Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Variant of TDL3 Rootkit


  • This topic is locked This topic is locked
19 replies to this topic

#1 MARS-atp

MARS-atp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 26 April 2011 - 03:03 PM

Tried to follow instructions for Kaspersky Rootkit removal. Was able to download & rename, but when run it would only initalize to 80% then stop & close with generic "... has encountered a problem and needs to close" So here is dds.txt and attach.txt. Would not allow me to post gmer log as the file was to large. Not sure if i should split it down or not???




.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sales Desk 1 at 10:47:25.14 on Tue 04/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.768 [GMT -4:00]
.
AV: Panda Antivirus Pro 2011 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\ComSearch\ComSearch Live\ComSearchTicker.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\car-part\CPKeySrv.exe
C:\Program Files\CallerID.com\ELPopup\ELPopup.exe
C:\Program Files\Platinum Parts F-Key Connection\PlatinumFKey.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sales Desk 1\Desktop\Defogger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sales Desk 1\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ohio.com/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [TickerApp] c:\program files\comsearch\comsearch live\ComSearchTicker.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2011\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\docume~1\salesd~1\startm~1\programs\startup\icpm.lnk - c:\windows\system32\javaw.exe
StartupFolder: c:\docume~1\salesd~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\car-pa~1.lnk - c:\car-part\CPKeySrv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\elpopup.lnk - c:\program files\callerid.com\elpopup\ELPopup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\platin~1.lnk - c:\program files\platinum parts f-key connection\PlatinumFKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://192.168.1.205/DVRemoteAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {543945EF-C6D1-41F9-A735-C949B69394AD} = 208.67.222.222,208.67.220.220
Notify: avldr - avldr.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 192.168.1.211 mars pinpro mars.actual-america.com
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-11-15 26696]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-3-10 24064]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-11-15 37896]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-15 59080]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\sales desk 1\local settings\application data\crossloop\CrossLoopService.exe [2010-3-22 560880]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2011\PsCtrlS.exe [2010-11-15 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2011\PavFnSvr.exe [2010-11-15 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-11-15 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-11-15 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2011\pavsrvx86.exe [2010-11-15 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2011\psksvc.exe [2010-11-15 28992]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-3-10 2066968]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-3-10 166568]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\sales desk 1\local settings\application data\crossloop\tvnserver.exe [2011-4-20 814080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== File Associations ===============
.
JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2011-04-25 20:57:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-25 20:49:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 20:48:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-20 17:25:33 -------- d-----w- c:\docume~1\salesd~1\applic~1\Malwarebytes
2011-04-20 17:25:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 17:25:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-20 17:25:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 17:25:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 17:08:36 -------- d-----w- c:\docume~1\salesd~1\applic~1\Sammsoft
2011-04-16 07:05:51 -------- d-----w- c:\windows\ServicePackFiles
2011-03-30 13:33:01 -------- d-----w- c:\docume~1\salesd~1\applic~1\DVRemote
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 10:58:32.48 ===============

I need help with this redirect virus....please!!!

EDIT: Please be patient. There are over 440 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Attached Files


Edited by Budapest, 27 April 2011 - 04:01 PM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 03 May 2011 - 07:51 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 04 May 2011 - 08:53 AM

THANK YOU FOR YOUR RESPONSE AND YOUR HELP! As i stated in my origianl post, Hitman 3.5 has detected a possible variant of the tdl3 rootkit. It causes internet explorer to redirect on launch and sometimes it will freeze up on launch altogether. It also causes redirects of most search engine requests. Often taking to other generic search engine sites or audio ads. I tried running the kasperky (spell?) rootkit remover. It downloaded fine, I renamed it, but when i go to run it, it tries to initialize, but only makes it to 80% before stoping and telling me it encountered a problem and needs to close. I have posted my dds scan logs, However, my gmer scan is too large a file to attach? I can try and paste it to this reply, but not sure if that is gonna work either?




