Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

symantec-trojen.gen.2


  • This topic is locked This topic is locked
42 replies to this topic

#1 janell377

janell377

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 January 2011 - 10:50 PM

My Symantec Anti-virus has detected many Trojan.Gen.2 virus on my computer and puts them in quarantine. And it keeps popping up with more files infected and being added to the list. I ran live updates then did a complete scan of the computer and the scan found 215 risks and it quarantined them all, except 2 were cleaned by deletion and 2 were log only.

I do not really know what all these infected files are or how to get rid of them. The risk name for all them are Trojan.Gen.2

I was able to complete all the steps in the preparation guide except step 8. I was able to download the file, but when it started to scan I would get a blue screen and it would restart. I then tried to scan it once more, but the computer screen completely froze and I had to restart. Therefore I do not have a GMER log.

Here is the other log from DDS.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Janell at 19:31:00.96 on Sat 01/15/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3317.1915 [GMT -8:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\eelogsvc.exe
C:\Windows\system32\eelssrv.exe
C:\Windows\system32\eetdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k regsvc
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Entrust\ESP\eesystry.exe
C:\Program Files\Common Files\Entrust\ESP\eekas.exe
C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe
C:\Windows\system32\eelssrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jans\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [eesystry.exe] c:\program files\common files\entrust\esp\eesystry.exe
mRun: [eekas] c:\program files\common files\entrust\esp\eekas.exe
mRun: [espwatchdog] c:\program files\common files\entrust\esp\eecwatch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: NoInplaceSharing = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: LogonType = 0 (0x0)
mPolicies-system: ReportControllerMissing = 1 (0x1)
dPolicies-explorer: NoInplaceSharing = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 eetd32;Entrust Entelligence True Delete File System Minifilter Driver;c:\windows\system32\drivers\eetd32.sys [2010-4-2 23504]
R2 eetdsrv;Entrust Entelligence TrueDelete;c:\windows\system32\eetdsrv.exe [2010-2-11 29696]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-17 102448]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 ACTLogProcessor;Act Log Processing Service;c:\program files\microsoft application compatibility toolkit 5\log processing service\actdcsvc.exe [2009-4-7 349576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2009-7-13 126464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2009-7-13 19456]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]
S3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-7-13 9728]

=============== Created Last 30 ================


==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 19:31:30.61 ===============

Alright I was finally able to run GMER and get a log for it:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-15 21:04:17
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3500418AS rev.CC38
Running: gmer.exe; Driver: C:\Users\Jans\AppData\Local\Temp\pwtyypow.sys


---- System - GMER 1.0.15 ----

SSDT 865BDBB8 ZwAlertResumeThread
SSDT 865BF050 ZwAlertThread
SSDT 865BE0B0 ZwAllocateVirtualMemory
SSDT 865BD908 ZwCreateMutant
SSDT 865C1668 ZwCreateThread
SSDT 8658FD60 ZwFreeVirtualMemory
SSDT 865BD9F8 ZwImpersonateAnonymousToken
SSDT 865BDAD8 ZwImpersonateThread
SSDT 8658FC80 ZwMapViewOfSection
SSDT 865C1418 ZwOpenEvent
SSDT 865C00B0 ZwOpenProcessToken
SSDT 865C2208 ZwOpenThreadToken
SSDT 8658F620 ZwResumeThread
SSDT 865C15A8 ZwSetContextThread
SSDT 865B12B0 ZwSetInformationProcess
SSDT 865C20B0 ZwSetInformationThread
SSDT 865C1338 ZwSuspendProcess
SSDT 865BF198 ZwSuspendThread
SSDT 865BC250 ZwTerminateProcess
SSDT 865B1620 ZwTerminateThread
SSDT 8642A878 ZwUnmapViewOfSection
SSDT 865B16E0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A48599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82A74734 8 Bytes [B8, DB, 5B, 86, 50, F0, 5B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82A7474C 4 Bytes [B0, E0, 5B, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82A74828 4 Bytes [08, D9, 5B, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82A7485C 4 Bytes [68, 16, 5C, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 82A7490C 4 Bytes [60, FD, 58, 86]
.text ...

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 16 January 2011 - 04:12 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:18 AM

Posted 20 January 2011 - 10:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 20 January 2011 - 01:04 PM

okay I am still having the same problem as before. My symantec anti-virus keeps finding infected files and putting them in quarantine that has a "risk" of Trojan.Gen.2 Here are the 2 logs and the attached file. Also I have noticed that the scanner seems to only find risks at night after 8pm. All through out the day symantec is fine and nothing pops up infected, but the past few nights is when this problem occurs.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Janell at 9:49:54.43 on Thu 01/20/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3317.2083 [GMT -8:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\eelogsvc.exe
C:\Windows\system32\eelssrv.exe
C:\Windows\system32\eetdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k regsvc
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Entrust\ESP\eesystry.exe
C:\Windows\system32\eelssrv.exe
C:\Program Files\Common Files\Entrust\ESP\eekas.exe
C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jans\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [eesystry.exe] c:\program files\common files\entrust\esp\eesystry.exe
mRun: [eekas] c:\program files\common files\entrust\esp\eekas.exe
mRun: [espwatchdog] c:\program files\common files\entrust\esp\eecwatch.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
uPolicies-explorer: NoInplaceSharing = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoWebServices = 1 (0x1)
mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
mPolicies-explorer: NoPublishingWizard = 1 (0x1)
mPolicies-explorer: NoAutorun = 1 (0x1)
mPolicies-explorer: PreXPSP2ShellProtocolBehavior = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: LogonType = 0 (0x0)
mPolicies-system: ReportControllerMissing = 1 (0x1)
dPolicies-explorer: NoInplaceSharing = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\jans\appdata\roaming\mozilla\firefox\profiles\f4t894oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Glue: {D2A6A719-7CBC-4594-85FD-C36AD881424F} - %profile%\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 eetd32;Entrust Entelligence True Delete File System Minifilter Driver;c:\windows\system32\drivers\eetd32.sys [2010-4-2 23504]
R2 eetdsrv;Entrust Entelligence TrueDelete;c:\windows\system32\eetdsrv.exe [2010-2-11 29696]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-17 102448]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 ACTLogProcessor;Act Log Processing Service;c:\program files\microsoft application compatibility toolkit 5\log processing service\actdcsvc.exe [2009-4-7 349576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dc21x4vm;dc21x4vm;c:\windows\system32\drivers\dc21x4vm.sys [2009-6-10 52224]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2009-7-13 126464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2009-7-13 19456]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]
S3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-7-13 9728]

=============== Created Last 30 ================


==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 9:50:33.97 ===============







GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-20 10:01:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3500418AS rev.CC38
Running: gmer.exe; Driver: C:\Users\Jans\AppData\Local\Temp\pwtyypow.sys


