Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem starting windows firewall


  • This topic is locked This topic is locked
51 replies to this topic

#1 LoonyToon

LoonyToon

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 12:52 AM

Continuing from previous topic: ==>Here<==

Following steps in the preparation guide, Windows Firewall can not be started as described in the previous topic ==>Here<==

No CD emulation software installed on PC (to my knowledge)

Downloading the DDS.scr tool incurs 2 problems:


1. Download is immediately cancelled (Firefox Download window)

2. Clicking 'Retry' results in file downloading but disappears and can not be found. Firefox download window is blank despite being set to show downloads.


Successfully downloaded through Google Chrome, but when trying to run the DDS a Notepad file is displayed containing mostly unreadable stuff with the exception of:

'This program cannot be run in DOS mode.' and a few other scatterings of readable text.

Downloaded gMER - double clicked on gmer.exe - program ran automatically without any dialogue or chance to un-check the appropriate parameters as requested in the preparation guide. Un-checked boxes and ran gmer.exe again.

gMER Log file attached:


The problem of being unable to start windows firewall was realised after a sequence of events:

1. Computer stopped with black screen after POST
This was rectified using windows rescue disk recovery console.

2. Then infected with Windows Restore
Fixed using Rkill and MBAM and procedures in the self help guides and then ran SAS(SuperAntispyware) which removed about 800 additional threats.

3. Then infected with XP Security Centre
Attempted to fix using self help procedures for Windows Restore removal. At one point lost all icons. Managed to recover using Windows 'Last known good configuration' I then came on to this site and found Shell.reg and Installed the Secunia Personal Software Inspector. The application was unable to connect to the HTTP server as described at the end of the topic ==>Here<==

Frequent scans using MBAM, SAS, Symantec Norton AntiVirus are finding repeated infections including:

IEXPLORER.EXE
EXPLORER.EXE
Registry keys
that are disabling Symantec's notifications that security components are disabled .e.g. Norton Firewall

This is when I realised I had a deeper problem than I cold resolve and hence, posted my first request for help on this site as a new member.




Attached Files

  • Attached File  ark.txt   31.27KB   2 downloads


BC AdBot (Login to Remove)

 


#2 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 01:13 AM

Addendum: Also forgot to mention that my google searched are mostly redirected requiring me to copy and paste the destination link location into another tab in order to get to the correct web page.

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:19 AM

Posted 25 May 2011 - 09:54 AM

Hello LoonyToon,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Things to include in your next reply::
TDSSkiller log
OTL.txt
Attach.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 07:03 PM

Hi Fireman4it,

Pleased to be here and very appreciative of your help.

Machine appears to be stable at the moment, having just woken to the results of the last scan by MBAM - no threats detected. I hope that scan hasn't compromised the procedures you have specified? Please let me know if it has and something need amending within them.

I will continue to download TDSSKiller.exe and the OTL tool that you have pointed me to and then proceed to run the tools.

For clarification, when you say not to use my computer during the scans, you mean; including watching this thread, and to close my browser completely?

Many thanks.


#5 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 07:06 PM

Hi Fireman4it,

Pleased to be here and very appreciative of your help.

Machine appears to be stable at the moment, having just woken to the results of the last scan by MBAM - no threats detected. I hope that scan hasn't compromised the procedures you have specified? Please let me know if it has and something need amending within them.

I will continue to download TDSSKiller.exe and the OTL tool that you have pointed me to and then proceed to run the tools.

For clarification, when you say not to use my computer during the scans, you mean; including watching this thread, and to close my browser completely?

Many thanks.


#6 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 07:08 PM

Apologies for the double post, browser seemed to have a problem!

#7 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 08:21 PM

fireman4it, please find log files pasted below. Ark.txt still appears to be an attachment earlier on in this topic, or did you want me to run gMER again?

Thanks again.

Log flies:

