Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Infection rootkit.win32.tdss.tdl4


  • Please log in to reply
4 replies to this topic

#1 Lovansoft

Lovansoft

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2010 - 03:52 PM

I've got an infection that keeps coming back that redirects, causes pop-ups, and heaven knows what else!

I have AVG IS 9.0 for protection.
I've run: ESET's online scanner, Malwarebytes, SuperAntiSpy, and TDSSkiller. ESET found cleaned some stuff. MBAM keeps finding e-Clinincal Works (legit software), superantispy only finds cookies. TDSSkiller keeps finding rootkit.win32.tdss.tdl4. It cleans it out, reboots, and a new scan shows nothing. After a few minutes the problems happen again and a new scan with TDSSkiller finds it again.

I'm remote to the PC, but have access via VNC.

Here are my logs:
Malwarebytes' Anti-Malware 1.46
Database version: 5127
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
11/16/2010 2:41:02 PM
mbam-log-2010-11-16 (14-41-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 238507
Time elapsed: 2 hour(s), 26 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{7fd55de0-2f72-4438-87e3-a89ecea12c06} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{20606a46-712e-46cc-8e08-9e7f65a248b7} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{26ecc6ef-398e-44f6-afd1-71674cfaf2cf} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{3ba3929e-541c-46d2-81d9-3a7b3796855b} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{48b27580-4b95-460e-a798-97b946c977d9} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{58adf10c-6a1b-4a19-a2c8-a52e7ddfdd8a} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{5de6f525-d59f-45d0-8763-377bcda93a3d} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{99f4209d-b467-4ea5-b8ff-f65f78dcd887} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{a0bf7b17-92a9-42cc-8bfc-1abca33c56a6} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\Interface\{d24df956-a485-4185-923b-b26d4987fe4c} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{0ec7cea9-0ede-48c2-9f3c-530118fbbae4} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{6d0521ed-a3a2-47b7-980f-1a7ea7d9cb15} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{9e6c5dad-c1f8-4cca-8538-a5528de6ace5} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{a088b1dd-e9fd-4bf5-90c0-b6ae5d986961} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{adfe25f5-e687-4c6e-a148-2effb883befe} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{c7e4785f-a946-4c96-8356-45dbc9190493} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{ed1026c0-fef2-48ba-90f9-8130c1c6e672} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
HKEY_CLASSES_ROOT\CLSID\{eec5ab27-d023-4458-b097-84b42948bf38} (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\eClinicalWorks\ScanX.dll (Backdoor.Bot) -> Not selected for removal. (Points to e-clinical)
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP799\A0042293.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BB.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\152F.tmp (Rootkit.TDSS) -> Delete on reboot.