.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sales Desk 1 at 9:12:04.70 on Wed 05/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.681 [GMT -4:00]
.
AV: Panda Antivirus Pro 2011 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2011\WebProxy.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\ComSearch\ComSearch Live\ComSearchTicker.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\car-part\CPKeySrv.exe
C:\Program Files\CallerID.com\ELPopup\ELPopup.exe
C:\Program Files\Platinum Parts F-Key Connection\PlatinumFKey.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sales Desk 1\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ohio.com/
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [TickerApp] c:\program files\comsearch\comsearch live\ComSearchTicker.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2011\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\docume~1\salesd~1\startm~1\programs\startup\icpm.lnk - c:\windows\system32\javaw.exe
StartupFolder: c:\docume~1\salesd~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\car-pa~1.lnk - c:\car-part\CPKeySrv.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\elpopup.lnk - c:\program files\callerid.com\elpopup\ELPopup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\platin~1.lnk - c:\program files\platinum parts f-key connection\PlatinumFKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://192.168.1.205/DVRemoteAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {543945EF-C6D1-41F9-A735-C949B69394AD} = 208.67.222.222,208.67.220.220
Notify: avldr - avldr.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 192.168.1.211 mars pinpro mars.actual-america.com
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-11-15 26696]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2010-3-10 24064]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-11-15 37896]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-15 59080]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\sales desk 1\local settings\application data\crossloop\CrossLoopService.exe [2010-3-22 560880]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2011\PsCtrlS.exe [2010-11-15 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2011\PavFnSvr.exe [2010-11-15 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-11-15 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-11-15 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2011\pavsrvx86.exe [2010-11-15 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2011\psksvc.exe [2010-11-15 28992]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-3-10 2066968]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-3-10 166568]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\sales desk 1\local settings\application data\crossloop\tvnserver.exe [2011-4-20 814080]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== File Associations ===============
.
JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2011-04-28 16:57:15 -------- d-----w- c:\windows\system32\DBBK
2011-04-25 20:57:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-04-25 20:49:12 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 20:48:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-04-20 17:25:33 -------- d-----w- c:\docume~1\salesd~1\applic~1\Malwarebytes
2011-04-20 17:25:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-20 17:25:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-20 17:25:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-20 17:25:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-20 17:08:36 -------- d-----w- c:\docume~1\salesd~1\applic~1\Sammsoft
2011-04-16 07:05:51 -------- d-----w- c:\windows\ServicePackFiles
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 9:25:29.70 ===============

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 05 May 2011 - 03:43 PM

Hello MARS-atp ! Welcome to BleepingComputer Forums! :welcome:


My name is Georgi and and I will be helping you with your computer problems.


Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Kaspersky released a new version of TDSSKiller a few days ago. Be sure to download the latest version 2.5.0.0 <--- Important



Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an malicious object is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • Select Skip to the sptd.sys.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Regards,
Georgi

cXfZ4wS.png


#5 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 06 May 2011 - 08:48 AM

I actually tried to rename & rerun the kaspersky yesturday just to make sure i had done it right. It notified me that there was an update.... I downloaded it, renamed it, ran it, and it found and cured my rootkit problem in like 4 mins ..... so far so good..... looks like it has been solved.... no more slow computer, no more search engine redirects. Thanks for the help,. if i would have been forced to rely on tech support for my Panda antivirus pro 2011, i'd still be waiting. thanks again

#6 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 06 May 2011 - 08:52 AM

here is the log for my kaspersky fix:

