Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with the google redirect virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 cdad

cdad

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 01 April 2011 - 12:47 AM

My search results get redirected to random sites. I have run a number of malware removals to fix it before joining this forum but none worked. It seems that the redirection is the only problem that I have and all other applications work fine in my laptop but it runs slower than usual. If i turn off my Symantec anti virus the speed goes back to normal. I have gone through the suggested preparation steps and followed the instructions


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sadabjou at 10:00:22.95 on Fri 01/04/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1526.564 [GMT 11:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Curtin University\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\mksnt\rexecd.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\mksnt\rshd.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\bin\snmptrapd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\bin\rlogind.exe
C:\WINDOWS\system32\telnetd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\sadabjou\Application Data\Cortex AutoLogon for Microsoft Outlook\AutoLogon.exe
C:\Program Files\Java\sdk\jdk\bin\javaw.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\sadabjou\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: DAP Bar: {62999427-33fc-4baf-9c9c-bce6bd127f08} - c:\program files\dap\DAPIEBar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NuTCSetupEnviron] c:\progra~1\common~1\mkstoo~1\bin\ncoeenv.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\cortex~1.lnk - c:\documents and settings\sadabjou\application data\cortex autologon for microsoft outlook\AutoLogon.exe
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\sdktra~1.lnk - c:\program files\java\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\skype.lnk - c:\windows\installer\{e633d396-5188-4e9d-8f6b-bfb8bf3467e8}\SkypeIcon.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\nutafun4.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229561697144
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229561632002
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Zone Hook: {24a42960-a7f8-11cf-8121-0020afb5213d} - c:\progra~1\vision\\system\zonehook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sadabjou\applic~1\mozilla\firefox\profiles\r8shwkqc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Download Accelerator Plus Integration: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 MKSAUTH;MKSAUTH;c:\windows\system32\mksauth.exe [2003-7-23 77824]
R2 MKSRlogind;MKS Rlogind;c:\progra~1\common~1\mkstoo~1\bin\rlogind.exe [2003-7-23 61440]
R2 MKSTelnetd;MKS Telnetd;c:\windows\system32\telnetd.exe [2003-7-23 94208]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-15 188736]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2003-7-23 306300]
R2 REXECD;REXECD;c:\progra~1\common~1\mkstoo~1\mksnt\rexecd.exe [2003-7-23 81920]
R2 RSHD;RSHD;c:\progra~1\common~1\mkstoo~1\mksnt\rshd.exe [2003-7-23 90112]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-6-25 2368]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~2\20110327.001\naveng.sys [2011-3-28 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~2\20110327.001\navex15.sys [2011-3-28 1360760]
S2 FLEXlm Service 1;FLEXlm Service 1;c:\program files\netmap analytics\netmap\bin\lmgrd.exe [2002-2-11 569344]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 MKSSecureSH;MKS Secure Shell Service;c:\progra~1\common~1\mkstoo~1\bin\secshd.exe [2003-7-23 352256]
S2 NetworkSearch;NetworkSearch;v:\src\wd\sadabjou\nws\jsl.exe [2010-2-4 49152]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 EraserUtilDrv10733;EraserUtilDrv10733;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10733.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10733.sys [?]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-25 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-25 121576]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-2-21 280344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-03-30 23:24:45 -------- d-----w- c:\docume~1\sadabjou\applic~1\Malwarebytes
2011-03-30 23:24:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 23:24:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-30 23:24:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 23:24:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 10:28:30 -------- d-----w- c:\docume~1\sadabjou\applic~1\SUPERAntiSpyware.com
2011-03-30 10:28:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-30 10:27:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-30 03:40:03 -------- d-----w- c:\program files\ESET
2011-03-29 06:06:28 388096 ----a-r- c:\docume~1\sadabjou\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-29 06:06:27 -------- d-----w- c:\program files\Trend Micro
2011-03-29 06:02:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-03-29 02:32:42 -------- d-----w- c:\program files\ProcessExplorer
2011-03-28 09:18:27 256 ----a-w- c:\documents and settings\sadabjou\pool.bin
2011-03-28 06:58:56 119296 --sha-r- c:\windows\system32\mciseq1.dll
2011-03-28 05:14:42 -------- d-----w- c:\docume~1\sadabjou\locals~1\applic~1\Sony
2011-03-17 04:40:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2011-03-17 04:38:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJMSetup
2011-03-17 04:38:27 -------- d-----w- c:\program files\common files\CANON
2011-03-17 04:36:44 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-03-17 04:36:44 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-03-17 04:36:44 -------- d-----w- c:\windows\system32\STRING
2011-03-17 04:28:47 -------- d-----w- c:\program files\Canon
2011-03-12 10:40:37 -------- d-----w- c:\docume~1\sadabjou\applic~1\PCDr
2011-03-12 02:45:00 1409 ----a-w- c:\windows\QTFont.for
2011-03-04 06:06:00 -------- d-----w- c:\docume~1\sadabjou\applic~1\yWorks
.
==================== Find3M ====================
.
2011-02-02 10:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 08:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-17 22:45:50 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-01-17 22:45:50 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
2002-11-03 03:52:10 983552 ----a-w- c:\program files\Client.exe
.
============= FINISH: 10:03:53.22 ===============

EDIT: Please be patient. There are over 250 unanswered topics in this forum at present and the current average wait time to receive help is 5-6 days. ~BP

Attached Files


Edited by Budapest, 04 April 2011 - 04:42 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:42 PM

Posted 06 April 2011 - 07:14 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:10:42 PM

Posted 06 April 2011 - 07:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.[list]
  • DDS.scr
  • DDS.pif
[*]Double cl

Best Regards,
oneof4.


#4 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 07 April 2011 - 02:09 AM

Hi
The original still exists.
I have the original Windows DVD available.