2011/05/26 01:24:14.0568 5444 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 01:24:14.0850 5444 ================================================================================
2011/05/26 01:24:14.0850 5444 SystemInfo:
2011/05/26 01:24:14.0850 5444
2011/05/26 01:24:14.0850 5444 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/26 01:24:14.0850 5444 Product type: Workstation
2011/05/26 01:24:14.0850 5444 ComputerName: LAPTOP1
2011/05/26 01:24:14.0850 5444 UserName: Administrator
2011/05/26 01:24:14.0850 5444 Windows directory: C:\WINDOWS
2011/05/26 01:24:14.0850 5444 System windows directory: C:\WINDOWS
2011/05/26 01:24:14.0850 5444 Processor architecture: Intel x86
2011/05/26 01:24:14.0850 5444 Number of processors: 2
2011/05/26 01:24:14.0850 5444 Page size: 0x1000
2011/05/26 01:24:14.0850 5444 Boot type: Normal boot
2011/05/26 01:24:14.0850 5444 ================================================================================
2011/05/26 01:24:15.0834 5444 Initialize success
2011/05/26 01:26:14.0522 2912 ================================================================================
2011/05/26 01:26:14.0522 2912 Scan started
2011/05/26 01:26:14.0522 2912 Mode: Manual;
2011/05/26 01:26:14.0522 2912 ================================================================================
2011/05/26 01:26:15.0647 2912 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/26 01:26:15.0756 2912 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/26 01:26:15.0834 2912 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/26 01:26:16.0084 2912 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/26 01:26:16.0178 2912 aeaudio (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/26 01:26:16.0225 2912 AEAudioService (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/26 01:26:16.0318 2912 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/26 01:26:16.0568 2912 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/26 01:26:16.0709 2912 AgereSoftModem (aff071b6290776e1fa162837c35eac78) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/26 01:26:16.0834 2912 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/26 01:26:17.0334 2912 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2011/05/26 01:26:17.0600 2912 AR5523 (92637b97f57c1669d521a54482c4579c) C:\WINDOWS\system32\DRIVERS\WG11TND5.sys
2011/05/26 01:26:17.0709 2912 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/26 01:26:17.0928 2912 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/26 01:26:18.0147 2912 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/26 01:26:18.0303 2912 ati2mtag (f7c68e0c3b4f87e7d850776b3c1087e4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/26 01:26:18.0459 2912 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/26 01:26:18.0725 2912 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/05/26 01:26:18.0787 2912 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/26 01:26:18.0881 2912 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2011/05/26 01:26:18.0943 2912 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/26 01:26:19.0022 2912 BlueletAudio (0744aa40fe6fa9c471fa59ccb5ca1f73) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
2011/05/26 01:26:19.0209 2912 BlueletSCOAudio (01d1832f2b13dfaf7384884f7c3e0124) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
2011/05/26 01:26:19.0303 2912 BT (51eff72092088948933298c12ed23fd1) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2011/05/26 01:26:19.0365 2912 Btcsrusb (3efdd3cc9118f6290398d94a72458b00) C:\WINDOWS\system32\Drivers\btcusb.sys
2011/05/26 01:26:19.0443 2912 BTHidEnum (e69d9e7854095a9c81acee40d766fe2d) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
2011/05/26 01:26:19.0506 2912 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2011/05/26 01:26:19.0850 2912 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/26 01:26:19.0943 2912 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/26 01:26:20.0053 2912 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/26 01:26:20.0147 2912 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/26 01:26:20.0318 2912 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/26 01:26:20.0428 2912 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/26 01:26:20.0506 2912 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/26 01:26:20.0865 2912 DcCam (844a9b14e2799a2adec1f392e7407d72) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/05/26 01:26:20.0943 2912 DcFpoint (016ad1e71da43c39e5211fd7521c88d0) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/05/26 01:26:21.0037 2912 DCFS2K (7cef1cd1dc5c24208f196c36eb48a411) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/05/26 01:26:21.0272 2912 DcLps (2484fe767708eaba26767f2da0256398) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/05/26 01:26:21.0365 2912 DcPTP (a76d1610c9cae786006d412f012dcb7c) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/05/26 01:26:21.0459 2912 Defrag32 (e511e32308414829d38a4ecc3dd66aa1) C:\WINDOWS\system32\drivers\Defrag32.sys
2011/05/26 01:26:21.0522 2912 Defrag32b (48ba6646b3a17f0e7ffdeb020309846f) C:\WINDOWS\system32\drivers\Defrag32b.sys
2011/05/26 01:26:21.0600 2912 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/26 01:26:21.0834 2912 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/26 01:26:21.0928 2912 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/26 01:26:22.0022 2912 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/26 01:26:22.0115 2912 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/26 01:26:22.0318 2912 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2011/05/26 01:26:22.0428 2912 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/05/26 01:26:22.0490 2912 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/05/26 01:26:22.0553 2912 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/05/26 01:26:22.0834 2912 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/26 01:26:22.0912 2912 E100B (fae8b6b311f898df3d19bc638e980ca5) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/26 01:26:22.0990 2912 e1express (9b1a944de35a5deaa9299d5306b34c1e) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/26 01:26:23.0115 2912 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/26 01:26:23.0381 2912 EGATHDRV (938f1ec77ba35858248e584b2d2e9776) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2011/05/26 01:26:23.0428 2912 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/26 01:26:23.0553 2912 Exportit (3662b779f744e76b3aaa021430cb9dac) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/05/26 01:26:23.0662 2912 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/26 01:26:23.0756 2912 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/26 01:26:24.0037 2912 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/26 01:26:24.0084 2912 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/26 01:26:24.0162 2912 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/26 01:26:24.0225 2912 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/26 01:26:24.0318 2912 FTDIBUS (35abe7359740461c8c953d16c307c7e4) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/05/26 01:26:24.0506 2912 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/26 01:26:24.0787 2912 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/26 01:26:24.0850 2912 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/26 01:26:24.0912 2912 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/26 01:26:25.0162 2912 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/26 01:26:25.0240 2912 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/26 01:26:25.0287 2912 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/26 01:26:25.0412 2912 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