2011/05/05 15:06:02.0046 2556 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 15:06:02.0702 2556 ================================================================================
2011/05/05 15:06:02.0702 2556 SystemInfo:
2011/05/05 15:06:02.0702 2556
2011/05/05 15:06:02.0702 2556 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/05 15:06:02.0702 2556 Product type: Workstation
2011/05/05 15:06:02.0702 2556 ComputerName: SALESDESK032010
2011/05/05 15:06:02.0702 2556 UserName: Sales Desk 1
2011/05/05 15:06:02.0702 2556 Windows directory: C:\WINDOWS
2011/05/05 15:06:02.0702 2556 System windows directory: C:\WINDOWS
2011/05/05 15:06:02.0702 2556 Processor architecture: Intel x86
2011/05/05 15:06:02.0702 2556 Number of processors: 2
2011/05/05 15:06:02.0702 2556 Page size: 0x1000
2011/05/05 15:06:02.0702 2556 Boot type: Normal boot
2011/05/05 15:06:02.0702 2556 ================================================================================
2011/05/05 15:06:02.0874 2556 Initialize success
2011/05/05 15:06:07.0296 1100 ================================================================================
2011/05/05 15:06:07.0296 1100 Scan started
2011/05/05 15:06:07.0296 1100 Mode: Manual;
2011/05/05 15:06:07.0296 1100 ================================================================================
2011/05/05 15:06:07.0515 1100 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/05 15:06:07.0546 1100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 15:06:07.0562 1100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 15:06:07.0624 1100 ADIHdAudAddService (307f5e03b02a3022d664c36d1ea25f2c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/05 15:06:07.0640 1100 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/05 15:06:07.0687 1100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 15:06:07.0734 1100 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 15:06:07.0765 1100 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/05 15:06:07.0796 1100 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/05 15:06:07.0812 1100 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/05 15:06:07.0827 1100 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/05 15:06:07.0843 1100 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/05 15:06:07.0874 1100 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/05 15:06:07.0890 1100 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/05 15:06:07.0890 1100 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/05 15:06:07.0921 1100 AmFSM (ef9dd27aa5a3baaf2fd2b44c08a3e622) C:\WINDOWS\system32\DRIVERS\amm8651.sys
2011/05/05 15:06:07.0952 1100 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/05 15:06:07.0999 1100 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/05 15:06:08.0031 1100 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/05 15:06:08.0062 1100 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/05 15:06:08.0109 1100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 15:06:08.0140 1100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 15:06:08.0187 1100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 15:06:08.0202 1100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 15:06:08.0218 1100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 15:06:08.0265 1100 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/05 15:06:08.0281 1100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 15:06:08.0296 1100 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/05 15:06:08.0312 1100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 15:06:08.0327 1100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 15:06:08.0374 1100 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 15:06:08.0406 1100 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/05 15:06:08.0437 1100 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/05 15:06:08.0468 1100 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/05 15:06:08.0484 1100 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/05 15:06:08.0515 1100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 15:06:08.0546 1100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 15:06:08.0624 1100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 15:06:08.0640 1100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 15:06:08.0671 1100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 15:06:08.0702 1100 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/05 15:06:08.0718 1100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 15:06:08.0749 1100 e1kexpress (c08a912bc3257859516d2b71f5e29802) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/05/05 15:06:08.0796 1100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 15:06:08.0827 1100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/05 15:06:08.0859 1100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 15:06:08.0890 1100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/05 15:06:08.0906 1100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/05 15:06:08.0921 1100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 15:06:08.0937 1100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 15:06:08.0984 1100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 15:06:09.0031 1100 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/05 15:06:09.0077 1100 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/05/05 15:06:09.0093 1100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/05 15:06:09.0124 1100 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/05 15:06:09.0171 1100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 15:06:09.0202 1100 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/05 15:06:09.0218 1100 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/05 15:06:09.0265 1100 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/05 15:06:09.0281 1100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 15:06:09.0312 1100 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/05 15:06:09.0327 1100 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/05 15:06:09.0343 1100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 15:06:09.0374 1100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/05 15:06:09.0390 1100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/05 15:06:09.0421 1100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 15:06:09.0452 1100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 15:06:09.0452 1100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 15:06:09.0484 1100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 15:06:09.0515 1100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 15:06:09.0515 1100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 15:06:09.0546 1100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/05 15:06:09.0577 1100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 15:06:09.0593 1100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 15:06:09.0624 1100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 15:06:09.0656 1100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 15:06:09.0671 1100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 15:06:09.0687 1100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/05 15:06:09.0702 1100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 15:06:09.0702 1100 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/05 15:06:09.0734 1100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 15:06:09.0765 1100 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 15:06:09.0781 1100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 15:06:09.0812 1100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 15:06:09.0827 1100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 15:06:09.0843 1100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 15:06:09.0874 1100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 15:06:09.0890 1100 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 15:06:09.0921 1100 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/05/05 15:06:09.0952 1100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 15:06:09.0968 1100 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 15:06:10.0015 1100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 15:06:10.0015 1100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 15:06:10.0062 1100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 15:06:10.0077 1100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 15:06:10.0109 1100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 15:06:10.0140 1100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 15:06:10.0187 1100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 15:06:10.0218 1100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 15:06:10.0359 1100 nv (8a7d9e414d1123cecce9cf1dd55e9f08) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/05 15:06:10.0702 1100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 15:06:10.0734 1100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 15:06:10.0749 1100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/05 15:06:10.0765 1100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 15:06:10.0796 1100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 15:06:10.0812 1100 pavboot (55d654258a9c509b671310c314bd30b4) C:\WINDOWS\system32\Drivers\pavboot.sys
2011/05/05 15:06:10.0859 1100 PavProc (018f51f5757819fcd9f32162c9808565) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2011/05/05 15:06:10.0952 1100 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/05/05 15:06:10.0968 1100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 15:06:10.0984 1100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 15:06:11.0015 1100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/05 15:06:11.0109 1100 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/05 15:06:11.0140 1100 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/05 15:06:11.0187 1100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 15:06:11.0202 1100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 15:06:11.0218 1100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 15:06:11.0249 1100 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/05 15:06:11.0265 1100 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/05 15:06:11.0281 1100 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/05 15:06:11.0296 1100 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/05 15:06:11.0327 1100 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/05 15:06:11.0359 1100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 15:06:11.0374 1100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 15:06:11.0406 1100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 15:06:11.0437 1100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 15:06:11.0468 1100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 15:06:11.0499 1100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 15:06:11.0515 1100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/05 15:06:11.0562 1100 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 15:06:11.0593 1100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 15:06:11.0624 1100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 15:06:11.0671 1100 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 15:06:11.0687 1100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 15:06:11.0734 1100 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/05/05 15:06:11.0765 1100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 15:06:11.0812 1100 ShldDrv (a2f0bf07cac43a11555c173f7b1ad28a) C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys
2011/05/05 15:06:11.0859 1100 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/05 15:06:11.0874 1100 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/05 15:06:11.0921 1100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 15:06:11.0952 1100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 15:06:11.0999 1100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 15:06:12.0046 1100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 15:06:12.0093 1100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 15:06:12.0124 1100 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/05 15:06:12.0140 1100 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/05 15:06:12.0156 1100 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/05 15:06:12.0218 1100 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/05 15:06:12.0265 1100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 15:06:12.0312 1100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 15:06:12.0359 1100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 15:06:12.0359 1100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 15:06:12.0390 1100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 15:06:12.0437 1100 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/05 15:06:12.0468 1100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 15:06:12.0499 1100 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/05 15:06:12.0546 1100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 15:06:12.0562 1100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 15:06:12.0609 1100 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 15:06:12.0640 1100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 15:06:12.0671 1100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/05 15:06:12.0702 1100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/05 15:06:12.0749 1100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/05 15:06:12.0781 1100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 15:06:12.0812 1100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 15:06:12.0843 1100 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/05 15:06:12.0859 1100 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/05 15:06:12.0890 1100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 15:06:12.0937 1100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 15:06:12.0984 1100 WavxDMgr (a188d488f863ad388c6d0439c7d06a99) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/05/05 15:06:13.0031 1100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 15:06:13.0093 1100 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/05 15:06:13.0109 1100 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/05 15:06:13.0109 1100 ================================================================================
2011/05/05 15:06:13.0109 1100 Scan finished
2011/05/05 15:06:13.0109 1100 ================================================================================
2011/05/05 15:06:13.0124 5364 Detected object count: 1
2011/05/05 15:08:40.0702 5364 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 15:08:40.0702 5364 \HardDisk0 - ok
2011/05/05 15:08:40.0702 5364 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/05 15:08:45.0077 5964 Deinitialize success