---- System - GMER 1.0.15 ----

SSDT 865E5CC8 ZwAlertResumeThread
SSDT 865E5DA8 ZwAlertThread
SSDT 865C1690 ZwAllocateVirtualMemory
SSDT 865E5A18 ZwCreateMutant
SSDT 865E2070 ZwCreateThread
SSDT 865E7D78 ZwFreeVirtualMemory
SSDT 865E5B08 ZwImpersonateAnonymousToken
SSDT 865E5BE8 ZwImpersonateThread
SSDT 865E7C98 ZwMapViewOfSection
SSDT 865E5938 ZwOpenEvent
SSDT 865C1DB0 ZwOpenProcessToken
SSDT 865E2788 ZwOpenThreadToken
SSDT 865C1508 ZwResumeThread
SSDT 865E26C8 ZwSetContextThread
SSDT 865E2858 ZwSetInformationProcess
SSDT 865E25D8 ZwSetInformationThread
SSDT 865E5858 ZwSuspendProcess
SSDT 865E5EF0 ZwSuspendThread
SSDT 865E2008 ZwTerminateProcess
SSDT 865E5FD0 ZwTerminateThread
SSDT 865C1540 ZwUnmapViewOfSection
SSDT 865C15C0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A80599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA4F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82AAC734 4 Bytes [C8, 5C, 5E, 86] {ENTER 0x5e5c, 0x86}
.text ntkrnlpa.exe!RtlSidHashLookup + 229 82AAC739 3 Bytes [5D, 5E, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82AAC74C 4 Bytes [90, 16, 5C, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82AAC828 4 Bytes [18, 5A, 5E, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82AAC85C 4 Bytes [70, 20, 5E, 86]
.text ...
.text peauth.sys 9C33EC9D 28 Bytes JMP C1C01E34
.text peauth.sys 9C33ECC1 28 Bytes JMP C1C01E58
? C:\Users\Jans\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1944] ntdll.dll!LdrLoadDll 7737F625 5 Bytes JMP 012813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 21 January 2011 - 09:18 AM

Hi janell377


I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If you have not done so, include a clear description of the problems you are having, along with any steps you may have performed so far.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 21 January 2011 - 09:35 AM

Hi janell377,

Is this a business computer?


Thanks!!
PW

#6 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 January 2011 - 12:24 PM

At one point this computer was used for a company, but it is now a personal computer.

#7 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 21 January 2011 - 06:03 PM

Hi janell377,

okay I am still having the same problem as before. My symantec anti-virus keeps finding infected files and putting them in quarantine that has a "risk" of Trojan.Gen.2

Could you post the entire path of the files that are being targeted by Symantec?

I'm not familiar with the Entrust and ActivIdentity programs. If either or both prevent changes to your system they may need to be disabled.

I see you have BitTorrentBar Toolbar installed.

BitTorrentBar Toolbar Is a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

It is your option but I would uninstall it.

Let's get another rootkit opinion.

Step 1.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".


Step 2.

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply please include the following:

RKUnhooker report
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized



Thanks!!
PW

#8 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 21 January 2011 - 07:30 PM

The files that are in quarantine are like C:\TrueDelete\{1a7a5bfb-219a-11e0-8af0-00301b48f46c}
Secondly, I did not realize that BitTorrentBar toolbar was still on my computer. I just looked in my control panel and it was not located in there to uninstall and nothing was under the firefox tools- add on. Any idea on how to get rid of it?
Here are the reports!!

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x98C3E000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A02000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A02000 PnpManager 4259840 bytes
0x82A02000 RAW 4259840 bytes
0x82A02000 WMIxWDM 4259840 bytes
0x82580000 Win32k 2404352 bytes
0x82580000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x90859000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110120.002\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0x8BC3E000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B813000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x99147000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BA35000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8B4E6000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9C547000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9C417000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B413000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B613000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x98147000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x984B2000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9842B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8B980000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9804A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAFC8B000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x99E78000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9856D000 C:\Windows\system32\DRIVERS\yk62x86.sys 327680 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xAFC3C000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98833000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B741000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9080F000 C:\Windows\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0x8B692000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x99E23000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B4A4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x981B1000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BDB8000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BAEC000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9C4EA000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x98C00000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E12000 ACPI_HAL 225280 bytes
0x82E12000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B591000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x989C3000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BB57000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x980A4000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BD87000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xAFD18000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x99EC8000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BC00000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9888D000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8B942000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B6EB000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BB9A000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BB2A000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xAFCDC000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x909A4000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8B7C0000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C4C7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9894F000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9880E000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8B5DC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8BA00000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9854E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x980DD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x82420000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x98489000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x99F57000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9C525000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9810A000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99FA4000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9C49C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x99F82000 C:\Windows\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0x99EF7000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x98516000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x988DB000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x988C3000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9892C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x98971000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x99FE3000 C:\Windows\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x8B5C5000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x98989000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x989A0000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x98028000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x99FCD000 C:\Windows\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x8B7A1000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x909C9000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110120.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8B96D000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x99E10000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x98124000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9891A000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9853C000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9C4B5000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BB89000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x99F31000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B7EC000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x99E67000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B720000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B48B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x99E00000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BC2D000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x98137000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B731000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9887E000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9852E000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x980FC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B400000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B793000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B9DD000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x98800000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B684000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9890D000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x99F10000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x98900000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x988F3000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9C5E8000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xAFD0B000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8BA1F000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x984A6000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x90800000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x99F76000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x99F1D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x99F4C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8B800000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x98944000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9803F000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x985BD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B715000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x99F42000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x98000000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x981F2000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x989B7000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9C5DE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x988B9000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x909DD000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xAFD01000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x8B7E3000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xAFDB3000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B7B7000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x99F28000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8B9EB000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAFDBC000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8B600000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x827E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B6DA000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B49C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x99FBE000 C:\Windows\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0x8BB4F000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BCE000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B6E3000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BA2C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BBF1000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8B9F4000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BDF7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x909EE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x99FC6000 C:\Windows\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x8B78C000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x909E7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9C540000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x980D6000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x99F9B000 C:\Windows\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0x909F5000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x99F72000 C:\Windows\system32\DRIVERS\eetd32.sys 16384 bytes (Entrust®, Entrust Entelligence TrueDelete Minifilter Driver)
0x99FA1000 C:\Windows\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0x8B7FD000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x989C1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x99F81000 C:\Windows\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0xAFD73F2E Unknown thread object [ ETHREAD 0x86F6A5D0 ] , 600 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)





OTL logfile created on: 1/21/2011 4:24:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Jans\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 406.93 Gb Free Space | 87.37% Space Free | Partition Type: NTFS

Computer Name: JANELL01 | User Name: Janell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 16:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jans\Desktop\OTL.exe
PRC - [2010/12/03 11:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/11 23:31:24 | 000,402,984 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2010/02/11 23:31:24 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2010/02/11 21:43:08 | 000,094,208 | ---- | M] (Entrust®) -- C:\Windows\System32\eelogsvc.exe
PRC - [2010/02/11 21:39:52 | 000,029,696 | ---- | M] (Entrust®) -- C:\Windows\System32\eetdsrv.exe
PRC - [2010/02/11 21:36:14 | 000,023,552 | ---- | M] (Entrust®) -- C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe
PRC - [2010/02/11 21:35:28 | 000,069,120 | ---- | M] (Entrust®) -- C:\Program Files\Common Files\Entrust\ESP\eesystry.exe
PRC - [2010/02/11 21:29:56 | 000,079,360 | ---- | M] (Entrust®) -- C:\Windows\System32\eelssrv.exe
PRC - [2010/02/11 21:21:08 | 000,368,640 | ---- | M] (Entrust®) -- C:\Program Files\Common Files\Entrust\ESP\eekas.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/17 14:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 14:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 14:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 16:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 16:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/06/03 12:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 12:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/09/11 03:40:30 | 000,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/07/22 02:47:22 | 000,151,552 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/02/13 13:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (SafeList) ==========