2010/11/16 15:34:31.0968 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/16 15:34:31.0968 ================================================================================
2010/11/16 15:34:31.0968 SystemInfo:
2010/11/16 15:34:31.0968
2010/11/16 15:34:31.0968 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/16 15:34:31.0968 Product type: Workstation
2010/11/16 15:34:31.0968 ComputerName: ADMINSTATION1
2010/11/16 15:34:31.0968 UserName: user
2010/11/16 15:34:31.0968 Windows directory: C:\WINDOWS
2010/11/16 15:34:31.0968 System windows directory: C:\WINDOWS
2010/11/16 15:34:31.0968 Processor architecture: Intel x86
2010/11/16 15:34:31.0968 Number of processors: 2
2010/11/16 15:34:31.0968 Page size: 0x1000
2010/11/16 15:34:31.0968 Boot type: Normal boot
2010/11/16 15:34:31.0968 ================================================================================
2010/11/16 15:34:32.0375 Initialize success
2010/11/16 15:34:33.0953 ================================================================================
2010/11/16 15:34:33.0953 Scan started
2010/11/16 15:34:33.0953 Mode: Manual;
2010/11/16 15:34:33.0953 ================================================================================
2010/11/16 15:34:34.0921 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/16 15:34:34.0937 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/16 15:34:35.0000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/16 15:34:35.0015 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/16 15:34:35.0031 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/16 15:34:35.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/16 15:34:35.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/16 15:34:35.0171 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/16 15:34:35.0171 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/16 15:34:35.0187 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/16 15:34:35.0203 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/16 15:34:35.0218 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/16 15:34:35.0250 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/16 15:34:35.0265 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/16 15:34:35.0312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/16 15:34:35.0312 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/16 15:34:35.0343 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/16 15:34:35.0343 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/16 15:34:35.0359 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/16 15:34:35.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/16 15:34:35.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/16 15:34:35.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/16 15:34:35.0546 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/16 15:34:35.0609 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/11/16 15:34:35.0625 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/11/16 15:34:35.0656 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/11/16 15:34:35.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/16 15:34:35.0718 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/16 15:34:35.0750 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/16 15:34:35.0765 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/16 15:34:35.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/16 15:34:35.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/16 15:34:35.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/16 15:34:35.0921 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/16 15:34:35.0937 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/16 15:34:35.0953 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/16 15:34:35.0984 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/16 15:34:36.0015 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
2010/11/16 15:34:36.0046 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/16 15:34:36.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/16 15:34:36.0156 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/16 15:34:36.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/16 15:34:36.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/16 15:34:36.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/16 15:34:36.0265 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/16 15:34:36.0281 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/16 15:34:36.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/16 15:34:36.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/16 15:34:36.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/16 15:34:36.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/16 15:34:36.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/16 15:34:36.0640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/16 15:34:36.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/16 15:34:36.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/16 15:34:36.0781 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/16 15:34:36.0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/16 15:34:36.0812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/16 15:34:36.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/16 15:34:36.0890 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/16 15:34:36.0906 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/16 15:34:36.0921 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/16 15:34:37.0406 ialm (42caa789a21014aa809a8ff59b3ccfd9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/16 15:34:37.0812 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/11/16 15:34:37.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/16 15:34:37.0968 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/16 15:34:38.0140 IntcAzAudAddService (1288fa08506e2053d0905e19bfa3df7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/16 15:34:38.0203 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/16 15:34:38.0265 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/16 15:34:38.0281 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/16 15:34:38.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/16 15:34:38.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/16 15:34:38.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/16 15:34:38.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/16 15:34:38.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/16 15:34:38.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/16 15:34:38.0562 KAPFA (9c3abc6d9cc915056f0918469f567975) C:\WINDOWS\system32\drivers\KAPFA.SYS
2010/11/16 15:34:38.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/16 15:34:38.0656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/16 15:34:38.0687 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/16 15:34:38.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/16 15:34:38.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/16 15:34:38.0828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/16 15:34:38.0843 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/16 15:34:38.0875 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/16 15:34:38.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/16 15:34:38.0921 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/16 15:34:38.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/16 15:34:39.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/16 15:34:39.0125 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/16 15:34:39.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/16 15:34:39.0171 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/16 15:34:39.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/16 15:34:39.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/16 15:34:39.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/16 15:34:39.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/16 15:34:39.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/16 15:34:39.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/16 15:34:39.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/16 15:34:39.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/16 15:34:39.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/16 15:34:39.0421 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/16 15:34:39.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/16 15:34:39.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/16 15:34:39.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/16 15:34:39.0671 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/16 15:34:39.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/16 15:34:39.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/16 15:34:39.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/16 15:34:39.0843 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/16 15:34:39.0859 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/16 15:34:39.0906 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/16 15:34:39.0921 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/16 15:34:39.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/16 15:34:40.0062 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
2010/11/16 15:34:40.0078 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
2010/11/16 15:34:40.0109 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/16 15:34:40.0125 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/16 15:34:40.0203 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/11/16 15:34:40.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/16 15:34:40.0281 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/16 15:34:40.0312 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/11/16 15:34:40.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/16 15:34:40.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/16 15:34:40.0375 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/16 15:34:40.0406 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/16 15:34:40.0421 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/16 15:34:40.0453 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/16 15:34:40.0468 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/16 15:34:40.0484 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/16 15:34:40.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/16 15:34:40.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/16 15:34:40.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/16 15:34:40.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/16 15:34:40.0609 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/16 15:34:40.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/16 15:34:40.0656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/16 15:34:40.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/16 15:34:40.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/16 15:34:40.0906 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/16 15:34:40.0921 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/16 15:34:40.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/16 15:34:41.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/16 15:34:41.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/16 15:34:41.0125 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/16 15:34:41.0203 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/16 15:34:41.0218 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/16 15:34:41.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/16 15:34:41.0281 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/16 15:34:41.0328 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/16 15:34:41.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/16 15:34:41.0390 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/16 15:34:41.0421 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/16 15:34:41.0437 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/16 15:34:41.0484 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/16 15:34:41.0515 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/16 15:34:41.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/16 15:34:41.0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/16 15:34:41.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/16 15:34:41.0687 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/16 15:34:41.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/16 15:34:41.0765 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/16 15:34:41.0843 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2010/11/16 15:34:41.0875 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2010/11/16 15:34:41.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/16 15:34:41.0953 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/16 15:34:42.0000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/16 15:34:42.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/16 15:34:42.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/16 15:34:42.0125 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/16 15:34:42.0156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/16 15:34:42.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/16 15:34:42.0203 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/16 15:34:42.0234 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/16 15:34:42.0250 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/16 15:34:42.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/16 15:34:42.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/16 15:34:42.0359 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/16 15:34:42.0468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/16 15:34:42.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/16 15:34:42.0625 yukonwxp (f44f7f71b3c84f8ee96c3bfd3915c25f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/11/16 15:34:42.0671 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/16 15:34:42.0671 ================================================================================
2010/11/16 15:34:42.0671 Scan finished
2010/11/16 15:34:42.0671 ================================================================================
2010/11/16 15:34:42.0687 Detected object count: 1
2010/11/16 15:41:04.0625 \HardDisk0 - will be cured after reboot
2010/11/16 15:41:04.0625 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/16 15:42:34.0031 Deinitialize success

Edited by boopme, 16 November 2010 - 05:02 PM.