Latest DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sadabjou at 9:55:49.59 on Thu 07/04/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1526.544 [GMT 10:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Curtin University\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mksauth.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\mksnt\rexecd.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\mksnt\rshd.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\bin\snmptrapd.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\MKSTOO~1\bin\rlogind.exe
C:\WINDOWS\system32\telnetd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\sadabjou\Application Data\Cortex AutoLogon for Microsoft Outlook\AutoLogon.exe
C:\Program Files\Java\sdk\jdk\bin\javaw.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\sadabjou\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uSearch Bar = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NuTCSetupEnviron] c:\progra~1\common~1\mkstoo~1\bin\ncoeenv.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\cortex~1.lnk - c:\documents and settings\sadabjou\application data\cortex autologon for microsoft outlook\AutoLogon.exe
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\sdktra~1.lnk - c:\program files\java\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\sadabjou\startm~1\programs\startup\skype.lnk - c:\windows\installer\{e633d396-5188-4e9d-8f6b-bfb8bf3467e8}\SkypeIcon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\nutafun4.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229561697144
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229561632002
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Zone Hook: {24a42960-a7f8-11cf-8121-0020afb5213d} - c:\progra~1\vision\\system\zonehook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sadabjou\applic~1\mozilla\firefox\profiles\r8shwkqc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 MKSAUTH;MKSAUTH;c:\windows\system32\mksauth.exe [2003-7-23 77824]
R2 MKSRlogind;MKS Rlogind;c:\progra~1\common~1\mkstoo~1\bin\rlogind.exe [2003-7-23 61440]
R2 MKSTelnetd;MKS Telnetd;c:\windows\system32\telnetd.exe [2003-7-23 94208]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-15 188736]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2003-7-23 306300]
R2 REXECD;REXECD;c:\progra~1\common~1\mkstoo~1\mksnt\rexecd.exe [2003-7-23 81920]
R2 RSHD;RSHD;c:\progra~1\common~1\mkstoo~1\mksnt\rshd.exe [2003-7-23 90112]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-6-25 2368]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~2\20110327.001\naveng.sys [2011-3-28 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~2\20110327.001\navex15.sys [2011-3-28 1360760]
S2 FLEXlm Service 1;FLEXlm Service 1;c:\program files\netmap analytics\netmap\bin\lmgrd.exe [2002-2-11 569344]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 MKSSecureSH;MKS Secure Shell Service;c:\progra~1\common~1\mkstoo~1\bin\secshd.exe [2003-7-23 352256]
S2 NetworkSearch;NetworkSearch;v:\src\wd\sadabjou\nws\jsl.exe [2010-2-4 49152]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 EraserUtilDrv10733;EraserUtilDrv10733;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10733.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10733.sys [?]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-25 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-25 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-25 121576]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-2-21 280344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-03-30 23:24:45 -------- d-----w- c:\docume~1\sadabjou\applic~1\Malwarebytes
2011-03-30 23:24:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 23:24:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-30 23:24:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 23:24:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 10:28:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-30 03:40:03 -------- d-----w- c:\program files\ESET
2011-03-29 06:06:28 388096 ----a-r- c:\docume~1\sadabjou\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-29 06:06:27 -------- d-----w- c:\program files\Trend Micro
2011-03-29 06:02:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2011-03-29 02:32:42 -------- d-----w- c:\program files\ProcessExplorer
2011-03-28 09:18:27 256 ----a-w- c:\documents and settings\sadabjou\pool.bin
2011-03-28 06:58:56 119296 --sha-r- c:\windows\system32\mciseq1.dll
2011-03-28 05:14:42 -------- d-----w- c:\docume~1\sadabjou\locals~1\applic~1\Sony
2011-03-17 04:40:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2011-03-17 04:38:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\CanonIJMSetup
2011-03-17 04:38:27 -------- d-----w- c:\program files\common files\CANON
2011-03-17 04:36:44 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-03-17 04:36:44 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-03-17 04:36:44 -------- d-----w- c:\windows\system32\STRING
2011-03-17 04:28:47 -------- d-----w- c:\program files\Canon
2011-03-12 10:40:37 -------- d-----w- c:\docume~1\sadabjou\applic~1\PCDr
2011-03-12 02:45:00 1409 ----a-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
2011-02-02 10:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 08:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-17 22:45:50 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-01-17 22:45:50 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
2002-11-03 03:52:10 983552 ----a-w- c:\program files\Client.exe
.
============= FINISH: 9:58:36.05 ===============

Attached Files



#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 AM

Posted 08 April 2011 - 01:27 PM

Hi there,

My name is Casey and I will be helping you with your malware problems.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.




I have run a number of malware removals to fix it before joining this forum but none worked


Could you tell me the things you have run and, if you still have them, could you post the logs that were created?

In what browsers do the redirects occur, Firefox, Internet Explorer etc?

C:\Program Files\Curtin University\VPN Client\cvpnd.exe


Do you have to use this VPN to connect to the internet or this to connect to on-campus services?



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 April 2011 - 05:46 AM

Hi Casey. Thank you for helping me.

Could you tell me the things you have run and, if you still have them, could you post the logs that were created?

I have run a full scan of Symantec Anti virus, SUPERAntiSpyware and ESET OnlineScan. Sorry i did not keep the logs. I Still have the first two and can also run the online scan again.

Do you have to use this VPN to connect to the internet or this to connect to on-campus services?

I only use C:\Program Files\Curtin University\VPN Client\cvpnd.exe to connect to the network at my workplace from home. I have not used it in the last two months.

===================

OTL logfile created on: 9/04/2011 8:01:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sadabjou\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.48 Gb Total Space | 8.69 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Computer Name: NETMAP-LAPTOP25 | User Name: sadabjou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 19:56:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sadabjou\Desktop\OTL.exe
PRC - [2011/03/24 19:28:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/15 12:56:26 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/11 13:57:42 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\sdk\jdk\bin\javaw.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/02 14:04:48 | 000,106,496 | ---- | M] (Cortex) -- C:\Documents and Settings\sadabjou\Application Data\Cortex AutoLogon for Microsoft Outlook\AutoLogon.exe
PRC - [2007/07/25 15:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 15:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 15:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Curtin University\VPN Client\cvpnd.exe
PRC - [2006/03/24 18:33:58 | 000,081,920 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2005/06/23 18:27:36 | 000,085,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/06/23 18:27:30 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 08:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 08:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 08:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/07/23 19:56:30 | 000,102,400 | ---- | M] (DataFocus, Inc.) -- C:\Program Files\Common Files\MKS ToolkitOld\bin\snmptrapd.exe
PRC - [2003/07/23 19:33:42 | 000,061,440 | ---- | M] (DataFocus, Inc.) -- C:\Program Files\Common Files\MKS ToolkitOld\bin\rlogind.exe
PRC - [2003/07/23 19:32:58 | 000,094,208 | ---- | M] (DataFocus, Inc.) -- C:\WINDOWS\system32\telnetd.exe
PRC - [2003/07/23 18:32:32 | 000,306,300 | ---- | M] (DataFocus, Inc.) -- C:\WINDOWS\system32\nutsrv4.exe
PRC - [2003/07/23 17:04:48 | 000,077,824 | ---- | M] (Mortice Kern Systems Inc.) -- C:\WINDOWS\system32\mksauth.exe
PRC - [2003/07/23 16:43:00 | 000,090,112 | ---- | M] (Mortice Kern Systems Inc.) -- C:\Program Files\Common Files\MKS ToolkitOld\mksnt\rshd.exe
PRC - [2003/07/23 16:43:00 | 000,081,920 | ---- | M] (Mortice Kern Systems Inc.) -- C:\Program Files\Common Files\MKS ToolkitOld\mksnt\rexecd.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 19:56:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sadabjou\Desktop\OTL.exe
MOD - [2008/04/14 10:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (NetworkSearch)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2009/06/15 12:56:26 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/07/25 15:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/04/20 07:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Curtin University\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/03/24 18:33:58 | 000,081,920 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2005/06/23 18:27:30 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 18:27:28 | 001,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 18:27:18 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 08:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 08:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 08:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 11:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/07/23 19:56:30 | 000,102,400 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\Program Files\Common Files\MKS ToolkitOld\bin\snmptrapd.exe -- (SNMPTrapdService)
SRV - [2003/07/23 19:44:22 | 000,352,256 | ---- | M] (DataFocus, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\MKS ToolkitOld\bin\secshd.exe -- (MKSSecureSH)
SRV - [2003/07/23 19:33:42 | 000,061,440 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\Program Files\Common Files\MKS ToolkitOld\bin\rlogind.exe -- (MKSRlogind)
SRV - [2003/07/23 19:32:58 | 000,094,208 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\WINDOWS\system32\telnetd.exe -- (MKSTelnetd)
SRV - [2003/07/23 18:32:32 | 000,306,300 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\WINDOWS\system32\nutsrv4.exe -- (NuTCRACKERService)
SRV - [2003/07/23 17:04:48 | 000,077,824 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- C:\WINDOWS\system32\mksauth.exe -- (MKSAUTH)
SRV - [2003/07/23 16:43:00 | 000,090,112 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- C:\Program Files\Common Files\MKS ToolkitOld\mksnt\rshd.exe -- (RSHD)
SRV - [2003/07/23 16:43:00 | 000,081,920 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- C:\Program Files\Common Files\MKS ToolkitOld\mksnt\rexecd.exe -- (REXECD)
SRV - [2002/04/30 15:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\oracle\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)
SRV - [2002/02/11 12:49:32 | 000,569,344 | R--- | M] (GLOBEtrotter Software Inc.) [Auto | Stopped] -- C:\Program Files\NetMap Analytics\NetMap\bin\lmgrd.exe -- (FLEXlm Service 1)


