCP Secure Client Virtual Adapter Driver service failed to start
due to the following error: %%2

Error - 13/08/2010 13:26:08 | Computer Name = HPLAPTOP01 | Source = Service Control Manager | ID = 7000
Description = The HASP License Manager service failed to start due to the following
error: %%2

Error - 13/08/2010 13:26:43 | Computer Name = HPLAPTOP01 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 13/08/2010 13:26:43 | Computer Name = HPLAPTOP01 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.


< End of report >



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 13 August 2010 - 01:24 PM

You are welcome smile.gif

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

=======================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 13 August 2010 - 03:02 PM

Combofix log as requsted:

ComboFix 10-08-12.03 - Administrator 13/08/2010 20:20:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.182 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Business Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\MYDOCU~1\sixsigma\BLACks~1.exe
c:\windows\system\VI30AUT.DLL
c:\windows\TEMP\logishrd\LVPrcInj02.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-10 21:36 . 2004-11-02 17:17 78088 ----a-w- c:\windows\system32\dsofile.dll
2010-08-10 21:36 . 2010-08-10 21:43 -------- d-----w- c:\program files\Nucleus Kernel VBA Password Recovery Demo
2010-08-09 20:03 . 2010-08-09 20:03 70608 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-07-26 20:18 . 2010-07-26 20:18 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-07-25 19:48 . 2010-08-11 15:07 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-07-25 14:44 . 2010-07-25 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-25 14:43 . 2010-07-25 14:43 -------- d-----w- c:\program files\NOS
2010-07-25 08:17 . 2010-07-29 19:59 -------- d-----w- c:\program files\CCleaner
2010-07-25 07:53 . 2010-07-25 07:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-25 07:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 07:53 . 2010-07-25 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-25 07:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 07:53 . 2010-07-25 07:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 21:42 . 2010-07-17 21:42 -------- d-----w- c:\program files\Enigma Software Group
2010-07-17 21:39 . 2010-07-17 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 21:38 . 2010-07-18 05:57 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-07-17 21:10 . 2010-07-25 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-17 18:31 . 2010-07-21 21:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\qarwacanp
2010-07-15 18:00 . 2010-07-15 20:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\gxjggdtog
2010-07-14 21:08 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\tumlfgamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 17:35 . 2009-11-27 21:31 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-08-11 16:28 . 2010-06-29 09:58 233624 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-09 19:57 . 2004-08-04 00:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-08-04 22:54 . 2009-11-22 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-04 19:36 . 2009-07-14 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-07-28 16:10 . 2009-09-20 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-25 14:44 . 2009-09-19 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-17 21:32 . 2010-01-30 21:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-15 17:49 . 2009-09-28 10:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-07-15 17:16 . 2009-09-28 10:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-07-05 21:34 . 2009-04-20 21:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-06-30 12:31 . 2004-08-04 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 11:44 . 2010-04-22 20:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-26 20:43 . 2010-06-26 20:43 67760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-25 07:07 . 2009-11-23 16:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 07:07 . 2010-06-25 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-25 07:05 . 2009-11-23 16:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-24 12:22 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-04 08:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 08:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-01 20:35 . 2009-11-23 16:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-21 13:14 . 2009-11-22 22:20 221568 ------w- c:\windows\system32\MpSigStub.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB912436$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 08:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-11-17 . 902CF9595F640E53F33C0F1637F464F9 . 171008 . . [5.1.2600.2567] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB888402$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 08:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 08:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 08:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065760]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk.disabled [2009-9-15 652]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-7-11 1757]
Bluetooth.lnk.disabled [2007-1-31 635]
DVD Check.lnk.disabled [2007-1-31 1714]
FLIR Camera Monitor.lnk.disabled [2009-11-23 2375]
Notify.lnk.disabled [2007-10-23 624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-08-31 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" LOGIN
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe"
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"Scheduler"=c:\windows\SMINST\Scheduler.exe
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"NWTRAY"=NWTRAY.EXE
"NcpRsuGui"="c:\program files\WatchGuard\Mobile VPN\rwsrsu.exe" -gui
"NcpPopup"="c:\program files\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
"NcpMonitor"="c:\program files\WatchGuard\Mobile VPN\ncpmon.exe" autorun
"NcpBudgetGui"="c:\program files\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
"hpWirelessAssistant"=c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PTHOSTTR"=c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"Recguard"=c:\windows\Sminst\Recguard.exe
"Reminder"=c:\windows\Creator\Remind_XP.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"WatchDog"=c:\program files\InterVideo\DVD Check\DVDCheck.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ayomclvb"=c:\documents and settings\NetworkService\Local Settings\Application Data\qarwacanp\bcwhdbwtssd.exe
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cognex\\DVT\\intellect141\\Intellect.exe"=
"c:\\Program Files\\Cognex\\DVT\\intellect141\\intellectEmulator.exe"=
"c:\\Program Files\\DVT\\SmartLink124\\SmartLink.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\WatchGuard\\Mobile VPN\\NCPMON.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DVT\\Intellect121\\Intellect.exe"=
"c:\\Program Files\\Cognex\\DVT\\intellect131\\Intellect.exe"=
"c:\\Program Files\\7T\\IGSS32\\V8.0\\gss\\dc.exe"=
"c:\\Program Files\\Cognex\\DVT\\intellect131\\intellectEmulator.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\mod_RSsim_8_19\\mod_RSsim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23/11/2009 17:36 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/11/2009 17:36 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/11/2009 17:36 243024]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29/11/2005 17:56 36768]
R2 7tmapmem;7tmapmem;c:\windows\system32\drivers\7TMAPMEM.SYS [20/06/2002 12:34 4224]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [25/06/2010 08:06 308136]
R2 CameraMonitor;FLIR Camera Monitor;c:\program files\FLIR Systems\ThermaCAM QuickView 2\T3Srv.exe [08/06/2006 12:58 140896]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
R2 ncpclcfg;ncpclcfg;c:\program files\WatchGuard\Mobile VPN\ncpclcfg.exe [23/11/2009 15:17 86016]
R2 ncprwsnt;ncprwsnt;c:\program files\WatchGuard\Mobile VPN\NCPRWSNT.EXE [23/11/2009 15:18 1065480]
R2 NcpSec;NcpSec;c:\program files\WatchGuard\Mobile VPN\NCPSEC.EXE [23/11/2009 15:17 32768]
R2 rwsrsu;RwsRsu;c:\program files\WatchGuard\Mobile VPN\rwsrsu.exe [23/11/2009 15:18 850432]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21/10/2005 12:19 36352]
R3 NcpFiltMP;NcpFiltMP;c:\windows\system32\drivers\ncpvaxp.sys [23/11/2009 15:18 79528]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate1c9d4ca310281e0;Google Update Service (gupdate1c9d4ca310281e0);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 20:28 133104]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
S3 FLIRUSBNET;FLIR USB Network Adapter;c:\windows\system32\drivers\FLIRUSB.sys [10/09/2009 11:22 20992]
S3 IGSSCommDrvMgrV8;IGSS Communication Manager 8.00.00;c:\program files\7T\IGSS32\V8.0\gss\7tdrvmgr.exe [17/09/2009 03:37 38272]
S3 NcpFilt;Ncp Filter Service;c:\windows\system32\drivers\ncpvaxp.sys [23/11/2009 15:18 79528]
S3 ncpvaxp;NCP Secure Client Virtual Adapter Driver;c:\windows\system32\drivers\ncpvaxp.sys [23/11/2009 15:18 79528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:04]