BC AdBot (Login to Remove)

 


#2 Tingnome

Tingnome

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Duluth, Minnesota
  • Local time:10:46 AM

Posted 16 November 2010 - 03:56 PM

Hey can you run up a log through Hijackthis? Your logs really dont tell me much about what is going on I need some more information. When did this all start? Also if you looking for a fast solution I recommended getting a trial version of Kaspersky (its heavy but it kills and fixes EVERYTHING)

Cheers!

#3 Lovansoft

Lovansoft
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2010 - 04:01 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:00:46 PM, on 11/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\temp\KRlyCLis.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\twain_32\Fjscan32\ERG\FTErGuid.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\TRH3S218\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [FTPWRENV] C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KASHLKTCH912237873672496] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Error Recovery Guide.lnk = C:\WINDOWS\twain_32\Fjscan32\ERG\FTErGuid.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ppdi.com
O15 - Trusted Zone: ausoc.ppdi.com
O15 - Trusted Zone: ausoc02.ppdi.com
O15 - Trusted Zone: ausoc04.ppdi.com
O15 - Trusted Zone: ausoc06.ppdi.com
O15 - Trusted Zone: ausocd.ppdi.com
O15 - Trusted Zone: bruoc02.ppdi.com
O15 - Trusted Zone: bruoc06.ppdi.com
O15 - Trusted Zone: camoc.ppdi.com
O15 - Trusted Zone: camocd.ppdi.com
O15 - Trusted Zone: ctxgw.ppdi.com
O15 - Trusted Zone: rtpoc.ppdi.com
O15 - Trusted Zone: rtpoc02.ppdi.com
O15 - Trusted Zone: rtpoc04.ppdi.com
O15 - Trusted Zone: rtpoc06.ppdi.com
O15 - Trusted Zone: rtpoc08.ppdi.com
O15 - Trusted Zone: rtpocd.ppdi.com
O15 - Trusted Zone: *.ppdi.local
O15 - Trusted Zone: ctxgw.ppdi.local
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} (SharedSessionService Class) - http://portal.health-central.org/portal/applets/SharedSession.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223573527005
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657} (Oracle JInitiator 1.1.8.25) -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.sewanee.edu/activex/AxisCamControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3D4C1E8-B73D-4C35-B8EE-B8C755DE1045}: NameServer = 65.32.5.74,65.32.5.75
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Kaseya Agent (KALKTCH912237873672496) - Kaseya International Limited - C:\Program Files\Kaseya\Agent\AgentMon.exe
O23 - Service: Kaseya Security Service (KaseyaAVService) - Unknown owner - C:\Program Files\Kaseya\Agent\KasAVSrv.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 13517 bytes

Started happening yesterday, I think.

#4 Lovansoft

Lovansoft
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2010 - 05:50 PM

Here's the OTL Log:
OTL logfile created on: 11/16/2010 5:25:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.86 Gb Total Space | 112.86 Gb Free Space | 77.37% Space Free | Partition Type: NTFS