========== Driver Services (SafeList) ==========

DRV - [2010/12/17 19:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110327.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 19:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110327.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/18 07:14:40 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys -- (EraserUtilDrvI10)
DRV - [2010/05/25 17:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 17:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 17:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/05/22 08:41:01 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/27 12:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/27 12:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/27 12:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/08/08 07:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/25 12:09:08 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/05/29 14:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/12/18 17:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/08/25 02:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/04/26 18:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/04/20 07:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 18:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 17:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/06/29 18:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/05/13 18:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 11:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 11:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/04 19:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 19:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/26 05:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3070213


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3070213
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3070213
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3070213
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3070213
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-861567501-2049760794-839522115-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com.au/hws/sb/dell-row/en/side.html?channel=au
IE - HKU\S-1-5-21-861567501-2049760794-839522115-1110\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-861567501-2049760794-839522115-1110\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 19:28:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 19:28:58 | 000,000,000 | ---D | M]

[2009/01/30 16:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sadabjou\Application Data\Mozilla\Extensions
[2011/04/09 19:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sadabjou\Application Data\Mozilla\Firefox\Profiles\r8shwkqc.default\extensions
[2011/04/09 19:54:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\sadabjou\Application Data\Mozilla\Firefox\Profiles\r8shwkqc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/07 17:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/11 09:29:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/22 08:30:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/06/11 09:28:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/30 14:52:32 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NuTCSetupEnviron] C:\Program Files\Common Files\MKS ToolkitOld\bin\ncoeenv.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\sadabjou\Start Menu\Programs\Startup\Cortex AutoLogon for Microsoft Outlook.lnk = C:\Documents and Settings\sadabjou\Application Data\Cortex AutoLogon for Microsoft Outlook\AutoLogon.exe (Cortex)
O4 - Startup: C:\Documents and Settings\sadabjou\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Program Files\Java\sdk\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\sadabjou\Start Menu\Programs\Startup\Skype.lnk = C:\WINDOWS\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2049760794-839522115-1110\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\nutafun4.dll (DataFocus, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\nutafun4.dll (DataFocus, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229561697144 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229561632002 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = netmap.com.au
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {24A42960-A7F8-11CF-8121-0020AFB5213D} - C:\PROGRA~1\Vision\\SYSTEM\zonehook.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{258898db-08a8-11e0-9aba-00188bb237ad}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell - "" = AutoRun
O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
O33 - MountPoints2\{b6d3d827-9249-11dc-96fa-00188bb237ad}\Shell\AutoRun\command - "" = re71.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 19:56:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sadabjou\Desktop\OTL.exe
[2011/04/09 15:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Desktop\New Folder (2)
[2011/03/31 09:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Application Data\Malwarebytes
[2011/03/31 09:24:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/31 09:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/31 09:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/31 09:24:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/31 09:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/30 20:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/30 15:50:41 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sadabjou\Desktop\tdsskiller.exe
[2011/03/30 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/29 16:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/29 16:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Start Menu\Programs\HiJackThis
[2011/03/29 16:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/03/29 12:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessExplorer
[2011/03/28 15:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Local Settings\Application Data\Sony
[2011/03/28 15:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2011/03/28 15:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/03/28 14:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Application Data\Sony
[2011/03/26 19:57:18 | 000,000,000 | ---D | C] -- C:\Data\GomPlayer
[2011/03/17 14:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD-LabelPrint
[2011/03/17 14:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2011/03/17 14:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/03/17 14:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011/03/17 14:37:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/03/17 14:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG5200 series
[2011/03/17 14:37:05 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011/03/17 14:36:44 | 000,340,992 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPPM.DLL
[2011/03/17 14:36:44 | 000,034,816 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMNPUI.DLL
[2011/03/17 14:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2011/03/17 14:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/03/12 21:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2011/03/12 20:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sadabjou\Application Data\PCDr
[2002/11/03 13:52:10 | 000,983,552 | ---- | C] (Mabnasoft Co.) -- C:\Program Files\Client.exe

========== Files - Modified Within 30 Days ==========

[2011/04/09 19:56:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sadabjou\Desktop\OTL.exe
[2011/04/09 14:41:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/04/09 00:16:31 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Lztmceexl.job
[2011/04/08 23:07:36 | 000,000,466 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/08 23:02:55 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\sadabjou\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/04/08 13:15:35 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\sadabjou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 10:38:31 | 000,001,728 | -H-- | M] () -- C:\Data\Default.rdp
[2011/04/07 17:00:17 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\sadabjou\tray.pid
[2011/04/07 16:58:55 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\sadabjou\Start Menu\Programs\Startup\Skype.lnk
[2011/04/07 16:58:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/07 16:51:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/07 16:50:43 | 1600,323,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 09:54:31 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\dds.htm
[2011/04/06 09:52:04 | 001,142,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/06 09:52:03 | 000,456,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/01 14:00:45 | 000,103,774 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\ Build Your System.pdf
[2011/04/01 14:00:45 | 000,006,210 | ---- | M] () -- C:\Documents and Settings\sadabjou\Application Data\PrimoPDFSet.xml
[2011/04/01 12:25:28 | 000,007,434 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\NETAUSP4539411.zip
[2011/03/31 09:24:26 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/30 16:27:27 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\dds.scr
[2011/03/30 15:50:48 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sadabjou\Desktop\tdsskiller.exe
[2011/03/30 15:37:16 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\rkill.exe
[2011/03/30 14:52:32 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/29 21:58:58 | 000,014,161 | ---- | M] () -- C:\Documents and Settings\sadabjou\_viminfo
[2011/03/28 19:21:16 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\sadabjou\pool.bin
[2011/03/28 16:58:56 | 000,119,296 | RHS- | M] () -- C:\WINDOWS\System32\mciseq1.dll
[2011/03/28 15:27:28 | 000,002,504 | ---- | M] () -- C:\Data\Register Vegas Pro.htm
[2011/03/24 16:26:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/20 16:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\sadabjou\Desktop\gmer.exe
[2011/03/17 13:36:13 | 000,002,466 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/03/15 11:06:01 | 000,020,779 | ---- | M] () -- C:\Data\U13-Promotion-Relegation.pdf
[2011/03/14 09:45:47 | 000,082,371 | ---- | M] () -- C:\Data\NRSFC Training Times 2011.pdf
[2011/03/12 12:45:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