2010-08-13 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:04]

2010-08-13 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:04]

2010-08-13 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:04]

2010-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:04]

2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:28]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {4850DA6B-CCB7-41DB-A92F-EF3E147C58A1} = 192.168.2.241
DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxp://192.168.1.51:8080/businessobjects/enterprise115/desktoplaunch/viewers/crystalreportviewers115/ActiveXControls/PrintControl.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - prefs.js: network.proxy.ftp - 192.168.1.241
FF - prefs.js: network.proxy.ftp_port - 800
FF - prefs.js: network.proxy.gopher - 192.168.1.241
FF - prefs.js: network.proxy.gopher_port - 800
FF - prefs.js: network.proxy.http - 192.168.1.241
FF - prefs.js: network.proxy.http_port - 800
FF - prefs.js: network.proxy.socks - 192.168.1.241
FF - prefs.js: network.proxy.socks_port - 800
FF - prefs.js: network.proxy.ssl - 192.168.1.241
FF - prefs.js: network.proxy.ssl_port - 800
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f7qp4j28.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 20:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-344538253-2457631237-2003274760-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,c8,0c,88,34,67,3f,4e,bf,41,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,c8,0c,88,34,67,3f,4e,bf,41,1d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,c8,0c,88,34,67,3f,4e,bf,41,1d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5288)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\IFXSPMGT.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\windows\system32\mqsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\NWTRAY.EXE
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-08-13 20:50:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 19:50