MOD - [2011/01/21 16:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jans\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2004/02/11 15:58:16 | 000,024,613 | ---- | M] (BackWeb) -- C:\Users\Jans\AppData\Local\Temp\1\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/01 20:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 13:50:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/11 21:43:08 | 000,094,208 | ---- | M] (Entrust®) [Auto | Running] -- C:\Windows\System32\eelogsvc.exe -- (eelogsvc)
SRV - [2010/02/11 21:39:52 | 000,029,696 | ---- | M] (Entrust®) [Auto | Running] -- C:\Windows\System32\eetdsrv.exe -- (eetdsrv)
SRV - [2010/02/11 21:29:56 | 000,079,360 | ---- | M] (Entrust®) [Auto | Running] -- C:\Windows\System32\eelssrv.exe -- (EELSService)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/17 14:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 14:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 13:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 17:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/13 08:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 16:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 16:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/03 12:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/07 14:23:04 | 000,349,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Compatibility Toolkit 5\Log Processing Service\actdcsvc.exe -- (ACTLogProcessor)


========== Driver Services (SafeList) ==========

DRV - [2010/12/23 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110120.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/23 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110120.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/16 12:54:52 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/17 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/02 08:06:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/11 21:55:58 | 000,023,504 | ---- | M] (Entrust®) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eetd32.sys -- (eetd32)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/08/26 07:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 16:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 16:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 16:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:49 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc)
DRV - [2009/07/13 15:28:48 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:49 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)
DRV - [2009/07/13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 13:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 4B C8 82 18 B5 CB 01 [binary data]
IE - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
IE - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/04 15:52:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 12:56:21 | 000,000,000 | ---D | M]