Attached Files



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 07 May 2011 - 06:18 AM

Hello MARS-atp,



:step1:



Please download Malwarebytes Anti-Malware 1.50.1 Final and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



:step2:



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



:step3:



We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Under the Standard Registry box change it to All
    - Check the boxes beside LOP Check and Purity Check.
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\AppData\*.*
    %USERPROFILE%\My Documents\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Please include the following logs in your next reply:

  • MBAM log
  • ASWmbr.txt
  • OTL.txt and Extra.txt



Regards,
Georgi

cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 09 May 2011 - 10:21 AM

Hi MARS-atp,



It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 48 hours.



Regards,
Georgi

cXfZ4wS.png


#9 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 10 May 2011 - 02:47 PM

I'm not sure if i still need help or not. My problems that were a result of the rootkit issues have been resolved. I attached my log from the clean up by kaspersky. If after looking at that log you say i need to do more things to protect my computer i'm willing. I just didn't know if you were aware that my problem seems to be solved???? please advise

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 10 May 2011 - 04:33 PM

Hello,



I'd definitely recommend you to stick with me until I say you that your computer is clean and give you instructions on how to keep it clean.
Missing symptoms does not mean that everything is okay (especially after a rootkit infection).
If you decide to continue please post back the required logs, so we can proceed further looking for any residual traces of an infection.
Let me know what you want to do.



Regards,
Georgi

cXfZ4wS.png


#11 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 11 May 2011 - 04:17 PM

I AM WORKING ON GETTING THE LOGS POSTED HERE. I WILL HAVE ALL THREE READY & POSTED BY END OF DAY TOMORROW

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 11 May 2011 - 04:30 PM

Ok, thanks for letting me know. :thumbup2:



Regards,
Georgi

cXfZ4wS.png


#13 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 12 May 2011 - 07:57 AM

Here are the requested logs. Let me know what you think. thanks again.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6554

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2011 9:23:42 AM
mbam-log-2011-05-11 (09-23-42).txt

Scan type: Quick scan
Objects scanned: 174844
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


aswMBR log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 10:40:56
-----------------------------
10:40:56.609 OS Version: Windows 5.1.2600 Service Pack 3
10:40:56.609 Number of processors: 2 586 0x170A
10:40:56.609 ComputerName: SALESDESK032010 UserName: Sales Desk 1
10:40:57.828 Initialize success
10:41:07.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:41:07.265 Disk 0 Vendor: ST325031 CC45 Size: 238418MB BusType: 8
10:41:07.296 Disk 0 MBR read successfully
10:41:07.296 Disk 0 MBR scan
10:41:07.296 Disk 0 unknown MBR code
10:41:07.296 Disk 0 scanning sectors +488263545
10:41:07.328 Disk 0 scanning C:\WINDOWS\system32\drivers
10:41:10.453 Service scanning
10:41:11.296 Disk 0 trace - called modules:
10:41:11.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:41:11.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dc18c8]
10:41:11.296 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89db8028]
10:41:11.296 Scan finished successfully
10:42:47.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sales Desk 1\Desktop\MBR.dat"
10:42:47.640 The log file has been saved successfully to "C:\Documents and Settings\Sales Desk 1\Desktop\aswMBR.txt"

otl log:

OTL logfile created on: 5/12/2011 8:45:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sales Desk 1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 202.03 Gb Free Space | 86.79% Space Free | Partition Type: NTFS