Pre-Run: 28,340,404,224 bytes free
Post-Run: 30,534,893,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - B1737542D194072707BDD540B174920F


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 13 August 2010 - 05:53 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    [2010/07/25 20:48:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
    [2010/07/17 22:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    [2010/07/17 19:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\qarwacanp
    [2010/07/15 19:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gxjggdtog
    [2010/08/13 16:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\B3A7EFE291B46442.job
    [2009/12/11 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\boldplantitle
    [2010/03/19 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winlog

    :Files
    c:\documents and settings\Administrator\Local Settings\Application Data\tumlfgamp

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

Then from normal mode do the following.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========
Please click here to download Kaspersky Virus Removal Tool.
  1. Double click on the file you just downloaded and let it install.
  2. It will install to your desktop.
  3. After that leave what is selected and put a check next to My Computer.
  4. Click on the option that says Threat Detection and change it to Disinfect,delete if disinfection fails.
  5. Then click on Start Scan.
  6. Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  7. When the scan is done no log will be produced.
  8. Click on the bottom where it says Report to open the report.
  9. Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  10. This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  11. You can save this on the desktop.
  12. Post the contents of the document in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 14 August 2010 - 06:08 AM

Hello kahdah,

Please find below OTL, MBAM, and Kaspersky report logs,

OTL First:

All processes killed
========== OTL ==========
C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP folder moved successfully.
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP folder moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\qarwacanp folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\gxjggdtog folder moved successfully.
File C:\WINDOWS\tasks\B3A7EFE291B46442.job not found.
C:\Documents and Settings\Administrator\Application Data\boldplantitle folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-300 pompe polimero 1 e 2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-300 pompa polimero 3 e colore folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-100P-N estrusore polimero e testa folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-100P-N estrusore colore folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-100P-N discese 4,5 e vasche folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\R1-100P-N discese 1,2,3 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\olds folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\Legende folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template\Dynisco folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Programma.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Dynisco remote.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Configurazione PLC.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-300 pompe polimero 1 e 2.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-300 pompa polimero 3 e colore.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-100P-N estrusore polimero e testa.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-100P-N estrusore colore.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-100P-N discese 4 e 5 e vasche.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes\Conf. R1-100P-N discese 1, 2 e 3.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Raccolta\Status Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Raccolta\Background Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Raccolta folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Estrusore\Status Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Estrusore\Background Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Estrusore folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Configurazione folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Bobinatoio\Status Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Bobinatoio\Background Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps\Bobinatoio folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Yarn Plant Demo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Pipes Simulation folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\my test folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Instrument Demo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Recipes\103_Config.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Recipes\102_R2-50 Program.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Recipes\102_R2-50 Config.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Extruder Demo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Reports\Lotto di produzione folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Recipes\Ricette di produzione.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Ceramics Kiln folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Car Simulation folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\WebTemplate folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Vats folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Main folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Devices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Cip folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template\Alarms folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Template folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Reports\Trattamento folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Reports folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\Trattamenti.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\117_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\116_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\115_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\114_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\113_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\112_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\111_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\110_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\109_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\108_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\107_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\106_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\105_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\104_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\103_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\102_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes\101_R2-50B Configuration.rcf folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Recipes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Keyboard folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Gates folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\USER folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\STRING folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\RESTORE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\NUMERIC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\EVENTS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES\DIGITAL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\DBTABLES folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Code folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Charts folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build\Vats folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build\Main folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build\CIP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build\Buttons & bars folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\_Build folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Vats\VatBarButtons folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Vats folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\tasti folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Main\MainBarButtons folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Main folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Devices\R2-50B folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Devices\PLC folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Devices\LeftBarButtons folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Devices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Configuration\LeftBarButtons folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Cip folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Alarms\LeftBarButtons folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps\Alarms folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo\Bitmaps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects\Automatic Washing System Demo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog\Projects folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Winlog folder moved successfully.
========== FILES ==========
c:\documents and settings\Administrator\Local Settings\Application Data\tumlfgamp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35682 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78810539 bytes
->Flash cache emptied: 1514 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 458886 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 21884 bytes
%systemroot%\System32 .tmp files removed: 4459025 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109080 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08142010_080836