[2010/07/15 19:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jans\AppData\Roaming\mozilla\Extensions
[2011/01/21 16:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jans\AppData\Roaming\mozilla\Firefox\Profiles\f4t894oa.default\extensions
[2011/01/14 15:18:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Jans\AppData\Roaming\mozilla\Firefox\Profiles\f4t894oa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/29 11:59:14 | 000,000,000 | ---D | M] ("Glue") -- C:\Users\Jans\AppData\Roaming\mozilla\Firefox\Profiles\f4t894oa.default\extensions\{D2A6A719-7CBC-4594-85FD-C36AD881424F}
[2011/01/21 16:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eekas] C:\Program Files\Common Files\Entrust\ESP\eekas.exe (Entrust®)
O4 - HKLM..\Run: [eesystry.exe] C:\Program Files\Common Files\Entrust\ESP\eesystry.exe (Entrust®)
O4 - HKLM..\Run: [espwatchdog] C:\Program Files\Common Files\Entrust\ESP\eecwatch.exe (Entrust®)
O4 - HKU\S-1-5-19..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] File not found
O4 - HKU\S-1-5-20..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] File not found
O4 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006..\Run: [Sidebar] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\WAU: Disabled = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ReportControllerMissing = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 65535
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Ease of Access Center
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = Getting Started
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Homegroup
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = Parental Controls
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = Windows Cardspace
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = Windows Defender
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = Backup and Restore
O7 - HKU\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Windows Defender
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: extrhelp - (C:\Windows\AxInesvr.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 16:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jans\Desktop\OTL.exe
[2011/01/12 08:10:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 08:10:33 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/12 08:10:33 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/12 08:10:33 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/12 08:10:33 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/12 08:10:33 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/12 08:10:33 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/12 08:10:32 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/01/12 08:10:32 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/01/12 08:10:32 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/12 08:10:32 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/12 08:10:32 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/12 08:10:32 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/12 08:10:32 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/12 08:10:32 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/12 08:10:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2 C:\Users\Jans\Desktop\*.tmp files -> C:\Users\Jans\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 16:23:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jans\Desktop\OTL.exe
[2011/01/21 16:20:47 | 000,133,632 | ---- | M] () -- C:\Users\Jans\Desktop\RKUnhookerLE.EXE
[2011/01/21 16:20:35 | 000,010,225 | ---- | M] () -- C:\Users\Jans\Desktop\5.docx
[2011/01/21 16:20:35 | 000,000,162 | -H-- | M] () -- C:\Users\Jans\Desktop\~$5.docx
[2011/01/21 14:44:15 | 000,024,080 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/01/21 14:44:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/21 09:13:33 | 000,729,864 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/21 09:13:33 | 000,144,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/21 09:12:14 | 000,019,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 09:12:14 | 000,019,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 09:05:47 | 000,000,438 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/01/21 09:05:33 | 001,637,376 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/01/21 09:05:33 | 001,181,696 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/01/21 09:05:26 | 000,002,038 | RHS- | M] () -- C:\Users\Jans\ntuser.pol
[2011/01/20 21:30:11 | 000,040,448 | ---- | M] () -- C:\Users\Jans\Desktop\Math_125_info_Spr_2011_am.doc
[2011/01/15 19:37:01 | 469,580,888 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/07 12:40:40 | 000,000,049 | ---- | M] () -- C:\Windows\p2bQ37F
[2011/01/07 12:40:40 | 000,000,048 | ---- | M] () -- C:\Windows\UffRUVTi
[2011/01/07 12:40:40 | 000,000,047 | ---- | M] () -- C:\Windows\vIGOvC
[2011/01/07 12:40:40 | 000,000,047 | ---- | M] () -- C:\Windows\lRFnM8kS
[2011/01/07 12:40:40 | 000,000,046 | ---- | M] () -- C:\Windows\1sPAbNqdcn
[2011/01/07 12:40:40 | 000,000,045 | ---- | M] () -- C:\Windows\IVWaL
[2011/01/07 12:40:40 | 000,000,045 | ---- | M] () -- C:\Windows\HJBVn
[2011/01/07 12:40:40 | 000,000,045 | ---- | M] () -- C:\Windows\GiwC5nO45L
[2011/01/07 12:40:40 | 000,000,045 | ---- | M] () -- C:\Windows\4feDnPiR
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\IuVncbWqcI
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\EOIH3fPpIG
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\EJV5lPgQ
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\bgWmsn5c
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\86nKQ
[2011/01/07 12:40:40 | 000,000,044 | ---- | M] () -- C:\Windows\3hN71FA5gS
[2011/01/07 12:40:40 | 000,000,043 | ---- | M] () -- C:\Windows\w6MXETx
[2011/01/07 12:40:40 | 000,000,043 | ---- | M] () -- C:\Windows\VeUAyA
[2011/01/07 12:40:40 | 000,000,043 | ---- | M] () -- C:\Windows\LjB7XQ3w4
[2011/01/07 12:40:40 | 000,000,043 | ---- | M] () -- C:\Windows\6wU8Q3h881
[2011/01/07 12:40:40 | 000,000,042 | ---- | M] () -- C:\Windows\YMoaJoi
[2011/01/07 12:40:40 | 000,000,042 | ---- | M] () -- C:\Windows\uscvI5
[2011/01/07 12:40:40 | 000,000,042 | ---- | M] () -- C:\Windows\rgcwlG38y
[2011/01/07 12:40:40 | 000,000,042 | ---- | M] () -- C:\Windows\JgMcN4Gaa6
[2011/01/07 12:40:40 | 000,000,042 | ---- | M] () -- C:\Windows\ib1RQ2Fn
[2011/01/07 12:40:40 | 000,000,041 | ---- | M] () -- C:\Windows\sE3GoKXjC
[2011/01/07 12:40:40 | 000,000,041 | ---- | M] () -- C:\Windows\ixlAaUwn
[2011/01/07 12:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\WMsiQbId
[2011/01/07 12:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\IEbbQdfd
[2011/01/07 12:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\f7HHhd
[2011/01/07 12:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\AoDntSgSFm
[2011/01/07 12:40:40 | 000,000,040 | ---- | M] () -- C:\Windows\3oSUWkf37
[2011/01/07 12:40:40 | 000,000,039 | ---- | M] () -- C:\Windows\DYFyJ
[2011/01/07 12:40:40 | 000,000,039 | ---- | M] () -- C:\Windows\3SdxeXU
[2011/01/07 12:40:40 | 000,000,038 | ---- | M] () -- C:\Windows\XlO7djR
[2011/01/07 12:40:40 | 000,000,038 | ---- | M] () -- C:\Windows\u2Oox
[2011/01/07 12:40:40 | 000,000,038 | ---- | M] () -- C:\Windows\nWfau
[2011/01/07 12:40:40 | 000,000,038 | ---- | M] () -- C:\Windows\dowRomb4AI
[2011/01/07 12:40:40 | 000,000,038 | ---- | M] () -- C:\Windows\3vNIe7v
[2011/01/07 12:40:40 | 000,000,036 | ---- | M] () -- C:\Windows\mtqGUUmb5
[2011/01/07 12:40:40 | 000,000,036 | ---- | M] () -- C:\Windows\Hx5Fojx
[2011/01/07 12:40:40 | 000,000,036 | ---- | M] () -- C:\Windows\gvBEBqA
[2011/01/07 12:40:40 | 000,000,035 | ---- | M] () -- C:\Windows\V7mEQYri
[2011/01/07 12:40:40 | 000,000,035 | ---- | M] () -- C:\Windows\OxoEVUF
[2011/01/07 12:40:40 | 000,000,035 | ---- | M] () -- C:\Windows\MItiDWsvC6
[2011/01/07 12:40:40 | 000,000,034 | ---- | M] () -- C:\Windows\dvdsVbHqs
[2011/01/07 12:40:40 | 000,000,033 | ---- | M] () -- C:\Windows\wnYTBOm
[2011/01/07 12:40:40 | 000,000,033 | ---- | M] () -- C:\Windows\Sp1hfjd
[2011/01/07 12:40:40 | 000,000,033 | ---- | M] () -- C:\Windows\ScFO5U45
[2011/01/07 12:40:40 | 000,000,033 | ---- | M] () -- C:\Windows\bcR3UYwwa
[2011/01/07 12:40:40 | 000,000,032 | ---- | M] () -- C:\Windows\Wp6hs
[2011/01/07 12:40:40 | 000,000,032 | ---- | M] () -- C:\Windows\CQ3GiA
[2011/01/07 12:40:40 | 000,000,031 | ---- | M] () -- C:\Windows\t7PkLw46M
[2011/01/07 12:40:40 | 000,000,031 | ---- | M] () -- C:\Windows\PpVEq
[2011/01/07 12:40:40 | 000,000,031 | ---- | M] () -- C:\Windows\fa4k1tg
[2011/01/07 12:40:40 | 000,000,030 | ---- | M] () -- C:\Windows\YRivJNoM2
[2011/01/07 12:40:40 | 000,000,030 | ---- | M] () -- C:\Windows\ud2jW
[2011/01/07 12:40:40 | 000,000,030 | ---- | M] () -- C:\Windows\NPn2O
[2011/01/07 12:40:40 | 000,000,030 | ---- | M] () -- C:\Windows\NNOSAg
[2011/01/07 12:40:40 | 000,000,030 | ---- | M] () -- C:\Windows\nh8Bq
[2011/01/07 12:40:40 | 000,000,029 | ---- | M] () -- C:\Windows\RHK5dv
[2011/01/07 12:40:40 | 000,000,029 | ---- | M] () -- C:\Windows\2PYy7vRa
[2011/01/07 12:40:40 | 000,000,028 | ---- | M] () -- C:\Windows\oTlUx6T
[2011/01/07 12:40:40 | 000,000,028 | ---- | M] () -- C:\Windows\fAKR5Y
[2011/01/07 12:40:40 | 000,000,028 | ---- | M] () -- C:\Windows\bmIjG8pvSx
[2011/01/07 12:40:40 | 000,000,028 | ---- | M] () -- C:\Windows\5GkbCx
[2011/01/07 12:40:40 | 000,000,027 | ---- | M] () -- C:\Windows\VcxDu
[2011/01/07 12:40:40 | 000,000,027 | ---- | M] () -- C:\Windows\RXiIhYTWG
[2011/01/07 12:40:40 | 000,000,027 | ---- | M] () -- C:\Windows\r3OAWionr2
[2011/01/07 12:40:40 | 000,000,027 | ---- | M] () -- C:\Windows\G6lfHlK3
[2011/01/07 12:40:40 | 000,000,027 | ---- | M] () -- C:\Windows\a4X1431t
[2011/01/07 12:40:40 | 000,000,026 | ---- | M] () -- C:\Windows\xtUMOFntIw
[2011/01/07 12:40:40 | 000,000,026 | ---- | M] () -- C:\Windows\OYawID
[2011/01/07 12:40:40 | 000,000,026 | ---- | M] () -- C:\Windows\nCi1SJ
[2011/01/07 12:40:40 | 000,000,026 | ---- | M] () -- C:\Windows\5nd7qivh
[2011/01/07 12:40:40 | 000,000,025 | ---- | M] () -- C:\Windows\tS61qOyEgk
[2011/01/07 12:40:40 | 000,000,025 | ---- | M] () -- C:\Windows\mjOad
[2011/01/07 12:40:40 | 000,000,024 | ---- | M] () -- C:\Windows\niasdaLJ
[2010/12/27 17:13:55 | 003,934,192 | ---- | M] () -- C:\EasyShare.dmp
[2 C:\Users\Jans\Desktop\*.tmp files -> C:\Users\Jans\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/21 16:20:46 | 000,133,632 | ---- | C] () -- C:\Users\Jans\Desktop\RKUnhookerLE.EXE
[2011/01/21 16:20:35 | 000,000,162 | -H-- | C] () -- C:\Users\Jans\Desktop\~$5.docx
[2011/01/21 16:20:34 | 000,010,225 | ---- | C] () -- C:\Users\Jans\Desktop\5.docx
[2011/01/20 21:30:10 | 000,040,448 | ---- | C] () -- C:\Users\Jans\Desktop\Math_125_info_Spr_2011_am.doc
[2011/01/20 09:53:32 | 000,296,448 | ---- | C] () -- C:\Users\Jans\Desktop\gmer.exe
[2011/01/07 12:40:01 | 000,000,049 | ---- | C] () -- C:\Windows\p2bQ37F
[2011/01/07 12:40:01 | 000,000,048 | ---- | C] () -- C:\Windows\UffRUVTi
[2011/01/07 12:40:01 | 000,000,047 | ---- | C] () -- C:\Windows\vIGOvC
[2011/01/07 12:40:01 | 000,000,047 | ---- | C] () -- C:\Windows\lRFnM8kS
[2011/01/07 12:40:01 | 000,000,046 | ---- | C] () -- C:\Windows\1sPAbNqdcn
[2011/01/07 12:40:01 | 000,000,045 | ---- | C] () -- C:\Windows\IVWaL
[2011/01/07 12:40:01 | 000,000,045 | ---- | C] () -- C:\Windows\HJBVn
[2011/01/07 12:40:01 | 000,000,045 | ---- | C] () -- C:\Windows\GiwC5nO45L
[2011/01/07 12:40:01 | 000,000,045 | ---- | C] () -- C:\Windows\4feDnPiR
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\IuVncbWqcI
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\EOIH3fPpIG
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\EJV5lPgQ
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\bgWmsn5c
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\86nKQ
[2011/01/07 12:40:01 | 000,000,044 | ---- | C] () -- C:\Windows\3hN71FA5gS
[2011/01/07 12:40:01 | 000,000,043 | ---- | C] () -- C:\Windows\w6MXETx
[2011/01/07 12:40:01 | 000,000,043 | ---- | C] () -- C:\Windows\VeUAyA
[2011/01/07 12:40:01 | 000,000,043 | ---- | C] () -- C:\Windows\LjB7XQ3w4
[2011/01/07 12:40:01 | 000,000,043 | ---- | C] () -- C:\Windows\6wU8Q3h881
[2011/01/07 12:40:01 | 000,000,042 | ---- | C] () -- C:\Windows\YMoaJoi
[2011/01/07 12:40:01 | 000,000,042 | ---- | C] () -- C:\Windows\uscvI5
[2011/01/07 12:40:01 | 000,000,042 | ---- | C] () -- C:\Windows\rgcwlG38y
[2011/01/07 12:40:01 | 000,000,042 | ---- | C] () -- C:\Windows\JgMcN4Gaa6
[2011/01/07 12:40:01 | 000,000,042 | ---- | C] () -- C:\Windows\ib1RQ2Fn
[2011/01/07 12:40:01 | 000,000,041 | ---- | C] () -- C:\Windows\sE3GoKXjC
[2011/01/07 12:40:01 | 000,000,041 | ---- | C] () -- C:\Windows\ixlAaUwn
[2011/01/07 12:40:01 | 000,000,040 | ---- | C] () -- C:\Windows\WMsiQbId
[2011/01/07 12:40:01 | 000,000,040 | ---- | C] () -- C:\Windows\IEbbQdfd
[2011/01/07 12:40:01 | 000,000,040 | ---- | C] () -- C:\Windows\f7HHhd
[2011/01/07 12:40:01 | 000,000,040 | ---- | C] () -- C:\Windows\AoDntSgSFm
[2011/01/07 12:40:01 | 000,000,040 | ---- | C] () -- C:\Windows\3oSUWkf37
[2011/01/07 12:40:01 | 000,000,039 | ---- | C] () -- C:\Windows\DYFyJ
[2011/01/07 12:40:01 | 000,000,039 | ---- | C] () -- C:\Windows\3SdxeXU
[2011/01/07 12:40:01 | 000,000,038 | ---- | C] () -- C:\Windows\XlO7djR
[2011/01/07 12:40:01 | 000,000,038 | ---- | C] () -- C:\Windows\u2Oox
[2011/01/07 12:40:01 | 000,000,038 | ---- | C] () -- C:\Windows\nWfau
[2011/01/07 12:40:01 | 000,000,038 | ---- | C] () -- C:\Windows\dowRomb4AI
[2011/01/07 12:40:01 | 000,000,038 | ---- | C] () -- C:\Windows\3vNIe7v
[2011/01/07 12:40:01 | 000,000,036 | ---- | C] () -- C:\Windows\mtqGUUmb5
[2011/01/07 12:40:01 | 000,000,036 | ---- | C] () -- C:\Windows\Hx5Fojx
[2011/01/07 12:40:01 | 000,000,036 | ---- | C] () -- C:\Windows\gvBEBqA
[2011/01/07 12:40:01 | 000,000,035 | ---- | C] () -- C:\Windows\V7mEQYri
[2011/01/07 12:40:01 | 000,000,035 | ---- | C] () -- C:\Windows\OxoEVUF
[2011/01/07 12:40:01 | 000,000,035 | ---- | C] () -- C:\Windows\MItiDWsvC6
[2011/01/07 12:40:01 | 000,000,034 | ---- | C] () -- C:\Windows\dvdsVbHqs
[2011/01/07 12:40:01 | 000,000,033 | ---- | C] () -- C:\Windows\wnYTBOm
[2011/01/07 12:40:01 | 000,000,033 | ---- | C] () -- C:\Windows\Sp1hfjd
[2011/01/07 12:40:01 | 000,000,033 | ---- | C] () -- C:\Windows\ScFO5U45
[2011/01/07 12:40:01 | 000,000,033 | ---- | C] () -- C:\Windows\bcR3UYwwa
[2011/01/07 12:40:01 | 000,000,032 | ---- | C] () -- C:\Windows\Wp6hs
[2011/01/07 12:40:01 | 000,000,032 | ---- | C] () -- C:\Windows\CQ3GiA
[2011/01/07 12:40:01 | 000,000,031 | ---- | C] () -- C:\Windows\t7PkLw46M
[2011/01/07 12:40:01 | 000,000,031 | ---- | C] () -- C:\Windows\PpVEq
[2011/01/07 12:40:01 | 000,000,031 | ---- | C] () -- C:\Windows\fa4k1tg
[2011/01/07 12:40:01 | 000,000,030 | ---- | C] () -- C:\Windows\YRivJNoM2
[2011/01/07 12:40:01 | 000,000,030 | ---- | C] () -- C:\Windows\ud2jW
[2011/01/07 12:40:01 | 000,000,030 | ---- | C] () -- C:\Windows\NPn2O
[2011/01/07 12:40:01 | 000,000,030 | ---- | C] () -- C:\Windows\NNOSAg
[2011/01/07 12:40:01 | 000,000,030 | ---- | C] () -- C:\Windows\nh8Bq
[2011/01/07 12:40:01 | 000,000,029 | ---- | C] () -- C:\Windows\RHK5dv
[2011/01/07 12:40:01 | 000,000,029 | ---- | C] () -- C:\Windows\2PYy7vRa
[2011/01/07 12:40:01 | 000,000,028 | ---- | C] () -- C:\Windows\oTlUx6T
[2011/01/07 12:40:01 | 000,000,028 | ---- | C] () -- C:\Windows\fAKR5Y
[2011/01/07 12:40:01 | 000,000,028 | ---- | C] () -- C:\Windows\bmIjG8pvSx
[2011/01/07 12:40:01 | 000,000,028 | ---- | C] () -- C:\Windows\5GkbCx
[2011/01/07 12:40:01 | 000,000,027 | ---- | C] () -- C:\Windows\VcxDu
[2011/01/07 12:40:01 | 000,000,027 | ---- | C] () -- C:\Windows\RXiIhYTWG
[2011/01/07 12:40:01 | 000,000,027 | ---- | C] () -- C:\Windows\r3OAWionr2
[2011/01/07 12:40:01 | 000,000,027 | ---- | C] () -- C:\Windows\G6lfHlK3
[2011/01/07 12:40:01 | 000,000,027 | ---- | C] () -- C:\Windows\a4X1431t
[2011/01/07 12:40:01 | 000,000,026 | ---- | C] () -- C:\Windows\xtUMOFntIw
[2011/01/07 12:40:01 | 000,000,026 | ---- | C] () -- C:\Windows\OYawID
[2011/01/07 12:40:01 | 000,000,026 | ---- | C] () -- C:\Windows\nCi1SJ
[2011/01/07 12:40:01 | 000,000,026 | ---- | C] () -- C:\Windows\5nd7qivh
[2011/01/07 12:40:01 | 000,000,025 | ---- | C] () -- C:\Windows\tS61qOyEgk
[2011/01/07 12:40:01 | 000,000,025 | ---- | C] () -- C:\Windows\mjOad
[2011/01/07 12:40:01 | 000,000,024 | ---- | C] () -- C:\Windows\niasdaLJ
[2010/12/27 17:13:54 | 003,934,192 | ---- | C] () -- C:\EasyShare.dmp
[2010/10/16 12:10:48 | 000,007,601 | ---- | C] () -- C:\Users\Jans\AppData\Local\Resmon.ResmonCfg
[2010/10/16 11:19:46 | 000,001,009 | ---- | C] () -- C:\ProgramData\.wtav
[2010/09/12 08:51:51 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/18 14:04:32 | 000,000,166 | ---- | C] () -- C:\Windows\KA.INI
[2010/07/16 09:12:57 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/13 13:40:50 | 000,020,537 | ---- | C] () -- C:\Users\Jans\AppData\Roaming\UserTile.png
[2010/07/09 15:04:31 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2010/07/09 15:03:53 | 000,000,438 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/04/02 08:20:16 | 000,024,080 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2005/10/13 07:40:36 | 000,208,896 | ---- | C] () -- C:\Windows\System32\KPDVS.dll
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\Windows\System32\KodakOneTouch.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 1/21/2011 4:24:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Jans\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 406.93 Gb Free Space | 87.37% Space Free | Partition Type: NTFS