2011/05/26 01:26:25.0647 2912 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
2011/05/26 01:26:25.0834 2912 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/26 01:26:26.0006 2912 i1 (a865c274c822501e887ec0c7ccf3d2cd) C:\WINDOWS\system32\DRIVERS\i1.sys
2011/05/26 01:26:26.0318 2912 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/26 01:26:26.0459 2912 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/26 01:26:26.0647 2912 iastor (865fec2d85069fd180ea75049829a7a2) C:\WINDOWS\system32\Drivers\iaStor.sys
2011/05/26 01:26:26.0928 2912 IBMPMDRV (c594b64b60562a22e834344cb7818b6d) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/05/26 01:26:26.0990 2912 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2011/05/26 01:26:27.0053 2912 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/26 01:26:27.0178 2912 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/26 01:26:27.0225 2912 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/26 01:26:27.0443 2912 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/26 01:26:27.0522 2912 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/26 01:26:27.0615 2912 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/26 01:26:27.0662 2912 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/26 01:26:27.0725 2912 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/26 01:26:27.0912 2912 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/26 01:26:27.0975 2912 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/26 01:26:28.0178 2912 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/26 01:26:28.0381 2912 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/26 01:26:28.0428 2912 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/26 01:26:28.0522 2912 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/26 01:26:28.0647 2912 ldblank (fc9bd3d862fa66c19826d05cb15c245b) C:\WINDOWS\system32\DRIVERS\ldblank.sys
2011/05/26 01:26:28.0725 2912 ldmirror (f4a55732a6996cb64a1b7080b5871de8) C:\WINDOWS\system32\DRIVERS\ldmirror.sys
2011/05/26 01:26:28.0990 2912 LucentSoftModem (dd226891303d5118648ad4b911f37822) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2011/05/26 01:26:29.0100 2912 luvtnw (37d005ef2d667d50c6fb5619220a53f7) C:\WINDOWS\system32\DRIVERS\luvtnw.sys
2011/05/26 01:26:29.0193 2912 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/26 01:26:29.0272 2912 mirrorflt (5eea9d31e405c2a7716a596f068ecec8) C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
2011/05/26 01:26:29.0350 2912 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/26 01:26:29.0600 2912 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/26 01:26:29.0662 2912 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/26 01:26:29.0740 2912 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/26 01:26:29.0803 2912 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/26 01:26:29.0897 2912 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/26 01:26:30.0006 2912 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/26 01:26:30.0240 2912 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/26 01:26:30.0303 2912 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
2011/05/26 01:26:30.0397 2912 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/26 01:26:30.0490 2912 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/26 01:26:30.0568 2912 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/26 01:26:30.0803 2912 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/26 01:26:30.0865 2912 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/26 01:26:30.0928 2912 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/26 01:26:30.0990 2912 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/26 01:26:31.0084 2912 NAL (ab7cc5ddfa1557bab312e12abb6a5158) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/05/26 01:26:31.0225 2912 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110524.002\naveng.sys
2011/05/26 01:26:31.0318 2912 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110524.002\navex15.sys
2011/05/26 01:26:31.0647 2912 NcpFilt (8f941f9c1e8109e69b7d196d1741da99) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
2011/05/26 01:26:31.0662 2912 NcpFiltMP (8f941f9c1e8109e69b7d196d1741da99) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
2011/05/26 01:26:31.0678 2912 ncpvaxp (8f941f9c1e8109e69b7d196d1741da99) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
2011/05/26 01:26:31.0772 2912 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/26 01:26:31.0834 2912 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/26 01:26:32.0053 2912 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/26 01:26:32.0178 2912 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/26 01:26:32.0225 2912 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/26 01:26:32.0318 2912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/26 01:26:32.0397 2912 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/26 01:26:32.0568 2912 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/26 01:26:32.0725 2912 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/05/26 01:26:32.0928 2912 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys
2011/05/26 01:26:33.0022 2912 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/26 01:26:33.0193 2912 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/05/26 01:26:33.0256 2912 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/05/26 01:26:33.0318 2912 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/05/26 01:26:33.0522 2912 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/05/26 01:26:33.0678 2912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/26 01:26:33.0740 2912 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/05/26 01:26:33.0803 2912 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/26 01:26:33.0959 2912 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/26 01:26:34.0037 2912 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/26 01:26:34.0193 2912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/26 01:26:34.0256 2912 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/26 01:26:34.0334 2912 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/26 01:26:34.0397 2912 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/26 01:26:34.0537 2912 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/26 01:26:34.0631 2912 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/26 01:26:34.0772 2912 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/26 01:26:34.0897 2912 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/26 01:26:34.0959 2912 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/26 01:26:35.0412 2912 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2011/05/26 01:26:35.0490 2912 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/26 01:26:35.0678 2912 psadd (ce5114c9d3ab67e6f6f8017c5f975292) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/05/26 01:26:35.0803 2912 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/26 01:26:35.0834 2912 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/26 01:26:35.0912 2912 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/26 01:26:36.0303 2912 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/26 01:26:36.0381 2912 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/26 01:26:36.0475 2912 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/26 01:26:36.0584 2912 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/26 01:26:36.0709 2912 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/26 01:26:36.0756 2912 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/26 01:26:36.0803 2912 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/26 01:26:36.0928 2912 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/26 01:26:37.0068 2912 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/26 01:26:37.0225 2912 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/26 01:26:37.0303 2912 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/26 01:26:37.0443 2912 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/26 01:26:37.0522 2912 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/26 01:26:37.0678 2912 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/05/26 01:26:37.0943 2912 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\SAS_SelfExtract\SASDIFSV.SYS