Computer Name: SALESDESK032010 | User Name: Sales Desk 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 10:43:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sales Desk 1\Desktop\OTL.exe
PRC - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2011/01/30 11:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/11/12 19:53:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
PRC - [2010/11/12 19:53:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/09/29 05:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe
PRC - [2010/09/13 05:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe
PRC - [2010/08/26 07:52:15 | 000,988,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe
PRC - [2010/08/16 09:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\psksvc.exe
PRC - [2010/08/10 16:18:28 | 000,079,000 | ---- | M] (Platinum Parts) -- C:\Program Files\Platinum Parts F-Key Connection\PlatinumFKey.exe
PRC - [2010/06/09 09:10:16 | 000,231,936 | ---- | M] (CallerID.com) -- C:\Program Files\CallerID.com\ELPopup\ELPopup.exe
PRC - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe
PRC - [2010/05/28 14:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\AVENGINE.EXE
PRC - [2010/05/05 08:18:32 | 000,102,400 | ---- | M] (Comsearch, Inc.) -- C:\Program Files\ComSearch\ComSearch Live\ComSearchTicker.exe
PRC - [2010/04/22 19:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\WebProxy.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/05 22:23:58 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/05 16:04:00 | 000,158,592 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/11/24 17:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 17:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/12 12:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/11/02 13:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/10/15 15:22:22 | 000,796,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2009/10/15 15:22:14 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/10/15 15:22:08 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\lms.exe
PRC - [2009/09/21 19:01:24 | 000,446,976 | ---- | M] (Car-Part.com) -- C:\car-part\CPKeySrv.exe
PRC - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrlS.exe
PRC - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 19:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 23:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/09/02 12:55:24 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\calc.exe
PRC - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 10:43:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sales Desk 1\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/09/29 05:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\TPSrv.exe -- (TPSrv)
SRV - [2010/09/13 05:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 09:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/24 17:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/18 18:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/10/15 15:22:14 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/10/15 15:22:08 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\lms.exe -- (LMS) Intel®
SRV - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2010/06/22 19:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 14:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2010/01/05 16:03:56 | 000,214,656 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/05 13:32:54 | 000,166,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/10/27 13:07:42 | 000,037,896 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2009/10/14 13:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/09/14 17:18:22 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/06/23 09:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/03/28 07:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ohio.com/
IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/03 18:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/04 08:32:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/20 16:07:00 | 000,000,783 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.211 mars pinpro mars.actual-america.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2011\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2011\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TickerApp] C:\Program Files\ComSearch\ComSearch Live\ComSearchTicker.exe (Comsearch, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Car-Part.com Trading Partner Software.lnk = C:\car-part\CPKeySrv.exe (Car-Part.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ELPopup.lnk = C:\Program Files\CallerID.com\ELPopup\ELPopup.exe (CallerID.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Platinum Parts F-Key.lnk = C:\Program Files\Platinum Parts F-Key Connection\PlatinumFKey.exe (Platinum Parts)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sales Desk 1\Start Menu\Programs\Startup\iCPM.lnk = C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\Sales Desk 1\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} http://192.168.1.205/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e8555203-f0dc-11df-83cf-0026b985a92b}\Shell\AutoRun\command - "" = E:\CPSuite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