Computer Name: JANELL01 | User Name: Janell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1385227879-758978135-2243234428-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogFileSize" = 16384
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"AllowLocalPolicyMerge" = 1
"AllowLocalIPsecPolicyMerge" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86 NASA DSI v2.0
"{1CA5B06D-975D-4F11-BBAA-342EE4A82008}" = Entrust Entelligence Security Provider Compatibility Kit
"{1CCE7051-24BD-4BBE-B91D-CA4FCADDBCB0}" = FileNet Desktop eForms
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (SQLEXPRESS)
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.5
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C93169FE-1456-4DA3-9D25-F2EF340A938A}" = Entrust Entelligence Security Provider for Outlook
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{EB9CC6F2-7F76-4DBB-95BB-59C0BEE6DFF0}" = Entrust Entelligence Security Provider 9.1 for Windows
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F43867C9-68FD-46C7-B0AF-214356305B5E}" = Microsoft SQL Server Management Studio Express
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_7" = AIM 7
"HDMI" = Intel® Graphics Media Accelerator Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PROPLUS" = Microsoft Office Professional Plus 2007
"QQ Bubble Arena" = QQ Bubble Arena
"QQ Games" = QQ Games
"QQ Mah-jong" = QQ Mah-jong
"QQ Match Master" = QQ Match Master
"QQ Pool" = QQ Pool
"QQ Robo" = QQ Robo
"QQ Texas Hold'em" = QQ Texas Hold'em
"QQ Treasure Hunter" = QQ Treasure Hunter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TVWiz" = Intel® TV Wizard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