2011/05/26 01:26:37.0975 2912 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\SAS_SelfExtract\SASKUTIL.SYS
2011/05/26 01:26:38.0068 2912 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
2011/05/26 01:26:38.0147 2912 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
2011/05/26 01:26:38.0443 2912 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/26 01:26:38.0537 2912 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/26 01:26:38.0615 2912 Sentinel (79a8bec557a1b99e17e4bd9adf3f0ee4) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/05/26 01:26:38.0678 2912 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/05/26 01:26:39.0006 2912 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/26 01:26:39.0053 2912 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/26 01:26:39.0131 2912 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/26 01:26:39.0225 2912 Shockprf (0b3e58fdc92e944f875b72e150d6d85d) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2011/05/26 01:26:39.0334 2912 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/26 01:26:39.0615 2912 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/05/26 01:26:39.0740 2912 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/26 01:26:39.0912 2912 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/26 01:26:40.0162 2912 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/26 01:26:40.0256 2912 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/26 01:26:40.0365 2912 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/26 01:26:40.0459 2912 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/26 01:26:40.0537 2912 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/26 01:26:40.0834 2912 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/26 01:26:41.0037 2912 SYMDNS (82235a78777a8f0a5d6cc66a5c118b59) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/05/26 01:26:41.0131 2912 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/26 01:26:41.0178 2912 SYMFW (fe7d95fb4c45855dccdd7be530b96982) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/05/26 01:26:41.0365 2912 SYMIDS (fa3dbbcc7a26a4a2636dfcca06689689) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/05/26 01:26:41.0428 2912 SYMNDIS (6497b01f6acee837ec2469bb2b5ee910) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/05/26 01:26:41.0600 2912 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/26 01:26:41.0662 2912 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/26 01:26:41.0990 2912 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/26 01:26:42.0100 2912 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/26 01:26:42.0240 2912 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/26 01:26:42.0318 2912 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/05/26 01:26:42.0506 2912 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/26 01:26:42.0600 2912 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/05/26 01:26:42.0693 2912 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/26 01:26:42.0772 2912 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/26 01:26:43.0037 2912 Tp4Track (e06117f4ee0fd094532d8b82f1b7883a) C:\WINDOWS\system32\DRIVERS\tp4track.sys
2011/05/26 01:26:43.0115 2912 TPDIGIMN (f39eef399cc6726024011f7aeab1a53a) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2011/05/26 01:26:43.0287 2912 tpflhlp (2e826a993e62ceb2f77fa3ffc8190cf0) C:\Program Files\Lenovo\System Update\session\7buj15us\tpflhlp.sys
2011/05/26 01:26:43.0381 2912 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2011/05/26 01:26:43.0600 2912 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/05/26 01:26:43.0662 2912 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/05/26 01:26:43.0818 2912 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2011/05/26 01:26:43.0897 2912 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/26 01:26:44.0053 2912 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/26 01:26:44.0256 2912 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/26 01:26:44.0350 2912 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/26 01:26:44.0459 2912 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/26 01:26:44.0522 2912 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/26 01:26:44.0615 2912 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/26 01:26:44.0818 2912 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/26 01:26:44.0912 2912 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/26 01:26:44.0990 2912 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/26 01:26:45.0068 2912 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/26 01:26:45.0178 2912 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys
2011/05/26 01:26:45.0412 2912 VcommMgr (d1ddff84dc3060456c8bc0c47af8cbb2) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2011/05/26 01:26:45.0475 2912 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/26 01:26:45.0615 2912 VNA (3bb079ac39b37b257a88e68116808069) C:\WINDOWS\system32\DRIVERS\vna.sys
2011/05/26 01:26:45.0709 2912 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/26 01:26:45.0709 2912 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/26 01:26:45.0709 2912 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/26 01:26:46.0006 2912 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/26 01:26:46.0131 2912 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/26 01:26:46.0240 2912 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/26 01:26:46.0365 2912 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
2011/05/26 01:26:46.0647 2912 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/26 01:26:46.0740 2912 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/26 01:26:46.0818 2912 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/26 01:26:46.0990 2912 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/05/26 01:26:47.0115 2912 {A7E39B01-B403-11d4-BD18-00D0B7A1821E} (11f47f1d6d77ee7a6a86adcec314c3b1) C:\WINDOWS\system32\drivers\Vch.sys
2011/05/26 01:26:47.0334 2912 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/05/26 01:26:47.0381 2912 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/26 01:26:47.0584 2912 ================================================================================
2011/05/26 01:26:47.0584 2912 Scan finished
2011/05/26 01:26:47.0584 2912 ================================================================================
2011/05/26 01:26:47.0600 5352 Detected object count: 1
2011/05/26 01:26:47.0600 5352 Actual detected object count: 1
2011/05/26 01:27:22.0131 5352 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/26 01:27:22.0131 5352 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/26 01:27:24.0334 5352 Backup copy found, using it..
2011/05/26 01:27:24.0381 5352 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/26 01:27:24.0381 5352 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/26 01:27:45.0897 3636 Deinitialize success