========== Files/Folders - Created Within 90 Days ==========

[2011/05/11 10:43:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sales Desk 1\Desktop\OTL.exe
[2011/05/11 10:40:41 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sales Desk 1\Desktop\aswMBR.exe
[2011/05/06 15:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\Temp
[2011/05/06 09:29:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/06 09:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/05/06 03:01:12 | 000,000,000 | ---D | C] -- C:\cd0d6158291a06115601425ebabe
[2011/05/05 14:55:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/05/05 06:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/28 12:57:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DBBK
[2011/04/27 13:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Desktop\IceSword122en
[2011/04/26 16:10:40 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sales Desk 1\Desktop\123.com
[2011/04/26 11:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Desktop\gmer
[2011/04/25 16:57:41 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/25 16:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/04/25 16:48:06 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Sales Desk 1\Desktop\HitmanPro35.exe
[2011/04/25 12:14:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sales Desk 1\Desktop\HijackThis.exe
[2011/04/20 17:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/20 17:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/20 17:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/20 16:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Start Menu\Programs\Pinnacle Professional
[2011/04/20 15:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/20 15:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/20 15:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2011/04/20 15:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/20 15:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/20 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Application Data\Malwarebytes
[2011/04/20 13:25:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/20 13:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/20 13:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/20 13:25:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/20 13:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/20 13:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Application Data\Sammsoft
[2011/04/19 15:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\My Documents\brokered
[2011/04/16 03:05:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/03/30 09:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\Application Data\DVRemote
[2011/03/16 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sales Desk 1\My Documents\DVRemote
[2011/02/16 11:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/02/11 09:25:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/05/11 10:45:29 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/05/11 10:43:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sales Desk 1\Desktop\OTL.exe
[2011/05/11 10:42:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\MBR.dat
[2011/05/11 10:40:43 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sales Desk 1\Desktop\aswMBR.exe
[2011/05/06 09:29:39 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/05 15:17:58 | 000,463,936 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 15:17:58 | 000,079,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 15:17:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\WavXMapDrive.bat
[2011/05/05 15:16:59 | 000,236,466 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/05 15:16:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 15:09:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 15:09:16 | 2128,179,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 15:05:35 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\321.com.lnk
[2011/05/05 14:55:21 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\123.PIF
[2011/05/05 14:00:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/04 16:24:52 | 000,520,894 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\ark.zip
[2011/05/04 16:16:21 | 000,737,872 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\gmer2.zip
[2011/04/29 09:00:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/04/29 08:49:38 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/28 12:33:25 | 229,609,472 | ---- | M] () -- C:\PandaSafeCD.iso
[2011/04/27 13:40:31 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\IceSword122en.zip
[2011/04/26 16:10:51 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sales Desk 1\Desktop\123.com
[2011/04/26 11:06:05 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\gmer.zip
[2011/04/26 10:45:34 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\dds.scr
[2011/04/26 10:43:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\Defogger.exe
[2011/04/25 16:59:03 | 000,025,654 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\log.xml
[2011/04/25 16:48:20 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Sales Desk 1\Desktop\HitmanPro35.exe
[2011/04/25 12:14:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sales Desk 1\Desktop\HijackThis.exe
[2011/04/25 12:14:37 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\HiJackThis.msi
[2011/04/25 12:09:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/04/20 16:07:59 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\Pinnacle Professional.lnk
[2011/04/20 16:07:00 | 000,000,783 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/20 13:25:14 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/16 03:21:56 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 03:05:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 08:33:00 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Start Menu\Programs\Startup\iCPM.lnk
[2011/03/15 08:33:00 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Desktop\iCPM.lnk
[2011/03/15 08:33:00 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Application Data\Microsoft\Internet Explorer\Quick Launch\iCPM.lnk
[2011/03/07 01:33:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/03/04 02:37:06 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2011/03/04 02:37:06 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2011/03/04 02:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2011/03/04 02:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2011/03/03 09:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/03/03 09:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/02/22 19:06:29 | 005,962,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/02/22 19:06:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/02/22 19:06:29 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/02/22 19:06:29 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/02/22 19:06:29 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/02/22 19:06:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/02/22 19:06:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/02/22 19:06:29 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/02/22 19:06:29 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/02/22 19:06:29 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/02/22 19:06:29 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/02/22 19:06:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/02/22 19:06:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/02/22 19:06:29 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2011/02/22 19:06:29 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/02/22 19:06:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/02/22 19:06:29 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/02/22 19:06:28 | 011,080,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/02/22 19:06:28 | 001,991,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/02/22 19:06:28 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/02/22 19:06:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/02/22 19:06:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/02/22 19:06:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/02/22 19:06:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/02/22 07:41:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/02/15 08:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/02/15 08:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2011/02/11 09:25:52 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2011/02/11 09:25:52 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/11 10:42:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\MBR.dat
[2011/05/06 09:29:39 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/06 09:29:39 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/05 15:05:35 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\321.com.lnk
[2011/05/05 14:55:21 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\123.PIF
[2011/05/04 16:24:52 | 000,520,894 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\ark.zip
[2011/05/04 16:16:21 | 000,737,872 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\gmer2.zip
[2011/04/28 12:33:14 | 229,609,472 | ---- | C] () -- C:\PandaSafeCD.iso
[2011/04/27 13:40:31 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\IceSword122en.zip
[2011/04/26 11:06:03 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\gmer.zip
[2011/04/26 10:45:21 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\dds.scr
[2011/04/26 10:43:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\Defogger.exe
[2011/04/25 16:59:03 | 000,025,654 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\My Documents\log.xml
[2011/04/25 16:49:12 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/04/25 12:14:34 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\HiJackThis.msi
[2011/04/20 16:07:59 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Desktop\Pinnacle Professional.lnk
[2011/04/20 13:25:14 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/15 13:00:21 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/06/17 12:45:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 07:50:58 | 000,000,619 | R--- | C] () -- C:\WINDOWS\System32\hppapr13.dat
[2010/05/15 12:58:07 | 000,000,807 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/05/15 12:56:07 | 000,172,845 | ---- | C] () -- C:\WINDOWS\hppins13.dat
[2010/05/15 12:56:07 | 000,006,414 | ---- | C] () -- C:\WINDOWS\hppmdl13.dat
[2010/03/22 09:11:50 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\PUTTY.RND
[2010/03/22 08:33:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/20 14:55:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\WavXMapDrive.bat
[2010/03/10 11:19:48 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/10 11:19:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/03/10 11:15:39 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/03/10 09:40:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/10 09:31:36 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/11/19 17:47:10 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/11/18 17:21:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll
[2009/11/18 17:21:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll
[2009/11/18 17:21:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll
[2009/11/18 17:21:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll
[2009/11/18 17:21:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll
[2009/11/18 17:20:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/11/18 17:20:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/11/18 17:20:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/11/18 17:20:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/11/18 17:20:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/11/18 17:20:50 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/11/18 17:20:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/11/18 17:20:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/11/18 17:20:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/11/18 17:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/11/18 17:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/11/18 17:20:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/11/18 17:20:40 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/11/18 17:20:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/11/18 17:20:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/11/18 17:20:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/11/18 17:20:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/11/18 17:20:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/11/18 17:20:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/11/18 17:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/11/18 17:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/11/18 17:20:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/11/18 17:20:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/11/18 17:20:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/11/13 10:17:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2009/11/06 17:27:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2009/08/26 18:25:08 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,463,936 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,079,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/06/30 14:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