========== Files Created - No Company Name ==========

[2011/04/07 09:54:31 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\dds.htm
[2011/04/01 14:00:39 | 000,103,774 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\ Build Your System.pdf
[2011/04/01 12:25:28 | 000,007,434 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\NETAUSP4539411.zip
[2011/03/31 09:24:26 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/31 09:05:00 | 1600,323,584 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/30 16:27:26 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\dds.scr
[2011/03/30 15:37:06 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\rkill.exe
[2011/03/30 14:52:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\drivers\Copy of hosts
[2011/03/30 13:49:27 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\sadabjou\Desktop\gmer.exe
[2011/03/29 13:58:01 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\sadabjou\tray.pid
[2011/03/28 19:18:27 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\sadabjou\pool.bin
[2011/03/28 16:58:57 | 000,000,306 | -HS- | C] () -- C:\WINDOWS\tasks\Lztmceexl.job
[2011/03/28 16:58:56 | 000,119,296 | RHS- | C] () -- C:\WINDOWS\System32\mciseq1.dll
[2011/03/28 15:27:28 | 000,002,504 | ---- | C] () -- C:\Data\Register Vegas Pro.htm
[2011/03/15 10:57:35 | 000,020,779 | ---- | C] () -- C:\Data\U13-Promotion-Relegation.pdf
[2011/03/12 12:45:00 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/03/12 12:45:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/01/21 08:20:54 | 000,000,190 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/01/31 14:22:51 | 000,000,148 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/01/31 14:22:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/01/31 14:22:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/01/31 14:22:27 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4050CDN.INI
[2010/01/31 14:22:26 | 000,000,466 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/31 14:22:26 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/01/31 14:22:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd405cdn.dat
[2010/01/31 14:22:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/01/31 14:22:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/01/31 14:22:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BAOCH06A.DAT
[2010/01/18 11:39:27 | 000,345,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/22 15:02:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/10/28 09:22:08 | 004,835,652 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/10/28 09:16:44 | 001,632,375 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/10/28 09:16:12 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/10/28 09:10:02 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/10/28 08:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/10/28 08:28:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/10/17 09:58:06 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/10/17 09:57:06 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/10/17 09:04:24 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/10/17 09:04:08 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/10/17 09:03:48 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/10/17 09:03:44 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/10/17 09:03:40 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/10/17 06:53:32 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/10/17 06:53:20 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/17 05:40:42 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/17 05:38:20 | 000,914,464 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/26 00:50:00 | 000,079,248 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/10 16:22:30 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MD_MicroDiffs.INI
[2009/09/10 16:22:29 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MD_MacroDiffs.INI
[2009/09/10 16:22:29 | 000,000,817 | ---- | C] () -- C:\WINDOWS\CFX.INI
[2009/09/10 16:10:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/09/10 16:10:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\WordCX.INI
[2009/09/10 16:10:29 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X16.DLL
[2009/08/12 06:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/07/22 12:49:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSGPAD.INI
[2009/05/20 21:04:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\spdifer_config.exe
[2009/03/26 09:17:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/30 16:07:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/23 15:01:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vservice.INI
[2009/01/21 16:59:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\uninst.dll
[2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/11 08:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/11 08:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/11 08:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/31 16:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 16:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/07 14:33:08 | 000,000,065 | ---- | C] () -- C:\WINDOWS\SuperPad.INI
[2008/11/07 14:14:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\MultiPad.INI
[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/11 22:19:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\sadabjou\Local Settings\Application Data\fusioncache.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/04/11 12:28:05 | 000,006,210 | ---- | C] () -- C:\Documents and Settings\sadabjou\Application Data\PrimoPDFSet.xml
[2008/04/11 12:28:04 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\sadabjou\Application Data\APUSet.xml
[2008/04/10 11:24:01 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\DVDRippper_sysquict.dat
[2008/02/18 12:00:22 | 000,000,441 | ---- | C] () -- C:\Program Files\temp.are
[2008/01/30 10:52:27 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/02 11:04:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/12/13 15:50:43 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2007/12/12 23:14:49 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2007/11/13 10:55:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/29 09:50:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007/10/13 19:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/12 12:32:36 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2007/09/04 15:00:44 | 000,000,099 | ---- | C] () -- C:\WINDOWS\phd2dll.INI
[2007/05/09 09:29:59 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\System32\cache#_v.sys
[2007/04/18 14:51:48 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/03/13 10:15:15 | 000,000,559 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to cmd.exe.lnk
[2007/03/09 08:39:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/25 00:20:10 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\sadabjou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/23 13:55:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/02/21 13:35:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/21 13:10:50 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/02/21 13:10:11 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/02/21 13:10:10 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/02/21 11:18:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/02/21 11:18:57 | 000,000,129 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/02/21 11:16:58 | 000,000,186 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/02/21 08:44:07 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\wpfb.dat
[2007/02/21 08:22:33 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2007/02/20 15:10:17 | 000,002,466 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/20 11:06:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/02/13 17:57:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/13 17:55:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/02/13 17:52:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/13 17:26:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/02/13 17:26:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/02/13 17:25:27 | 000,000,430 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/03 02:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2005/11/10 03:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/04/28 14:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 14:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/08/11 19:24:19 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,406,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 001,142,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,456,622 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/23 21:41:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\TKUninstall.exe
[2003/07/23 18:38:16 | 000,106,610 | ---- | C] () -- C:\WINDOWS\System32\nutsh4.DLL
[2003/05/10 08:36:30 | 000,151,744 | ---- | C] () -- C:\WINDOWS\System32\ir32.dll
[2001/07/31 02:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/03/15 21:30:20 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PathCopyEx.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >


OTL Extras logfile created on: 9/04/2011 8:01:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\sadabjou\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.48 Gb Total Space | 8.69 Gb Free Space | 12.51% Space Free | Partition Type: NTFS

Computer Name: NETMAP-LAPTOP25 | User Name: sadabjou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-861567501-2049760794-839522115-1110\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MKSkshhere] -- "C:\PROGRA~1\COMMON~1\MKSTOO~1\\mksnt\sh.exe" -L -N -d "%1" (Mortice Kern Systems Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\exceed.exe:*:Enabled:Hummingbird Exceed 2007 -- (Hummingbird Ltd.)
"C:\JBuilder7\bin\JBuilder.exe" = C:\JBuilder7\bin\JBuilder.exe:*:Enabled:JBuilder -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\java.exe" = C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\javaw.exe" = C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\freeXer\utils\start_freeXer.bat" = C:\Program Files\freeXer\utils\start_freeXer.bat:*:Enabled:start_freeXer.bat -- ()
"C:\Program Files\freeXer\cygwin\usr\X11R6\bin\XWin.exe" = C:\Program Files\freeXer\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin.exe -- ()
"\\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hppniprint01.exe" = \\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe
"\\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hpntwkexe.exe" = \\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe
"\\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hppnet01.exe" = \\Dell_gx280\C\Software\Printing\HP\all-in-one extracted\setup\hppnet01.exe:*:Enabled:HP Networked Printer Installer