Computer Name: ADMINSTATION1 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 17:24:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/06/21 16:42:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 17:24:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/03 13:08:53 | 000,221,184 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kaseya\Agent\KasAVSrv.exe -- (KaseyaAVService)
SRV - [2010/06/21 16:42:57 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/25 10:10:00 | 000,806,912 | ---- | M] (Kaseya International Limited) [Auto | Stopped] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KALKTCH912237873672496)
SRV - [2009/07/25 00:32:34 | 001,492,344 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/12/02 12:06:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/11 22:44:38 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/07/11 22:38:44 | 000,569,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/07/11 21:19:00 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Stopped] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/23 22:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/06/21 16:42:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/31 17:17:34 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/04 18:10:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/26 15:07:28 | 000,013,824 | ---- | M] (Kaseya) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA)
DRV - [2008/09/04 11:11:52 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/09/04 11:11:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/04/29 03:00:00 | 000,288,896 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/14 02:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/22 03:41:34 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/17 23:08:56 | 005,779,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/22 17:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 02:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/11/27 19:25:14 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/10/11 19:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/02/11 15:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2003/01/10 15:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\WINDOWS\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\WINDOWS\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [KASHLKTCH912237873672496] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya International Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Error Recovery Guide.lnk = C:\WINDOWS\twain_32\Fjscan32\ERG\FTErGuid.exe (PFU LIMITED)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: ppdi.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ppdi.com ([*] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ausoc] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ausoc02] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ausoc04] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ausoc06] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ausocd] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([bruoc02] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([bruoc06] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([camoc] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([camocd] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([ctxgw] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpoc] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpoc02] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpoc04] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpoc06] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpoc08] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.com ([rtpocd] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.local ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ppdi.local ([*] * in Trusted sites)
O15 - HKCU\..Trusted Domains: ppdi.local ([ctxgw] * in Trusted sites)
O15 - HKCU\..Trusted Domains: questdiagnostics.com ([www] https in Trusted sites)
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} http://portal.health-central.org/portal/applets/SharedSession.dll (SharedSessionService Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223573527005 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657} Reg Error: Value error. (Oracle JInitiator 1.1.8.25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.sewanee.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.26.88.31 204.215.43.3
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Program Files\eClinicalWorks\wowctl2.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2197c3e3-a751-11df-8b95-0021970b961d}\Shell\AutoRun\command - "" = E:\videos\player\winopen.exe \Transformers.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A1EE944-D98D-154F-DB72-C4435D01DAB2} - Vector Graphics Rendering (VML)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 17:24:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/11/16 11:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/16 11:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/16 10:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/11/16 10:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/16 10:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/16 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/15 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/15 16:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/15 15:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/15 15:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/15 08:32:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/11/15 08:32:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/15 08:32:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/15 08:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 08:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/15 08:30:59 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.46.exe
[2010/11/15 08:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\RealVNC
[2010/11/05 13:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder
[2008/12/09 18:19:06 | 001,041,408 | ---- | C] (RemotePass Technologies) -- C:\Documents and Settings\user\Local Settings\Application Data\RemotePassClnt.exe
[2008/12/09 18:19:06 | 000,118,784 | ---- | C] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\MirrInst.exe
[2008/12/09 18:19:06 | 000,031,896 | ---- | C] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.sys
[2008/12/09 18:19:06 | 000,030,360 | ---- | C] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.dll
[2008/09/04 11:04:22 | 000,010,896 | ---- | C] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 17:24:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/11/16 17:19:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 17:19:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 16:29:03 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/16 16:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/16 16:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/16 15:29:09 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/16 14:29:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 13:29:15 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/16 12:29:29 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/16 11:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/16 11:22:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/16 11:14:48 | 000,000,074 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/11/16 10:33:20 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/16 10:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 09:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/16 08:59:44 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\user\sharedSession.properties
[2010/11/16 08:41:23 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/16 08:16:20 | 067,681,291 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 08:32:08 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 08:31:13 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.46.exe
[2010/11/15 05:50:28 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\start
[2010/11/15 05:45:15 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\completescan
[2010/11/15 05:42:04 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\user\Application Data\install
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/09 10:54:04 | 000,513,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 10:54:04 | 000,097,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 13:54:02 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\user\Desktop\New Microsoft Office Publisher Document.pub
[2010/11/05 07:57:51 | 000,283,229 | ---- | M] () -- C:\Documents and Settings\user\My Documents\HorizonWP Physician Portal.pdf
[2010/11/02 09:52:15 | 000,153,733 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AdminStation1_CoxVici.pdf
[2010/11/02 09:25:35 | 000,018,528 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A1imaging.pdf
[2010/11/02 09:24:22 | 000,020,871 | ---- | M] () -- C:\Documents and Settings\user\My Documents\34182_1FD63C6E-F858-AC4E-B912-E4569C4483EA.tif
[2010/11/02 09:22:46 | 000,009,852 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc2.docx
[2010/11/02 09:12:29 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Untitled.lnk
[2010/11/02 09:10:16 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Shortcut to New Folder (3).lnk
[2010/11/02 09:02:51 | 000,030,313 | ---- | M] () -- C:\SC000002.TIF
[2010/11/02 08:14:27 | 000,009,851 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc1.docx
[2010/10/28 12:43:48 | 000,291,394 | ---- | M] () -- C:\Documents and Settings\user\My Documents\creeden.pdf
[2010/10/28 10:48:42 | 000,074,430 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A2238C5A-9AB2-124C-A628-F5C07CC88111.TIF
[2010/10/28 10:32:41 | 000,044,514 | ---- | M] () -- C:\Documents and Settings\user\My Documents\dexa.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 11:22:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/16 10:33:20 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/15 15:29:01 | 000,015,308 | ---- | C] () -- C:\WINDOWS\System32\535.js
[2010/11/15 08:32:08 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 05:46:23 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\Application Data\start
[2010/11/15 05:45:15 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\Application Data\completescan
[2010/11/15 05:42:04 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\user\Application Data\install
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 05:41:24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 13:54:02 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\user\Desktop\New Microsoft Office Publisher Document.pub
[2010/11/05 07:57:43 | 000,283,229 | ---- | C] () -- C:\Documents and Settings\user\My Documents\HorizonWP Physician Portal.pdf
[2010/11/02 09:52:15 | 000,153,733 | ---- | C] () -- C:\Documents and Settings\user\My Documents\AdminStation1_CoxVici.pdf
[2010/11/02 09:25:35 | 000,018,528 | ---- | C] () -- C:\Documents and Settings\user\My Documents\A1imaging.pdf
[2010/11/02 09:24:35 | 000,020,871 | ---- | C] () -- C:\Documents and Settings\user\My Documents\34182_1FD63C6E-F858-AC4E-B912-E4569C4483EA.tif
[2010/11/02 09:22:46 | 000,009,852 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Doc2.docx
[2010/11/02 09:12:29 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Untitled.lnk