========== LOP Check ==========

[2010/03/10 09:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2010/03/10 09:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2010/03/10 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/03/22 10:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/04/25 16:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/14 17:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/03/10 09:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/11/15 13:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/03/10 09:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/03/10 09:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Martin\Application Data\Broadcom
[2011/04/17 09:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Martin\Application Data\CallerID.com
[2010/03/10 09:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Martin\Application Data\Wave Systems Corp
[2010/03/10 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Martin\Application Data\Windows Desktop Search
[2010/03/20 15:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Martin\Application Data\Windows Search
[2010/03/10 09:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2010/03/10 09:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2010/03/10 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2011/04/20 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2010/03/22 10:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\acccore
[2010/03/10 09:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Broadcom
[2010/10/15 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\CallerID.com
[2010/11/18 10:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Car-Part Messaging
[2011/03/30 09:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\DVRemote
[2010/06/14 16:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\OpenOffice.org
[2010/11/15 13:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Panda Security
[2011/04/20 13:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Sammsoft
[2010/03/10 09:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Wave Systems Corp
[2010/11/18 10:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\WinBatch
[2010/03/10 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Windows Desktop Search
[2010/03/20 15:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sales Desk 1\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/04/25 12:09:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/01/19 02:45:46 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/25 17:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/10 11:20:13 | 000,022,635 | RH-- | M] () -- C:\dell.sdr
[2011/05/05 15:09:16 | 2128,179,200 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/03/22 10:49:06 | 000,000,464 | -H-- | M] () -- C:\IPH.PH
[2008/04/25 17:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/26 09:01:00 | 047,253,312 | ---- | M] (NVIDIA Corporation ) -- C:\NvCplSetupInt.exe
[2011/05/05 15:09:15 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/28 12:33:25 | 229,609,472 | ---- | M] () -- C:\PandaSafeCD.iso
[2011/05/05 14:56:25 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_05.05.2011_14.56.18_log.txt
[2011/05/05 15:04:01 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_05.05.2011_15.03.58_log.txt
[2011/04/26 10:14:27 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_10.14.24_log.txt
[2011/04/26 10:15:36 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_10.15.24_log.txt
[2011/04/26 10:19:11 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_10.19.10_log.txt
[2011/04/26 10:21:02 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_10.21.00_log.txt
[2011/04/26 10:31:05 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_10.31.03_log.txt
[2011/04/26 16:12:06 | 000,002,038 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_26.04.2011_16.12.04_log.txt
[2011/05/05 15:08:45 | 000,045,526 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_05.05.2011_15.06.02_log.txt

< %USERPROFILE%\*.* >
[2011/05/05 15:08:59 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Sales Desk 1\NTUSER.DAT
[2011/05/12 08:47:04 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Sales Desk 1\ntuser.dat.LOG
[2011/05/05 15:08:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sales Desk 1\ntuser.ini

< %USERPROFILE%\Application Data\*.* >
[2008/04/25 05:22:23 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sales Desk 1\Application Data\desktop.ini

< %USERPROFILE%\Local Settings\Application Data\*.* >
[2010/07/08 10:18:24 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 09:40:11 | 000,012,912 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/15 13:06:23 | 006,418,802 | -H-- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\IconCache.db
[2011/01/25 09:38:35 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\PUTTY.RND
[2008/02/05 15:28:20 | 000,000,051 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\setup.txt
[2011/05/05 15:17:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\WavXMapDrive.bat

< %AllUsersProfile%\*.* >
[2010/03/20 14:54:58 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/03/20 14:54:58 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

< %AllUsersProfile%\Application Data\*.* >
[2008/04/25 05:22:23 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2010/05/17 07:52:21 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

< %USERPROFILE%\AppData\*.* >

< %USERPROFILE%\My Documents\*.* >
[2011/04/26 11:00:54 | 000,018,249 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\Attach.txt
[2011/02/07 10:16:16 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\CRUSHED.txt
[2010/05/10 08:51:24 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\desktop.ini
[2011/01/25 11:41:01 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\killed.txt
[2011/04/25 16:59:03 | 000,025,654 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\log.xml
[2011/04/19 09:37:09 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\ras quote.xls
[2011/04/26 10:35:28 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Sales Desk 1\My Documents\tdl3.txt