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\java.exe" = C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\exceed.exe:*:Enabled:X Server for Windows 2000/XP/2003 -- (Hummingbird Ltd.)
"C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\javaw.exe" = C:\Program Files\NetMap Analytics\NetmapLite\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\JBuilder2008\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200709261752\agent_controller\bin\ACServer.exe" = C:\JBuilder2008\plugins\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200709261752\agent_controller\bin\ACServer.exe:*:Enabled:ACServer -- ()
"C:\JBuilder2008\JBuilder.exe" = C:\JBuilder2008\JBuilder.exe:*:Enabled:JBuilder -- ()
"C:\Program Files\freeXer\cygwin\usr\X11R6\bin\XWin.exe" = C:\Program Files\freeXer\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00AF758E-1D1A-44A5-9AD1-75EB8AF93D84}" = Decision Director Training V3.0
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{04DC9993-648E-4523-B2A4-75E05E12FB10}" = Hex Workshop v5.1
"{0619BED1-F1FC-4608-A7F2-340BA45E622E}" = NetMap NetworkSearch 1.5 Build 1
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E8AFF33-97B2-4924-A3C2-9FD59DD589E0}" = NFR Oct 2010
"{113AB4E5-2C84-11D6-87D0-005004AD32DA}" = NetMap
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1666FA7F-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 SDK, SE v1.4.1_01
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2B9FE2EC-97D2-46EE-A5A3-861FCDCC3B31}" = Brother HL-4050CDN
"{3248E093-5288-4CA9-B3AB-11A675FEA1F9}" = Symantec AntiVirus
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B03677A-DBB5-42C3-B74E-DB57110240C2}" = MKS Platform Components 8.x
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3D82B0C3-AAFA-400E-B2D1-46B7AD38AB8C}" = Hummingbird Exceed 2007
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007)
"{54075D71-6FE3-41CC-8334-E1DDDD5DBB5E}" = NFR Dec 2010
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX™ 1.2 SDK
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E8858EC-6B09-4939-99F2-5678073A0327}" = Microsoft Office Live Meeting 2005
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
"{6C08FEE6-0D11-4C07-9037-2CEB4FD01134}" = PathCopyEx
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8803FCD6-F5BA-475F-A71B-D83D8E31F251}" = Nitro PDF Professional
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{1D23C02C-7739-4213-87A6-2A7298DE3247}" =
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96144B91-CCDB-449B-B85B-6AB0553DC7C6}" = InstallShield Express
"{988D8C83-7B42-4F8D-9C4B-D7757B9F922E}" = Study Manager and Netmap Lite 4.2 Build 3
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CDE37C1-7573-48EB-BA72-0C1585888D24}" = PTranClient21
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A10A588F-C53D-4353-9710-03463281B9FC}" = MKS Toolkit 8.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry® Media Sync
"{A55220E6-0BE6-497F-B13A-005A0A783365}" = NFR March 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEF68ACB-1B00-4FCA-A33C-C26DBADD8C5B}" = Microsoft Office Live Meeting 2007
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7607C6B-4253-4CEA-B226-44A13FA54635}" = NetMap Presenter
"{DFDB6C6C-F882-4611-B2DC-B7C3DE206409}" = NetMap QuickLoad
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBDA688D-2CBE-4515-AF22-3005E6346968}" = NFR June 2010
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{EE35B247-F872-4FFD-BCD1-1970C7E86C84}" = GPS Image Tracker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ACT!" = ACT!
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"Chaoscope_is1" = Chaoscope 0.3.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Cortex AutoLogon for Microsoft Outlook_is1" = AutoLogon 7.1
"DataVision" = DataVision 1.2.0
"ESET Online Scanner" = ESET Online Scanner v3
"freeXer" = freeXer
"GIF Animator" = Microsoft GIF Animator
"GOM Player" = GOM Player
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.6" = GSview 4.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{113AB4E5-2C84-11D6-87D0-005004AD32DA}" = NetMap Analytics NetMap 6.0.36
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"JBuilder 2008" = JBuilder 2008
"JBuilder 7 Enterprise" = JBuilder 7 Enterprise
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.0
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ocean - Research Library_is1" = Ocean - Research Library
"OUTLOOKSTD" = Microsoft Office Outlook 2007
"Port_Detective_2.0" = Port Detective
"PrimoPDF4.0.1" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"PSPad editor_is1" = PSPad editor
"SearchAssist" = SearchAssist
"Source Edit_is1" = Source Edit 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"V" = V - The File Viewer
"Vim 6.1" = Vim 6.1 (self-installing)
"Visual SourceSafe 6.0" = Microsoft Visual SourceSafe 6.0
"vShare" = vShare Plugin
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XVision" = SCO XVision Eclipse

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-2049760794-839522115-1110\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DialogDemo" = DialogDemo
"Progress Monitor Demo" = Progress Monitor Demo
"TabbedPaneDemo" = TabbedPaneDemo
"TabComponentsDemo" = TabComponentsDemo
"Table Selection Demo Application" = Table Selection Demo Application
"TextFieldDemo" = TextFieldDemo
"yEd Graph Editor" = yEd Graph Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/04/2011 2:55:12 AM | Computer Name = NETMAP-LAPTOP25 | Source = STacSV | ID = 268435455
Description =

Error - 7/04/2011 2:55:42 AM | Computer Name = NETMAP-LAPTOP25 | Source = MKS Secure Shell Service | ID = 16852775
Description = secshd.exe: fatal: Privilege separation user mkssshd_NETMAP-LAPTOP25
does not exist

Error - 7/04/2011 2:56:02 AM | Computer Name = NETMAP-LAPTOP25 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DATA\SOHEIL\FOOTBALL\GDSFA ADMIN 2010\2010_PREMIERS_AND_CHAMPIONS.PDF>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/04/2011 2:56:09 AM | Computer Name = NETMAP-LAPTOP25 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SADABJOU\RECENT\NBO.JPG.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 7/04/2011 6:59:09 PM | Computer Name = NETMAP-LAPTOP25 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 7/04/2011 6:59:09 PM | Computer Name = NETMAP-LAPTOP25 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007003a). The specified server cannot perform the requested
operation. Enrollment will not be performed.

Error - 7/04/2011 6:59:11 PM | Computer Name = NETMAP-LAPTOP25 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
is unavailable. ). Group Policy processing aborted.

Error - 8/04/2011 8:27:02 AM | Computer Name = NETMAP-LAPTOP25 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/04/2011 3:11:59 PM | Computer Name = NETMAP-LAPTOP25 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/04/2011 11:12:00 PM | Computer Name = NETMAP-LAPTOP25 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 21/04/2010 11:49:48 AM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 1351
seconds with 720 seconds of active time. This session ended with a crash.

Error - 21/04/2010 3:31:50 PM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 549
seconds with 300 seconds of active time. This session ended with a crash.

Error - 29/04/2010 2:10:16 PM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 177274
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 2/08/2010 11:13:55 PM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 14547
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 6/09/2010 7:36:10 PM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 207704
seconds with 5100 seconds of active time. This session ended with a crash.

Error - 27/09/2010 10:21:03 PM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 51532
seconds with 780 seconds of active time. This session ended with a crash.

Error - 26/01/2011 7:50:23 AM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 35243
seconds with 360 seconds of active time. This session ended with a crash.

Error - 21/02/2011 8:35:03 AM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 198110
seconds with 4980 seconds of active time. This session ended with a crash.

Error - 21/02/2011 8:36:49 AM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/04/2011 2:36:40 AM | Computer Name = NETMAP-LAPTOP25 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/04/2011 3:05:19 PM | Computer Name = NETMAP-LAPTOP25 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0019D24EEF16. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 8/04/2011 3:05:25 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/04/2011 3:20:28 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/04/2011 3:50:28 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 8/04/2011 4:50:28 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 8/04/2011 6:50:33 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 8/04/2011 10:50:31 PM | Computer Name = NETMAP-LAPTOP25 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 9/04/2011 12:38:02 AM | Computer Name = NETMAP-LAPTOP25 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NETMAP due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 9/04/2011 1:09:49 AM | Computer Name = NETMAP-LAPTOP25 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/04/2011 5:19:50 AM | Computer Name = NETMAP-LAPTOP25 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NETMAP due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >


2011/04/09 20:32:11.0437 3572 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 20:32:13.0265 3572 ================================================================================
2011/04/09 20:32:13.0265 3572 SystemInfo:
2011/04/09 20:32:13.0265 3572
2011/04/09 20:32:13.0265 3572 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/09 20:32:13.0265 3572 Product type: Workstation
2011/04/09 20:32:13.0265 3572 ComputerName: NETMAP-LAPTOP25
2011/04/09 20:32:13.0265 3572 UserName: sadabjou
2011/04/09 20:32:13.0265 3572 Windows directory: C:\WINDOWS
2011/04/09 20:32:13.0265 3572 System windows directory: C:\WINDOWS
2011/04/09 20:32:13.0265 3572 Processor architecture: Intel x86
2011/04/09 20:32:13.0265 3572 Number of processors: 2
2011/04/09 20:32:13.0265 3572 Page size: 0x1000
2011/04/09 20:32:13.0265 3572 Boot type: Normal boot
2011/04/09 20:32:13.0265 3572 ================================================================================
2011/04/09 20:32:13.0875 3572 Initialize success
2011/04/09 20:40:43.0953 4940 ================================================================================
2011/04/09 20:40:43.0953 4940 Scan started
2011/04/09 20:40:43.0953 4940 Mode: Manual;
2011/04/09 20:40:43.0953 4940 ================================================================================
2011/04/09 20:40:47.0796 4940 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/09 20:40:48.0531 4940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/09 20:40:49.0250 4940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/09 20:40:49.0718 4940 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/09 20:40:50.0468 4940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/09 20:40:51.0203 4940 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/09 20:40:51.0718 4940 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/09 20:40:52.0390 4940 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/09 20:40:52.0828 4940 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/09 20:40:53.0468 4940 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/09 20:40:53.0984 4940 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/09 20:40:54.0718 4940 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/09 20:40:55.0484 4940 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/09 20:40:56.0000 4940 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/09 20:40:56.0640 4940 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/09 20:40:57.0281 4940 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/09 20:40:57.0718 4940 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/04/09 20:40:58.0484 4940 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/09 20:40:58.0906 4940 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/09 20:40:59.0578 4940 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/09 20:41:00.0000 4940 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/09 20:41:00.0687 4940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/09 20:41:01.0453 4940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/09 20:41:02.0296 4940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/09 20:41:02.0718 4940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/09 20:41:03.0171 4940 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/04/09 20:41:03.0593 4940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/09 20:41:04.0046 4940 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/09 20:41:04.0500 4940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/09 20:41:05.0031 4940 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/09 20:41:05.0781 4940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/09 20:41:06.0250 4940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/09 20:41:06.0750 4940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/09 20:41:07.0593 4940 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/09 20:41:08.0062 4940 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/09 20:41:08.0484 4940 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/09 20:41:08.0937 4940 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/09 20:41:09.0390 4940 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/09 20:41:10.0031 4940 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/09 20:41:10.0593 4940 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/09 20:41:11.0078 4940 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/09 20:41:11.0593 4940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/09 20:41:12.0046 4940 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/04/09 20:41:12.0484 4940 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/04/09 20:41:12.0859 4940 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/04/09 20:41:13.0296 4940 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/04/09 20:41:13.0687 4940 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/04/09 20:41:14.0109 4940 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/04/09 20:41:14.0546 4940 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/04/09 20:41:15.0093 4940 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/04/09 20:41:15.0656 4940 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/04/09 20:41:16.0578 4940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/09 20:41:17.0421 4940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/09 20:41:17.0953 4940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/09 20:41:18.0406 4940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/09 20:41:18.0906 4940 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/09 20:41:19.0421 4940 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/09 20:41:19.0859 4940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/09 20:41:20.0375 4940 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/04/09 20:41:20.0875 4940 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/04/09 20:41:21.0046 4940 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/04/09 20:41:21.0625 4940 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/09 20:41:21.0984 4940 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/09 20:41:22.0421 4940 EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
2011/04/09 20:41:23.0046 4940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/09 20:41:23.0562 4940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/09 20:41:24.0015 4940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/09 20:41:24.0453 4940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/09 20:41:25.0015 4940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/09 20:41:25.0687 4940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/09 20:41:26.0234 4940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/09 20:41:26.0781 4940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/09 20:41:27.0312 4940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/09 20:41:27.0734 4940 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/09 20:41:28.0156 4940 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/09 20:41:29.0109 4940 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/04/09 20:41:30.0062 4940 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/04/09 20:41:30.0625 4940 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/09 20:41:31.0171 4940 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/09 20:41:31.0625 4940 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/09 20:41:32.0140 4940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/09 20:41:33.0312 4940 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/09 20:41:34.0531 4940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/09 20:41:35.0015 4940 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/09 20:41:35.0453 4940 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/09 20:41:35.0921 4940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/09 20:41:36.0406 4940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/09 20:41:36.0843 4940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/09 20:41:37.0328 4940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/09 20:41:37.0843 4940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/09 20:41:38.0312 4940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/09 20:41:38.0796 4940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/09 20:41:39.0328 4940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/09 20:41:39.0828 4940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/09 20:41:40.0359 4940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/09 20:41:41.0015 4940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/09 20:41:41.0609 4940 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/09 20:41:42.0531 4940 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/09 20:41:43.0031 4940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/09 20:41:43.0500 4940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/09 20:41:43.0921 4940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/09 20:41:44.0343 4940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/09 20:41:44.0843 4940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/09 20:41:45.0281 4940 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/09 20:41:45.0828 4940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/09 20:41:46.0625 4940 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/09 20:41:47.0312 4940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/09 20:41:47.0750 4940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/09 20:41:48.0203 4940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/09 20:41:48.0609 4940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/09 20:41:49.0062 4940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/09 20:41:49.0578 4940 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/09 20:41:49.0937 4940 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~2\20110327.001\naveng.sys
2011/04/09 20:41:51.0015 4940 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~2\20110327.001\navex15.sys
2011/04/09 20:41:51.0687 4940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/09 20:41:52.0234 4940 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/09 20:41:52.0687 4940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/09 20:41:53.0171 4940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/09 20:41:53.0593 4940 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/09 20:41:54.0046 4940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/09 20:41:54.0546 4940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/09 20:41:56.0281 4940 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/04/09 20:41:57.0796 4940 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/09 20:41:58.0296 4940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/09 20:41:59.0046 4940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/09 20:41:59.0765 4940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/09 20:42:01.0203 4940 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/09 20:42:02.0593 4940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/09 20:42:03.0046 4940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/09 20:42:03.0500 4940 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/09 20:42:04.0000 4940 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2011/04/09 20:42:04.0484 4940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/09 20:42:04.0953 4940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/09 20:42:05.0578 4940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/09 20:42:06.0156 4940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/09 20:42:07.0046 4940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/09 20:42:07.0531 4940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/09 20:42:09.0562 4940 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/09 20:42:09.0968 4940 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/09 20:42:10.0468 4940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/09 20:42:10.0921 4940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/09 20:42:11.0359 4940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/09 20:42:11.0937 4940 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/09 20:42:12.0406 4940 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/09 20:42:12.0828 4940 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/09 20:42:13.0265 4940 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/09 20:42:13.0703 4940 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/09 20:42:14.0250 4940 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/09 20:42:14.0687 4940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/09 20:42:15.0125 4940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/09 20:42:15.0562 4940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/09 20:42:16.0000 4940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/09 20:42:16.0515 4940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/09 20:42:17.0156 4940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/09 20:42:17.0703 4940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/09 20:42:18.0250 4940 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/09 20:42:18.0718 4940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/09 20:42:19.0203 4940 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/04/09 20:42:19.0625 4940 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/04/09 20:42:20.0125 4940 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/04/09 20:42:20.0828 4940 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/04/09 20:42:21.0484 4940 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/04/09 20:42:22.0000 4940 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/04/09 20:42:22.0609 4940 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
2011/04/09 20:42:23.0125 4940 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/09 20:42:23.0453 4940 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/04/09 20:42:23.0656 4940 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/04/09 20:42:24.0218 4940 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/09 20:42:24.0656 4940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/09 20:42:25.0078 4940 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/09 20:42:25.0546 4940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/09 20:42:26.0015 4940 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/04/09 20:42:26.0500 4940 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/04/09 20:42:26.0937 4940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/09 20:42:27.0796 4940 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/09 20:42:28.0281 4940 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/09 20:42:28.0593 4940 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/09 20:42:29.0250 4940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/09 20:42:29.0781 4940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/09 20:42:30.0453 4940 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/09 20:42:31.0140 4940 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
2011/04/09 20:42:31.0671 4940 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
2011/04/09 20:42:32.0171 4940 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
2011/04/09 20:42:32.0703 4940 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/04/09 20:42:33.0140 4940 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/04/09 20:42:33.0718 4940 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/04/09 20:42:34.0796 4940 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/09 20:42:36.0062 4940 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys
2011/04/09 20:42:36.0531 4940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/09 20:42:37.0000 4940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/09 20:42:37.0468 4940 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/09 20:42:37.0890 4940 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/09 20:42:38.0062 4940 SymEvent (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
2011/04/09 20:42:38.0640 4940 SYMREDRV (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/09 20:42:39.0203 4940 SYMTDI (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/09 20:42:39.0656 4940 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/09 20:42:40.0078 4940 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/09 20:42:40.0671 4940 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/09 20:42:41.0156 4940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/09 20:42:41.0796 4940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/09 20:42:42.0296 4940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/09 20:42:42.0765 4940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/09 20:42:43.0218 4940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/09 20:42:43.0656 4940 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/09 20:42:44.0140 4940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/09 20:42:44.0625 4940 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/09 20:42:45.0250 4940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/09 20:42:46.0062 4940 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/09 20:42:46.0593 4940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/09 20:42:47.0046 4940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/09 20:42:47.0593 4940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/09 20:42:48.0031 4940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/09 20:42:48.0500 4940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/09 20:42:48.0937 4940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/09 20:42:49.0406 4940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/09 20:42:49.0906 4940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/09 20:42:50.0375 4940 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/09 20:42:50.0812 4940 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/09 20:42:51.0265 4940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/09 20:42:51.0906 4940 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/04/09 20:42:53.0296 4940 w39n51 (95c7421f8bafc85ba09d33364058937d) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/04/09 20:42:54.0390 4940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/09 20:42:55.0328 4940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/09 20:42:56.0296 4940 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/04/09 20:42:57.0062 4940 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/09 20:42:57.0531 4940 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/09 20:42:58.0031 4940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/09 20:42:58.0531 4940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/09 20:42:58.0609 4940 ================================================================================
2011/04/09 20:42:58.0609 4940 Scan finished
2011/04/09 20:42:58.0609 4940 ================================================================================