[2010/11/02 09:10:16 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Shortcut to New Folder (3).lnk
[2010/11/02 09:02:51 | 000,030,313 | ---- | C] () -- C:\SC000002.TIF
[2010/11/02 08:01:18 | 000,009,851 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Doc1.docx
[2010/10/28 12:43:43 | 000,291,394 | ---- | C] () -- C:\Documents and Settings\user\My Documents\creeden.pdf
[2010/10/28 10:48:42 | 000,074,430 | ---- | C] () -- C:\Documents and Settings\user\My Documents\A2238C5A-9AB2-124C-A628-F5C07CC88111.TIF
[2010/10/28 10:32:41 | 000,044,514 | ---- | C] () -- C:\Documents and Settings\user\My Documents\dexa.pdf
[2008/12/09 18:19:06 | 000,892,928 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\libeay32.dll
[2008/12/09 18:19:06 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ssleay32.dll
[2008/12/09 18:19:06 | 000,008,253 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.cat
[2008/12/09 18:19:06 | 000,002,375 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.inf
[2008/12/09 18:19:06 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\RpCaCert.pem
[2008/12/09 18:10:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/12/09 18:10:30 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2008/12/02 12:01:27 | 000,000,712 | ---- | C] () -- C:\WINDOWS\FJTWSTI.INI
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0C0A.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0419.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0416.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0410.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex040C.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0407.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0C0A.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0419.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0416.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0410.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex040C.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0407.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0C0A.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0419.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0416.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0410.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex040C.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0407.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0C0A.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0419.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0416.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0410.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex040C.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0409.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0407.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0C0A.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0419.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0416.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0410.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex040C.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0409.dll
[2008/12/02 12:01:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0407.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0409.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0409.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0409.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0412.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0411.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0412.dll
[2008/12/02 12:01:21 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0411.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0804.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0412.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0411.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6770ex0404.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0804.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0412.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0411.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6750ex0404.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0804.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0412.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0411.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6670ex0404.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0804.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6240ex0404.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0804.dll
[2008/12/02 12:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6230ex0404.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0409.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0416.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0409.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0409.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0416.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0409.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0419.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0416.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0C0A.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0410.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex040C.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0407.dll
[2008/12/02 12:01:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0C0A.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0409.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0409.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0412.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0411.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0409.dll
[2008/12/02 12:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0409.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6230Tex0404.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6140ex0404.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6130Tex0404.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi6130ex0404.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi60Fex0411.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5900Xex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5900ex0404.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5750ex0411.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0804.dll
[2008/12/02 12:01:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0411.dll
[2008/12/02 12:01:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex.dll
[2008/12/02 12:01:19 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex.dll
[2008/12/02 12:01:19 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0419.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0409.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0419.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0409.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0419.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0409.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0419.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0409.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0409.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0407.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0C0A.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0410.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex040C.dll
[2008/12/02 12:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0407.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5650ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0412.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0411.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0412.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0411.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0412.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0411.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0412.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0411.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0411.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0c0a.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0410.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex040C.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0407.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0C0A.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0410.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex040C.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0407.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0C0A.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0410.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex040C.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0409.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0407.dll
[2008/12/02 12:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0409.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5530ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi55302ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5220ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5120ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi5110ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4530ex0411.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4340ex0411.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4220ex0411.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi42202ex0411.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi4120ex0411.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0804.dll
[2008/12/02 12:01:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\fi41202ex0411.dll
[2008/11/12 15:08:38 | 000,000,264 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/12 15:08:37 | 000,000,074 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/11/12 15:08:30 | 000,242,688 | ---- | C] () -- C:\WINDOWS\System32\ISP2003.dll
[2008/09/04 11:31:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/04 11:06:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/09/04 11:06:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/09/04 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/09/04 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/09/04 11:06:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/09/04 11:06:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/04 10:58:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4873.dll
[2008/09/04 10:57:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2008/09/04 10:57:54 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2008/09/04 10:57:54 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/29 19:04:28 | 000,004,475 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/14 19:55:28 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\HPBCFGRE.DLL
[2003/02/07 17:24:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\hpbhealr.dll
[2002/05/25 18:57:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\hpbmint.dll
[2001/12/07 10:20:46 | 000,006,176 | ---- | C] () -- C:\WINDOWS\System32\HPBFXMMA.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2005/04/01 13:19:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/09 08:38:00 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/09/09 08:38:00 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 19:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 19:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 19:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/16 11:22:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< >