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/04/29 08:49:38 | 000,016,968 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.DLL
[2008/07/23 13:01:08 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp6bu.DLL


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< >

< End of report >

extras:

OTL Extras logfile created on: 5/12/2011 8:45:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Sales Desk 1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 202.03 Gb Free Space | 86.79% Space Free | Partition Type: NTFS

Computer Name: SALESDESK032010 | User Name: Sales Desk 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2011\PAVSCRIP.EXE (Panda Security, S.L.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"D:\setup\hppniprint01.exe" = D:\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe
"D:\setup\hppniprint64.exe" = D:\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe
"D:\setup\hppnicifs01.exe" = D:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
"D:\setup\hpbtpg.exe" = D:\setup\hpbtpg.exe:*:Enabled:hpbtpg.exe
"D:\setup\LaunchApp.exe" = D:\setup\LaunchApp.exe:*:Enabled:launchapp.exe
"C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\Sales Desk 1\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\CallerID.com\ELPopup\ELPopup.exe" = C:\Program Files\CallerID.com\ELPopup\ELPopup.exe:*:Enabled:ELPopup -- (CallerID.com)
"C:\Program Files\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Antivirus Pro 2011\ApVxdWin.exe:*:Enabled:Panda permanent protection -- (Panda Security, S.L.)
"C:\WINDOWS\Temp\pandascan\ncftpget.exe" = C:\WINDOWS\Temp\pandascan\ncftpget.exe:*:Enabled:ncftpget.exe -- (NcFTP Software)
"C:\WINDOWS\Temp\pandascan\NEWPSCAN.EXE" = C:\WINDOWS\Temp\pandascan\NEWPSCAN.EXE:*:Enabled:pscan.exe -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{083CE5FA-E750-4594-B8D1-13994B297A02}" = Wave Infrastructure Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39A6407B-DD99-410D-8EA2-280788F8423B}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 4.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{84F015D4-0081-4145-B456-A6933E01D3C5}" = ComSearch Live
"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}" = DCP32MMWrapper
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{960EF721-A0AC-46C9-846E-37CC40128D4D}" = Platinum Parts F-Key Connection
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37B0F29-81B9-40B1-A6C2-8416E2586C43}" = Panda Antivirus Pro 2011
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD69DAB8-E483-4E45-A052-16D1C360B67D}" = hppusgP2050
"{BDC231B4-0066-462F-9AC2-E945CD2D16C1}" = CallerID.com Software 1.3.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}" = SO32MMWrapper
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2011
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrossLoop_is1" = CrossLoop 2.75
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.6
"NVIDIA Drivers" = NVIDIA Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4136154950-1490086557-4258345756-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iCPM" = iCPM (remove only)
"Pinnacle Professional" = Pinnacle Professional

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2011 7:32:41 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 4/22/2011 7:32:41 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:32:41 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:32:41 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 4/22/2011 7:32:41 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:33:56 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:33:57 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 4/22/2011 7:33:57 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:33:57 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/22/2011 7:33:57 PM | Computer Name = SALESDESK032010 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/29/2011 11:40:44 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/2/2011 7:50:05 AM | Computer Name = SALESDESK032010 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.105 on
the Network Card with network address 0026B985A92B.

Error - 5/2/2011 7:50:20 AM | Computer Name = SALESDESK032010 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/2/2011 10:31:06 AM | Computer Name = SALESDESK032010 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 5/5/2011 9:43:19 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/5/2011 9:44:19 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2011 9:45:49 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/5/2011 9:46:49 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2011 9:47:49 AM | Computer Name = SALESDESK032010 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/6/2011 3:49:36 AM | Computer Name = SALESDESK032010 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 PM

Posted 13 May 2011 - 06:09 AM

Hi MARS-atp,



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe. Follow the prompts leaving the values at default.



We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    "DisableMonitoring" =dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DoNotAllowExceptions" =dword:00000000
    :commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
  • Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 20 and Java 2 Runtime Environment, SE v1.4.2)
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")



Regards,
Georgi

cXfZ4wS.png


#15 MARS-atp

MARS-atp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 13 May 2011 - 09:52 AM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\"DisableMonitoring" |dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DoNotAllowExceptions" |dword:00000000 /E : value set successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05132011_092046


ESETScan log:

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\21\4928e215-4d44794b multiple threats
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\48\33cc51f0-1ff88640 multiple threats
C:\Documents and Settings\Sales Desk 1\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-291f8e05 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\Sales Desk 1\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-2ee4b9e9 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\Sales Desk 1\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-46e3edbf a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\Sales Desk 1\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-4bcdcd24 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\Sales Desk 1\Application Data\Sun\Java\Deployment\cache\6.0\17\650a3e91-7a454136 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\Sales Desk 1\Desktop\MusicnotesSuite.exe Win32/OpenCandy application
C:\WINDOWS\Temp\pandascan\pcheck.exe Win32/Packed.Autoit.E.Gen application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users