Edited by cdad, 09 April 2011 - 05:48 AM.


#7 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 April 2011 - 07:11 AM

I just tried to see what browsers i have the problem in and it seems that neither FireFOx nor Internet Explorer redirect links anymore. I don't have any other browsers installed.

Last time I had tested this was about 36 hours ago with FireFox.

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 AM

Posted 09 April 2011 - 10:17 AM

Hi,


Please visit the online Jotti Virus Scanner Posted Image<--link
  • Browse to the following filepath:

    C:\PROGRA~1\Vision\\SYSTEM\zonehook.dll
    C:\Program Files\Client.exe

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.
  • Repeat this process for all files listed above


We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O33 - MountPoints2\{258898db-08a8-11e0-9aba-00188bb237ad}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
    O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell - "" = AutoRun
    O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\Auto\command - "" = infrom.exe
    O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
    O33 - MountPoints2\{b6d3d827-9249-11dc-96fa-00188bb237ad}\Shell\AutoRun\command - "" = re71.exe
    [2011/04/09 00:16:31 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Lztmceexl.job
    [2011/04/08 13:15:35 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\sadabjou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
    [REBOOT]
    [CREATERESTOREPOINT]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 April 2011 - 07:57 AM

Filename: zonehook.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 10 Apr 2011 14:48:07 (CET) Permalink

[ArcaVir]
2011-04-10 Found nothing
[F-Secure Anti-Virus]
2011-04-10 Found nothing
[Avast! antivirus]
2011-04-10 Found nothing
[G DATA]
2011-04-10 Found nothing
[Grisoft AVG Anti-Virus]
2011-04-10 Found nothing
[Ikarus]
2011-04-10 Found nothing
[Avira AntiVir]
2011-04-08 Found nothing
[Kaspersky Anti-Virus]
2011-04-10 Found nothing
[Softwin BitDefender]
2011-04-10 Found nothing
[ESET NOD32]
2011-04-10 Found nothing
[ClamAV]
2011-04-10 Found nothing
[Panda Antivirus]
2011-04-10 Found nothing
[CPsecure]
2011-04-10 Found nothing
[Quick Heal]
2011-04-10 Found nothing
[Dr.Web]
2011-04-10 Found nothing
[Sophos]
2011-04-10 Found nothing
[Emsisoft Anti-Malware]
2011-04-10 Found nothing
[VirusBlokAda VBA32]
2011-04-08 Found nothing
[Frisk F-Prot Antivirus]
2011-04-09 Found nothing
[VirusBuster]
2011-04-09 Found nothing



Filename: Client.exe
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 10 Apr 2011 14:42:48 (CET) Permalink

[ArcaVir]
2011-04-10 Found nothing
[F-Secure Anti-Virus]
2011-04-10 Found nothing
[Avast! antivirus]
2011-04-10 Found nothing
[G DATA]
2011-04-10 Found nothing
[Grisoft AVG Anti-Virus]
2011-04-10 Found nothing
[Ikarus]
2011-04-10 Found nothing
[Avira AntiVir]
2011-04-08 Found nothing
[Kaspersky Anti-Virus]
2011-04-10 Found nothing
[Softwin BitDefender]
2011-04-10 Found nothing
[ESET NOD32]
2011-04-09 Found nothing
[ClamAV]
2011-04-10 Found nothing
[Panda Antivirus]
2011-04-10 Found nothing
[CPsecure]
2011-04-10 Found nothing
[Quick Heal]
2011-04-10 Found nothing
[Dr.Web]
2011-04-10 Found nothing
[Sophos]
2011-04-10 Found nothing
[Emsisoft Anti-Malware]
2011-04-10 Found nothing
[VirusBlokAda VBA32]
2011-04-08 Found nothing
[Frisk F-Prot Antivirus]
2011-04-09 Found nothing
[VirusBuster]
2011-04-09 Found nothing



========== OTL ==========
Prefs.js: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{258898db-08a8-11e0-9aba-00188bb237ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{258898db-08a8-11e0-9aba-00188bb237ad}\ not found.
File G:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45a7d8ea-2e5e-11de-9934-00188bb237ad}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dac1948-7c99-11dd-9841-00188bb237ad}\ not found.
File infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dac1948-7c99-11dd-9841-00188bb237ad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dac1948-7c99-11dd-9841-00188bb237ad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dac1948-7c99-11dd-9841-00188bb237ad}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d3d827-9249-11dc-96fa-00188bb237ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6d3d827-9249-11dc-96fa-00188bb237ad}\ not found.
File re71.exe not found.
C:\WINDOWS\tasks\Lztmceexl.job moved successfully.
C:\Documents and Settings\sadabjou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.
File BOOT] not found.
File EATERESTOREPOINT] not found.

OTL by OldTimer - Version 3.2.22.3 log created on 04102011_225333

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 AM

Posted 10 April 2011 - 08:05 AM

OK great, and how is the PC running? Have you noticed any redirects recently?

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 April 2011 - 08:10 AM

No redirection since a couple of days ago. The PC is running normal.

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 AM

Posted 10 April 2011 - 08:29 AM

Hmm. It may be that one of the scans you ran was able to deal with the issue. Can you remember if this may have been the case?

Is there an option you can find in Symantec Anti Virus for viewing old scan logs?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 April 2011 - 08:43 AM

I'm puzzled on how it got cleaned too. The last virus symantec cleaned was almost two weeks ago.