Error - 9/25/2010 9:25:08 PM | Computer Name = Janell01 | Source = ESENT | ID = 902
Description = Windows (2848) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x032C0260 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x000015B4

[ OSession Events ]
Error - 10/15/2010 11:18:07 PM | Computer Name = Janell01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 33898
seconds with 11280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/17/2011 3:42:54 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 1/17/2011 6:46:04 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 1/17/2011 6:58:49 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 1/17/2011 8:19:59 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 1/18/2011 11:34:25 AM | Computer Name = Janell01 | Source = DCOM | ID = 10016
Description =

Error - 1/18/2011 11:34:54 AM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7023
Description = The Act Log Processing Service service terminated with the following
error: %%16389

Error - 1/18/2011 11:36:21 AM | Computer Name = Janell01 | Source = DCOM | ID = 10016
Description =

Error - 1/18/2011 12:54:22 PM | Computer Name = Janell01 | Source = DCOM | ID = 10005
Description =

Error - 1/18/2011 12:54:22 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058

Error - 1/18/2011 3:49:47 PM | Computer Name = Janell01 | Source = Service Control Manager | ID = 7001
Description = The UPnP Device Host service depends on the SSDP Discovery service
which failed to start because of the following error: %%1058


< End of report >

#9 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 22 January 2011 - 10:06 AM

HI janell377,

We need to check some files.

  • Click on this link--> virustotal
  • Click the browse button. Copy and paste the following lines in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

C:\Windows\p2bQ37F
C:\Windows\UffRUVTi



If the file has been analyzed before, click the Reanalyse File Now button.

Please copy and paste the results of the scan in your next post.