< End of report >
[2010/11/16 17:30:32 | 000,495,616 | -H-- | M] () -- C:\Documents and Settings\user\ntuser.dat.LOG
[2010/11/16 17:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Desktop
[2010/11/16 17:28:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\user\Cookies
[2010/11/16 17:24:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/11/16 17:19:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 17:19:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 17:18:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/16 16:49:02 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/11/16 16:48:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/11/16 16:29:03 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/16 16:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/16 16:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/16 15:50:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Recent
[2010/11/16 15:29:09 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/16 15:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/11/16 14:29:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 13:29:15 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/16 12:29:29 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/16 11:52:48 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/11/16 11:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/16 11:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/11/16 11:21:47 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/11/16 11:14:48 | 000,000,074 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/11/16 10:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/11/16 10:33:45 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data
[2010/11/16 10:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/11/16 10:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/16 10:33:20 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/16 10:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 10:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/11/16 09:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/16 08:59:44 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\user\sharedSession.properties
[2010/11/16 08:41:23 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/16 01:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\eClinicalWorks
[2010/11/15 16:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/15 16:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/15 15:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/15 15:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/15 14:50:29 | 000,000,000 | R--D | M] -- C:\Documents and Settings\user\My Documents
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 08:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/11/15 08:32:08 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 08:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/15 08:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/15 08:31:13 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.46.exe
[2010/11/15 08:06:41 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2010/11/15 05:50:28 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\start
[2010/11/15 05:45:15 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\completescan
[2010/11/15 05:42:04 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\user\Application Data\install
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/11 03:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/11/09 10:54:04 | 000,622,620 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/09 10:54:04 | 000,513,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 10:54:04 | 000,097,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 13:54:02 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\user\Desktop\New Microsoft Office Publisher Document.pub
[2010/11/05 07:57:51 | 000,283,229 | ---- | M] () -- C:\Documents and Settings\user\My Documents\HorizonWP Physician Portal.pdf
[2010/11/04 14:02:30 | 000,000,000 | R--D | M] -- C:\Documents and Settings\user\Favorites
[2010/11/02 09:52:15 | 000,153,733 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AdminStation1_CoxVici.pdf
[2010/11/02 09:25:35 | 000,018,528 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A1imaging.pdf
[2010/11/02 09:24:22 | 000,020,871 | ---- | M] () -- C:\Documents and Settings\user\My Documents\34182_1FD63C6E-F858-AC4E-B912-E4569C4483EA.tif
[2010/11/02 09:22:46 | 000,009,852 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc2.docx
[2010/11/02 09:12:29 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Untitled.lnk
[2010/11/02 09:10:16 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Shortcut to New Folder (3).lnk
[2010/11/02 08:14:27 | 000,009,851 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc1.docx
[2010/11/02 06:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/11/01 10:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory
[2010/10/28 12:43:48 | 000,291,394 | ---- | M] () -- C:\Documents and Settings\user\My Documents\creeden.pdf
[2010/10/28 10:48:42 | 000,074,430 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A2238C5A-9AB2-124C-A628-F5C07CC88111.TIF
[2010/10/28 10:32:41 | 000,044,514 | ---- | M] () -- C:\Documents and Settings\user\My Documents\dexa.pdf
[2008/11/13 03:07:48 | 004,832,690 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2008/09/04 11:26:24 | 000,068,456 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/22 12:29:14 | 001,041,408 | ---- | M] (RemotePass Technologies) -- C:\Documents and Settings\user\Local Settings\Application Data\RemotePassClnt.exe
[2007/11/07 07:55:14 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\RpCaCert.pem
[2007/11/05 21:08:22 | 000,118,784 | ---- | M] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\MirrInst.exe
[2007/08/14 01:46:34 | 000,010,896 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software
[2006/04/29 19:04:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\desktop.ini
[2006/04/29 19:04:07 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/01/09 19:32:46 | 000,008,253 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.cat
[2005/11/27 19:25:14 | 000,031,896 | ---- | M] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.sys
[2005/11/27 19:25:14 | 000,030,360 | ---- | M] (DemoForge, LLC) -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.dll
[2005/11/27 19:25:14 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dfmirage.inf
[2005/06/05 16:15:06 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ssleay32.dll
[2005/06/05 16:14:32 | 000,892,928 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\libeay32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 17:24:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/11/16 17:19:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 17:19:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 16:29:03 | 000,015,308 | ---- | M] () -- C:\WINDOWS\System32\535.js
[2010/11/16 16:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/16 16:28:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/11/16 15:29:09 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/16 14:29:04 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/16 13:29:15 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/16 12:29:29 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/16 11:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/16 11:22:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/11/16 11:14:48 | 000,000,074 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/11/16 10:33:20 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/16 10:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 09:29:03 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/16 08:59:44 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\user\sharedSession.properties
[2010/11/16 08:41:23 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/16 08:16:20 | 067,681,291 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/15 09:02:16 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/15 08:32:08 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 08:31:13 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup-1.46.exe
[2010/11/15 05:50:28 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\start
[2010/11/15 05:45:15 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\completescan
[2010/11/15 05:42:04 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\user\Application Data\install
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/15 05:41:25 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/09 10:54:04 | 000,513,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 10:54:04 | 000,097,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 13:54:02 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\user\Desktop\New Microsoft Office Publisher Document.pub
[2010/11/05 07:57:51 | 000,283,229 | ---- | M] () -- C:\Documents and Settings\user\My Documents\HorizonWP Physician Portal.pdf
[2010/11/02 09:52:15 | 000,153,733 | ---- | M] () -- C:\Documents and Settings\user\My Documents\AdminStation1_CoxVici.pdf
[2010/11/02 09:25:35 | 000,018,528 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A1imaging.pdf
[2010/11/02 09:24:22 | 000,020,871 | ---- | M] () -- C:\Documents and Settings\user\My Documents\34182_1FD63C6E-F858-AC4E-B912-E4569C4483EA.tif
[2010/11/02 09:22:46 | 000,009,852 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc2.docx
[2010/11/02 09:12:29 | 000,000,577 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Untitled.lnk
[2010/11/02 09:10:16 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Shortcut to New Folder (3).lnk
[2010/11/02 09:02:51 | 000,030,313 | ---- | M] () -- C:\SC000002.TIF
[2010/11/02 08:14:27 | 000,009,851 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Doc1.docx
[2010/10/28 12:43:48 | 000,291,394 | ---- | M] () -- C:\Documents and Settings\user\My Documents\creeden.pdf
[2010/10/28 10:48:42 | 000,074,430 | ---- | M] () -- C:\Documents and Settings\user\My Documents\A2238C5A-9AB2-124C-A628-F5C07CC88111.TIF
[2010/10/28 10:32:41 | 000,044,514 | ---- | M] () -- C:\Documents and Settings\user\My Documents\dexa.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2005/04/01 13:19:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 07:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/09/09 08:38:00 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/09/09 08:38:00 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 19:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 19:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 19:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/16 11:22:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< >