Posted Image

Edited by cdad, 10 April 2011 - 08:43 AM.


#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:42 AM

Posted 10 April 2011 - 09:12 AM

OK, neither of the files in that screenshot would cause redirects. Let's just give one more tool a run to see if it picks anything up.

Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

Edited by Casey_boy, 10 April 2011 - 09:12 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 cdad

cdad
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 April 2011 - 06:37 PM

I noticed some unusual changes after running ComboFix

- A random pic was selected as the wall paper for my screen! I had no wallpaper before this.
- The default browser changed from FireFox to IE


ComboFix 11-04-09.01 - sadabjou 11/04/2011 0:43.1.2 - x86
Running from: c:\documents and settings\sadabjou\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\sadabjou\GoToAssistDownloadHelper.exe
c:\program files\client.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FCI
-------\Legacy_PROTECT
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-10 12:53 . 2011-04-10 12:53 -------- d-----w- C:\_OTL
2011-03-30 23:24 . 2011-03-30 23:24 -------- d-----w- c:\documents and settings\sadabjou\Application Data\Malwarebytes
2011-03-30 23:24 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 23:24 . 2011-03-30 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-30 23:24 . 2011-03-30 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 23:24 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 10:28 . 2011-03-30 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-30 03:40 . 2011-03-30 03:40 -------- d-----w- c:\program files\ESET
2011-03-29 06:06 . 2011-03-29 06:06 388096 ----a-r- c:\documents and settings\sadabjou\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-29 06:06 . 2011-03-29 06:06 -------- d-----w- c:\program files\Trend Micro
2011-03-29 06:02 . 2011-03-29 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-03-29 02:32 . 2011-03-29 11:58 -------- d-----w- c:\program files\ProcessExplorer
2011-03-28 09:18 . 2011-03-28 09:21 256 ----a-w- c:\documents and settings\sadabjou\pool.bin
2011-03-28 06:58 . 2011-03-28 06:58 119296 --sha-r- c:\windows\system32\mciseq1.dll
2011-03-28 05:14 . 2011-03-28 05:14 -------- d-----w- c:\documents and settings\sadabjou\Local Settings\Application Data\Sony
2011-03-28 05:06 . 2011-03-28 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2011-03-28 04:58 . 2011-03-28 05:14 -------- d-----w- c:\documents and settings\sadabjou\Application Data\Sony
2011-03-17 04:40 . 2011-03-17 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2011-03-17 04:38 . 2011-03-17 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup
2011-03-17 04:38 . 2011-03-17 04:38 -------- d-----w- c:\program files\Common Files\CANON
2011-03-17 04:37 . 2011-03-17 04:37 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-03-17 04:36 . 2011-03-17 04:36 -------- d-----w- c:\windows\system32\STRING
2011-03-17 04:36 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-03-17 04:36 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-03-17 04:28 . 2011-03-17 04:44 -------- d-----w- c:\program files\Canon
2011-03-12 10:40 . 2011-03-12 10:40 -------- d-----w- c:\documents and settings\sadabjou\Application Data\PCDr
2011-03-12 02:45 . 2011-03-12 02:45 1409 ----a-w- c:\windows\QTFont.for
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 10:40 . 2010-06-10 23:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 08:19 . 2007-09-03 02:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-17 22:45 . 2010-09-01 04:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2011-01-17 22:45 . 2010-09-01 04:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"NuTCSetupEnviron"="c:\progra~1\COMMON~1\MKSTOO~1\bin\ncoeenv.exe" [2003-07-23 20849]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-01 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-06-23 85696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-20 206064]
.
c:\documents and settings\sadabjou\Start Menu\Programs\Startup\
Cortex AutoLogon for Microsoft Outlook.lnk - c:\documents and settings\sadabjou\Application Data\Cortex AutoLogon for Microsoft Outlook\AutoLogon.exe [2009-6-12 106496]
SDK Tray Menu.lnk - c:\program files\Java\sdk\jdk\bin\javaw.exe [2008-12-11 139264]
Skype.lnk - c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe [2011-2-14 371272]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{24A42960-A7F8-11CF-8121-0020AFB5213D}"= "c:\progra~1\Vision\\SYSTEM\zonehook.dll" [2000-07-04 36864]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\NetMap Analytics\\NetmapLite\\jre\\bin\\java.exe"=
"c:\\Program Files\\Hummingbird\\Connectivity\\12.00\\Exceed\\exceed.exe"=
"c:\\Program Files\\NetMap Analytics\\NetmapLite\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\JBuilder2008\\plugins\\org.eclipse.tptp.platform.ac.win_ia32_4.4.1.v200709261752\\agent_controller\\bin\\ACServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\JBuilder2008\\JBuilder.exe"=
"c:\\Program Files\\freeXer\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R2 MKSAUTH;MKSAUTH;c:\windows\system32\mksauth.exe [23/07/2003 5:04 PM 77824]
R2 MKSRlogind;MKS Rlogind;c:\progra~1\COMMON~1\MKSTOO~1\bin\rlogind.exe [23/07/2003 7:33 PM 61440]
R2 MKSTelnetd;MKS Telnetd;c:\windows\system32\telnetd.exe [23/07/2003 7:32 PM 94208]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/06/2009 12:56 PM 188736]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [23/07/2003 6:32 PM 306300]
R2 REXECD;REXECD;c:\progra~1\COMMON~1\MKSTOO~1\mksnt\rexecd.exe [23/07/2003 4:43 PM 81920]
R2 RSHD;RSHD;c:\progra~1\COMMON~1\MKSTOO~1\mksnt\rshd.exe [23/07/2003 4:43 PM 90112]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [23/06/2005 6:27 PM 124608]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25/06/2007 12:09 PM 2368]
R3 EraserUtilDrvI10;EraserUtilDrvI10;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [28/03/2011 10:18 PM 102448]
S2 FLEXlm Service 1;FLEXlm Service 1;c:\program files\NetMap Analytics\NetMap\bin\lmgrd.exe [11/02/2002 12:49 PM 569344]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 MKSSecureSH;MKS Secure Shell Service;c:\progra~1\COMMON~1\MKSTOO~1\bin\secshd.exe [23/07/2003 7:44 PM 352256]
S2 NetworkSearch;NetworkSearch;v:\src\WD\sAdabjou\NWS\jsl.exe --> v:\src\WD\sAdabjou\NWS\jsl.exe [?]
S3 EraserUtilDrv10733;EraserUtilDrv10733;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys [?]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [25/01/2011 9:18 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [25/01/2011 9:18 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [25/01/2011 9:18 PM 121576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [31/03/2009 6:44 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 2:23 AM 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
LSP: %SystemRoot%\system32\nutafun4.dll
FF - ProfilePath - c:\documents and settings\sadabjou\Application Data\Mozilla\Firefox\Profiles\r8shwkqc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-11 01:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2384)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Hummingbird\Connectivity\12.00\Hummingbird Neighborhood\heshell.dll
c:\progra~1\Vision\system\rifxx.dll
c:\progra~1\COMMON~1\Vision\vwmuapi.dll
c:\program files\Hummingbird\Connectivity\12.00\Hummingbird Neighborhood\hncomlib.dll
c:\program files\Hummingbird\Connectivity\12.00\Hummingbird Neighborhood\humprdfw.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Curtin University\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\oracle\ora92\bin\omtsreco.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\progra~1\COMMON~1\MKSTOO~1\bin\snmptrapd.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\stacsv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-04-11 01:25:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-10 15:25
.
Pre-Run: 9,701,642,240 bytes free
Post-Run: 9,486,741,504 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D8D5EB92091C530E27246731CDE7652D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users