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_9ec.dat moved successfully.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MBAM Next:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4427

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/08/2010 09:47:37
mbam-log-2010-08-14 (09-47-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 264066
Time elapsed: 1 hour(s), 23 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and finally Kaspersky


Autoscan: completed 2 minutes ago (events: 6, objects: 371658, time: 01:53:22)
14/08/2010 10:01:36 Task started
14/08/2010 10:56:17 Detected: Trojan-Downloader.Win32.Homa.byi C:\Program Files\PDF Watermark Revmoer\PDFWMR.exe
14/08/2010 10:57:05 Deleted: Trojan-Downloader.Win32.Homa.byi C:\Program Files\PDF Watermark Revmoer\PDFWMR.exe
14/08/2010 11:34:01 Detected: Trojan-Downloader.Win32.Homa.byi C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0117402.exe
14/08/2010 11:38:19 Deleted: Trojan-Downloader.Win32.Homa.byi C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP557\A0117402.exe
14/08/2010 11:54:58 Task completed


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 14 August 2010 - 06:50 AM

This folder had a malware name :
C:\Documents and Settings\All Users\Application Data\Winlog

But it was for a program that you use?
Yarn Plant Demo

Is that something you need if so I will move it back.


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 14 August 2010 - 07:03 AM

Hi kahdah,

The program was winlog lite it was a free SCADA trial programme downloaded from http://www.sielcosistemi.com/

It was something I was looking a while ago, It,s not something I now use so If it has malware in it, I'm happy to have it deleted.


Thanks,





#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 14 August 2010 - 07:31 AM

HI I meant that it had a malware folder name but it had legitimate item's in it.
It itself isn't malware.
We will move it back.



Please go to Start>My computer then to C:\_OTL\Moved Files\Folder name is here\c\Documents and Settings\All Users\Application Data\Winlog
Right click on the Winlog folder and choose Cut.
Then close that location and then navigate to this location c:\Documents and Settings\All Users\Application Data\ and then paste the folder back in that location.

Sorry for the trouble that is a bad name for a programmer to use for a folder name.

Note the Folder name is here stands for the name of the folder that OTL creates it will be time and date that we ran it but it is multiple numbers.

Edited by kahdah, 14 August 2010 - 07:32 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 14 August 2010 - 07:53 AM

QUOTE(kahdah @ Aug 14 2010, 01:31 PM) View Post
Sorry for the trouble that is a bad name for a programmer to use for a folder name.


Is that not a bad mane for a malware programmer to use !!

I have moved the file back.

What next ?

Thanks,

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 14 August 2010 - 08:02 AM

QUOTE
Is that not a bad mane for a malware programmer to use !!
It is because a malware infection also creates a folder with the same name.
That is why I moved it originally.
Are you still getting popups?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 14 August 2010 - 08:13 AM

No more pops us or redirects, so everything looks good at the moment.

IE is now my default browser istead of Firefox.

Is it Ok to set Firefox back as my default browser ??

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:17 AM

Posted 14 August 2010 - 08:20 AM

Yes you can set that back to the default browser.


Please uninstall Adobe Reader 7.0.5 it is full of exploits and needs to be updated.
You can get the newest version from here > http://get.adobe.com/reader/
=======Cleanup
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
======Next======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
===============Update Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "(JRE) then click on it
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free 9.0
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 ccmail

ccmail
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 14 August 2010 - 12:10 PM

Thanks,

Everything cleaned and updated.

Thanks for the help.

This thread can be closed now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users