Thanks!!
PW

#10 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 22 January 2011 - 07:42 PM

File name:
UffRUVTi
Submission date:
2011-01-22 18:36:31 (UTC)
Current status:
finished
Result:
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.22 -
Avast5 5.0.677.0 2011.01.22 -
AVG 10.0.0.1190 2011.01.22 -
BitDefender 7.2 2011.01.22 -
CAT-QuickHeal 11.00 2011.01.22 -
ClamAV 0.96.4.0 2011.01.22 -
Commtouch 5.2.11.5 2011.01.22 -
Comodo 7470 2011.01.22 -
DrWeb 5.0.2.03300 2011.01.22 -
Emsisoft 5.1.0.1 2011.01.22 -
eSafe 7.0.17.0 2011.01.20 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.22 -
Fortinet 4.2.254.0 2011.01.22 -
GData 21 2011.01.22 -
Ikarus T3.1.1.97.0 2011.01.22 -
Jiangmin 13.0.900 2011.01.22 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.22 -
McAfee 5.400.0.1158 2011.01.22 -
McAfee-GW-Edition 2010.1C 2011.01.22 -
Microsoft 1.6502 2011.01.22 -
NOD32 5809 2011.01.22 -
Norman 6.06.12 2011.01.22 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.22 -
PCTools 7.0.3.5 2011.01.22 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.22 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.22 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.22 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.22 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8159 2011.01.22 -
ViRobot 2011.1.22.4269 2011.01.22 -
VirusBuster 13.6.159.2 2011.01.22 -
Additional information
Show all
MD5 : 27ad00843723fcac05ed363440da569e
SHA1 : 14d7c03da55273d777ab946bca7a7d1704e44606
SHA256: 2aefb6d4d98ec20e05b75806a4990d998a80f286e1ae242ed37f869ef3e3c242





File name:
p2bQ37F
Submission date:
2011-01-22 18:55:57 (UTC)
Current status:
finished
Result:
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.22 -
Avast5 5.0.677.0 2011.01.22 -
AVG 10.0.0.1190 2011.01.22 -
BitDefender 7.2 2011.01.22 -
CAT-QuickHeal 11.00 2011.01.22 -
ClamAV 0.96.4.0 2011.01.22 -
Commtouch 5.2.11.5 2011.01.22 -
Comodo 7468 2011.01.22 -
DrWeb 5.0.2.03300 2011.01.22 -
Emsisoft 5.1.0.1 2011.01.22 -
eSafe 7.0.17.0 2011.01.20 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.21 -
F-Secure 9.0.16160.0 2011.01.22 -
Fortinet 4.2.254.0 2011.01.22 -
GData 21 2011.01.22 -
Ikarus T3.1.1.97.0 2011.01.22 -
Jiangmin 13.0.900 2011.01.22 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.22 -
McAfee 5.400.0.1158 2011.01.22 -
McAfee-GW-Edition 2010.1C 2011.01.22 -
Microsoft 1.6502 2011.01.22 -
NOD32 5808 2011.01.22 -
Norman 6.06.12 2011.01.22 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.22 -
PCTools 7.0.3.5 2011.01.22 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.22 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.22 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.22 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.22 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8154 2011.01.22 -
ViRobot 2011.1.22.4269 2011.01.22 -
VirusBuster 13.6.158.0 2011.01.21 -
Additional information
Show all
MD5 : e8c314506ceafdeb523816bcdb8033ac
SHA1 : 974b6fe16ea87d40db2a96103eacc823295c1d2a
SHA256: 2524043ada1ea027525b2414df39d84e854098e36b6f7161d17f9284642411bc

#11 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 22 January 2011 - 08:32 PM

Hi janell377,


I'd like us to scan your machine with ESET OnlineScan.

In reference to the following instructions it is very important you make sure the Remove Found Threats box is unchecked prior to scanning.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under Computer Scan Settings check Scan Archives and Uncheck Remove Found Threats <---------Important !!
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note: If ESET finds nothing there will be no log produced


Thanks!!
PW

#12 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 22 January 2011 - 10:55 PM

It only found 1 thing:

C:\Users\Jans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\397bd8b5-603c8a4b probably a variant of Win32/Agent.ZVRMM trojan

#13 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 23 January 2011 - 12:35 AM

Hi janell377,

Some of the randomly named files on your system are associated with a very nasty file infector. I want to make absolutely sure that it is not present prior to running any removal tools.

Let's check some more files.

  • Click on this link--> virustotal
  • Click the browse button. Copy and paste the following lines in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.

C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\cmd.exe


If the file has been analyzed before, click the Reanalyse File Now button.

Please copy and paste the results of the scan in your next post.


Thanks!!

Edited by pwgib, 23 January 2011 - 04:41 AM.

PW

#14 janell377

janell377
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 23 January 2011 - 11:42 AM

File name:
cmd.exe
Submission date:
2011-01-23 16:37:25 (UTC)
Current status:
queued (#95) queued (#85) analysing finished
Result:
0/ 43 (0.0%)

VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.23 -
Avast5 5.0.677.0 2011.01.23 -
AVG 10.0.0.1190 2011.01.23 -
BitDefender 7.2 2011.01.23 -
CAT-QuickHeal 11.00 2011.01.23 -
ClamAV 0.96.4.0 2011.01.23 -
Commtouch 5.2.11.5 2011.01.23 -
Comodo 7480 2011.01.23 -
DrWeb 5.0.2.03300 2011.01.23 -
Emsisoft 5.1.0.1 2011.01.23 -
eSafe 7.0.17.0 2011.01.23 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.23 -
Fortinet 4.2.254.0 2011.01.23 -
GData 21 2011.01.23 -
Ikarus T3.1.1.97.0 2011.01.23 -
Jiangmin 13.0.900 2011.01.23 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.23 -
McAfee 5.400.0.1158 2011.01.23 -
McAfee-GW-Edition 2010.1C 2011.01.23 -
Microsoft 1.6502 2011.01.23 -
NOD32 5811 2011.01.23 -
Norman 6.06.12 2011.01.23 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.23 -
PCTools 7.0.3.5 2011.01.23 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.23 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.23 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.23 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.23 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8167 2011.01.23 -
ViRobot 2011.1.22.4269 2011.01.23 -
VirusBuster 13.6.160.0 2011.01.23 -








File name:
attrib.exe
Submission date:
2011-01-23 16:36:55 (UTC)
Current status:
queued (#81) queued (#81) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.23 -
Avast5 5.0.677.0 2011.01.23 -
AVG 10.0.0.1190 2011.01.23 -
BitDefender 7.2 2011.01.23 -
CAT-QuickHeal 11.00 2011.01.23 -
ClamAV 0.96.4.0 2011.01.23 -
Commtouch 5.2.11.5 2011.01.23 -
Comodo 7480 2011.01.23 -
DrWeb 5.0.2.03300 2011.01.23 -
Emsisoft 5.1.0.1 2011.01.23 -
eSafe 7.0.17.0 2011.01.23 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.23 -
Fortinet 4.2.254.0 2011.01.23 -
GData 21 2011.01.23 -
Ikarus T3.1.1.97.0 2011.01.23 -
Jiangmin 13.0.900 2011.01.23 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.23 -
McAfee 5.400.0.1158 2011.01.23 -
McAfee-GW-Edition 2010.1C 2011.01.23 -
Microsoft 1.6502 2011.01.23 -
NOD32 5811 2011.01.23 -
Norman 6.06.12 2011.01.23 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.23 -
PCTools 7.0.3.5 2011.01.23 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.23 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.23 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.23 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.23 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8167 2011.01.23 -
ViRobot 2011.1.22.4269 2011.01.23 -
VirusBuster 13.6.160.0 2011.01.23 -