< End of report >





And the Extras Log:
OTL Extras logfile created on: 11/16/2010 5:25:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.86 Gb Total Space | 112.86 Gb Free Space | 77.37% Space Free | Partition Type: NTFS

Computer Name: ADMINSTATION1 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C0BE272-6214-41D7-B4A3-421EA51D0A1D}" = Microsoft Windows XP Tablet PC Edition Development Kit Version 1.7
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{2261641F-C882-4F4D-ABE5-AEB132DE166A}" = OPA PDF Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4844FB9D-C395-4938-A48D-D977D131C612}" = Component Installer for Oracle Remote Data Capture
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC409863-96D5-4B42-A0CC-C93F02BE35F7}" = eClinicalWorks
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{D8490ADB-E45C-49FA-907F-59C3F370242D}" = TabletPC
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Franšais, Deutsch" = Adobe Acrobat 8.1.5 Standard
"Adobe Acrobat 8 Standard - English, Franšais, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2261641F-C882-4F4D-ABE5-AEB132DE166A}" = OPA PDF Plug-in
"KALKTCH912237873672496" = Kaseya Agent (adminstation1.root.cappleman - ks.lekhost.net)
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oracle JInitiator 1.1.8.25" = Oracle JInitiator 1.1.8.25
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"RealVNC_is1" = VNC Enterprise Edition E4.5.1
"Software Operation Panel" = Software Operation Panel
"TightVNC_is1" = TightVNC 1.3.9
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

[ OSession Events ]
Error - 7/29/2009 2:05:22 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:28 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:32 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:41 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:46 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:06:16 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/26/2010 2:57:23 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/27/2010 11:43:23 AM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/16/2010 5:30:05 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 5:43:45 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 5:45:42 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 11/16/2010 5:49:42 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 6:17:59 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 6:19:33 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:19:42 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/16/2010 6:21:00 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL

Error - 11/16/2010 6:28:28 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:30:26 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C0BE272-6214-41D7-B4A3-421EA51D0A1D}" = Microsoft Windows XP Tablet PC Edition Development Kit Version 1.7
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{2261641F-C882-4F4D-ABE5-AEB132DE166A}" = OPA PDF Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4844FB9D-C395-4938-A48D-D977D131C612}" = Component Installer for Oracle Remote Data Capture
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC409863-96D5-4B42-A0CC-C93F02BE35F7}" = eClinicalWorks
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Franšais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{D8490ADB-E45C-49FA-907F-59C3F370242D}" = TabletPC
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Franšais, Deutsch" = Adobe Acrobat 8.1.5 Standard
"Adobe Acrobat 8 Standard - English, Franšais, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2261641F-C882-4F4D-ABE5-AEB132DE166A}" = OPA PDF Plug-in
"KALKTCH912237873672496" = Kaseya Agent (adminstation1.root.cappleman - ks.lekhost.net)
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oracle JInitiator 1.1.8.25" = Oracle JInitiator 1.1.8.25
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"RealVNC_is1" = VNC Enterprise Edition E4.5.1
"Software Operation Panel" = Software Operation Panel
"TightVNC_is1" = TightVNC 1.3.9
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:20 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = EventSocketManager: Unable to add listener