File name:
lsass.exe
Submission date:
2011-01-23 16:36:35 (UTC)
Current status:
queued (#79) queued (#79) analysing finished
Result:
0/ 43 (0.0%)

VT Community

malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.23 -
Avast5 5.0.677.0 2011.01.23 -
AVG 10.0.0.1190 2011.01.23 -
BitDefender 7.2 2011.01.23 -
CAT-QuickHeal 11.00 2011.01.23 -
ClamAV 0.96.4.0 2011.01.23 -
Commtouch 5.2.11.5 2011.01.23 -
Comodo 7480 2011.01.23 -
DrWeb 5.0.2.03300 2011.01.23 -
Emsisoft 5.1.0.1 2011.01.23 -
eSafe 7.0.17.0 2011.01.23 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.23 -
Fortinet 4.2.254.0 2011.01.23 -
GData 21 2011.01.23 -
Ikarus T3.1.1.97.0 2011.01.23 -
Jiangmin 13.0.900 2011.01.23 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.23 -
McAfee 5.400.0.1158 2011.01.23 -
McAfee-GW-Edition 2010.1C 2011.01.23 -
Microsoft 1.6502 2011.01.23 -
NOD32 5811 2011.01.23 -
Norman 6.06.12 2011.01.23 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.23 -
PCTools 7.0.3.5 2011.01.23 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.23 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.23 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.23 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.23 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8167 2011.01.23 -
ViRobot 2011.1.22.4269 2011.01.23 -
VirusBuster 13.6.160.0 2011.01.23 -








File name:
svchost.exe
Submission date:
2011-01-23 16:36:10 (UTC)
Current status:
queued (#78) queued analysing finished
Result:
1/ 43 (2.3%)

VT Community

goodware
Safety score: 63.1%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 -
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.23 -
Avast5 5.0.677.0 2011.01.23 -
AVG 10.0.0.1190 2011.01.23 -
BitDefender 7.2 2011.01.23 -
CAT-QuickHeal 11.00 2011.01.23 -
ClamAV 0.96.4.0 2011.01.23 -
Commtouch 5.2.11.5 2011.01.23 -
Comodo 7480 2011.01.23 -
DrWeb 5.0.2.03300 2011.01.23 -
Emsisoft 5.1.0.1 2011.01.23 -
eSafe 7.0.17.0 2011.01.23 Win32.TrojanHorse
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.23 -
Fortinet 4.2.254.0 2011.01.23 -
GData 21 2011.01.23 -
Ikarus T3.1.1.97.0 2011.01.23 -
Jiangmin 13.0.900 2011.01.23 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.23 -
McAfee 5.400.0.1158 2011.01.23 -
McAfee-GW-Edition 2010.1C 2011.01.23 -
Microsoft 1.6502 2011.01.23 -
NOD32 5811 2011.01.23 -
Norman 6.06.12 2011.01.23 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.23 -
PCTools 7.0.3.5 2011.01.23 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.23 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.23 -
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.23 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.23 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8167 2011.01.23 -
ViRobot 2011.1.22.4269 2011.01.23 -
VirusBuster 13.6.160.0 2011.01.23 -








File name:
explorer.exe
Submission date:
2011-01-23 16:36:15 (UTC)
Current status:
queued queued analysing finished
Result:
4/ 43 (9.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.01.18.00 2011.01.17 -
AntiVir 7.11.1.216 2011.01.21 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2011.01.18 -
Avast 4.8.1351.0 2011.01.23 -
Avast5 5.0.677.0 2011.01.23 -
AVG 10.0.0.1190 2011.01.23 -
BitDefender 7.2 2011.01.23 -
CAT-QuickHeal 11.00 2011.01.23 -
ClamAV 0.96.4.0 2011.01.23 -
Commtouch 5.2.11.5 2011.01.23 -
Comodo 7480 2011.01.23 -
DrWeb 5.0.2.03300 2011.01.23 -
Emsisoft 5.1.0.1 2011.01.23 Trojan.Patched!IK
eSafe 7.0.17.0 2011.01.23 -
eTrust-Vet 36.1.8115 2011.01.21 -
F-Prot 4.6.2.117 2011.01.22 -
F-Secure 9.0.16160.0 2011.01.23 -
Fortinet 4.2.254.0 2011.01.23 -
GData 21 2011.01.23 -
Ikarus T3.1.1.97.0 2011.01.23 Trojan.Patched
Jiangmin 13.0.900 2011.01.23 -
K7AntiVirus 9.77.3618 2011.01.22 -
Kaspersky 7.0.0.125 2011.01.23 -
McAfee 5.400.0.1158 2011.01.23 -
McAfee-GW-Edition 2010.1C 2011.01.23 -
Microsoft 1.6502 2011.01.23 -
NOD32 5811 2011.01.23 -
Norman 6.06.12 2011.01.23 -
nProtect 2011-01-18.01 2011.01.18 -
Panda 10.0.2.7 2011.01.23 -
PCTools 7.0.3.5 2011.01.23 -
Prevx 3.0 2011.01.23 -
Rising 23.41.05.03 2011.01.22 -
Sophos 4.61.0 2011.01.23 -
SUPERAntiSpyware 4.40.0.1006 2011.01.22 -
Symantec 20101.3.0.103 2011.01.23 Suspicious.Mystic
TheHacker 6.7.0.1.118 2011.01.21 -
TrendMicro 9.120.0.1004 2011.01.23 -
TrendMicro-HouseCall 9.120.0.1004 2011.01.23 -
VBA32 3.12.14.3 2011.01.21 -
VIPRE 8167 2011.01.23 -
ViRobot 2011.1.22.4269 2011.01.23 -
VirusBuster 13.6.160.0 2011.01.23 -

#15 pwgib

pwgib

  • Malware Response Team
  • 2,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:09:18 PM

Posted 23 January 2011 - 01:39 PM

Hi janell377,

Also I have noticed that the scanner seems to only find risks at night after 8pm. All through out the day symantec is fine and nothing pops up infected, but the past few nights is when this problem occurs.

Apparently this is a known conflict between your Entrust and Symantec programs.

What appears to be happening is that every time SEP detects a risk in a file and attempts to quarantine it TrueDelete copies the file before it is deleted and moves it to its temporary directory location. Symantec then sees that moved file as a new infection and generates another alert for it and then tries to move it to its own quarantine. Once started it keeps looping in this manner generating hundreds of alerts in an hour.I tried exempting the temporary directory that TrueDelete creates in %SYSTEM%\temp\etdeltmp but this action will not stop the alerts from coming in on a machine that is already stuck in the TrueDelete/SEP tug-of-war. To break the chain I have had to stop and disable the Entrust TrueDelete service.


http://www.symantec.com/connect/forums/entrust-truedelete-incompatibilty-sep-11


Step 1.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to Disable your Security Applications


    Note - If you have AVG or CA installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply please include the following:

ComboFix.txt



Thanks!!
PW




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users