Error - 11/16/2010 5:39:21 PM | Computer Name = ADMINSTATION1 | Source = WinVNC4 | ID = 1
Description = ClipboardConnection: vncclipboard failed: Unable to add listener

[ OSession Events ]
Error - 7/29/2009 2:05:22 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:28 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:32 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:41 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:05:46 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 2:06:16 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/26/2010 2:57:23 PM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/27/2010 11:43:23 AM | Computer Name = ADMINSTATION1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/16/2010 5:45:42 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 11/16/2010 5:49:42 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 6:17:59 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%2

Error - 11/16/2010 6:19:33 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:19:42 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/16/2010 6:21:00 PM | Computer Name = ADMINSTATION1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL

Error - 11/16/2010 6:28:28 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:30:26 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:30:34 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/16/2010 6:31:42 PM | Computer Name = ADMINSTATION1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >






And the Hitman Pro 3.5 Log:
<Log computer="ADMINSTATION1" scan="Normal" version="3.5.7.117" date="2010-11-16T17:33:07" timeSpentInSecs="120" filesProcessed="20023">
<Item type="Malware" malwareName="Malware" score="106.0" status="Quarantiend">
<Scanners>
<Scanner id="Prevx" name="Medium Risk Malware" />
</Scanners>
<File path="C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\17U3ZPGU\dm3[1].exe" hash="2734B2783AC263C4681D8E73B65955F7D875F17F8D6A1F8BFEDCA06386FACB32" />
</Item>
Log>


(The dm3.exe file showed information that it was from steelbytes and it was a HDD checker. Don't know about it's legitamacy.)

#5 Lovansoft

Lovansoft
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 November 2010 - 05:57 PM

The DDS.scr log and attached zip:

DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by user at 17:53:23.21 on Tue 11/16/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1444 [GMT -5:00]

AV: AVG Internet Security Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FTPWRENV] c:\windows\twain_32\fjscan32\ftpwrevt\FTPWREVT.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KASHLKTCH912237873672496] "c:\program files\kaseya\agent\KaUsrTsk.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\errorr~1.lnk - c:\windows\twain_32\fjscan32\erg\FTErGuid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ppdi.com\*
Trusted Zone: ppdi.com\ausoc
Trusted Zone: ppdi.com\ausoc02
Trusted Zone: ppdi.com\ausoc04
Trusted Zone: ppdi.com\ausoc06
Trusted Zone: ppdi.com\ausocd
Trusted Zone: ppdi.com\bruoc02
Trusted Zone: ppdi.com\bruoc06
Trusted Zone: ppdi.com\camoc
Trusted Zone: ppdi.com\camocd
Trusted Zone: ppdi.com\ctxgw
Trusted Zone: ppdi.com\rtpoc
Trusted Zone: ppdi.com\rtpoc02
Trusted Zone: ppdi.com\rtpoc04
Trusted Zone: ppdi.com\rtpoc06
Trusted Zone: ppdi.com\rtpoc08
Trusted Zone: ppdi.com\rtpocd
Trusted Zone: ppdi.local\*
Trusted Zone: ppdi.local\ctxgw
Trusted Zone: questdiagnostics.com\www
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxp://portal.health-central.org/portal/applets/SharedSession.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223573527005
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcam.sewanee.edu/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Handler: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - c:\program files\eclinicalworks\wowctl2.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-3-5 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 216400]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 29584]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2008-12-2 45056]
S2 KALKTCH912237873672496;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-3-5 806912]
S2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\agent\KasAVSrv.exe [2009-3-5 221184]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-7-11 569344]
S3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-12-9 31896]
S3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-3-5 13824]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]

=============== Created Last 30 ================

2010-11-16 22:52:56 630272 ----a-w- c:\temp\dds.scr
2010-11-16 22:35:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-16 22:24:32 575488 ----a-w- c:\temp\OTL.exe
2010-11-16 21:05:55 388608 ----a-w- c:\temp\HijackThis.exe
2010-11-16 16:52:48 -------- d-----w- c:\program files\ESET
2010-11-16 16:22:36 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-16 16:21:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-16 16:21:11 6387008 ----a-w- c:\temp\HitmanPro35.exe
2010-11-16 15:33:45 -------- d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2010-11-16 15:33:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-16 15:33:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-16 15:28:24 -------- d-----w- c:\program files\CCleaner
2010-11-15 13:32:13 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-11-15 13:32:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-15 13:32:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-15 13:32:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-15 13:32:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-15 13:06:41 -------- d-----w- c:\program files\RealVNC
2010-11-12 15:58:14 1330776 ----a-w- c:\temp\tdsskiller.exe
2010-11-03 14:33:57 299008 ----a-w- c:\temp\UserStateAudit.exe

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ------w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ------w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ------w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2007-08-14 06:46:34 10896 ------w- c:\program files\ThinkVantage Fingerprint Software

============= FINISH: 17:54:35.28 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users