.......................................

OTL logfile created on: 26/05/2011 01:42:02 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 291.45 Mb Available Physical Memory | 28.73% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.49 Gb Total Space | 17.49 Gb Free Space | 33.97% Space Free | Partition Type: NTFS

Computer Name: LAPTOP1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/26 01:22:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
PRC - [2011/04/30 14:10:32 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\administrator\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2009/12/14 11:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe
PRC - [2009/08/27 16:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 10:18:42 | 001,036,296 | ---- | M] (NCP Engineering GmbH) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE
PRC - [2008/02/08 16:04:36 | 000,266,240 | ---- | M] () -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe
PRC - [2008/01/17 09:07:28 | 000,401,920 | ---- | M] (NCP engineering GmbH) -- C:\Program Files\WatchGuard\Mobile VPN\NCPBUDGT.EXE
PRC - [2008/01/16 11:46:48 | 000,081,920 | ---- | M] (NCP engineering GmbH) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/19 10:33:28 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/10/05 20:54:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/10/05 20:53:10 | 000,110,592 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/09/12 18:14:18 | 000,307,295 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2006/07/16 18:33:36 | 000,626,176 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2006/06/15 01:40:34 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 01:40:28 | 000,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/06/15 01:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 01:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/06/07 16:38:58 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2006/06/07 16:38:26 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/06/05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2006/05/30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/03/24 17:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 17:14:56 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/03/24 17:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 17:14:48 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/02/01 16:09:46 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2006/01/24 20:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/12/09 04:55:16 | 000,081,920 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2005/12/09 04:47:42 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\WebPortal\SDClientMonitor.exe
PRC - [2005/11/29 11:16:46 | 000,241,731 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDSched.exe
PRC - [2005/11/17 12:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2005/09/24 06:30:38 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/05/24 12:45:02 | 000,045,056 | ---- | M] () -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE
PRC - [2002/10/08 22:28:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\TpScrLk.exe
PRC - [2002/02/28 13:35:06 | 000,188,987 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\dcfssvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/26 01:22:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/12/14 11:26:02 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\HUB\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/07 19:23:48 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/08/27 16:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/04/07 10:18:42 | 001,036,296 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE -- (ncprwsnt)
SRV - [2008/02/08 16:04:36 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe -- (rwsrsu)
SRV - [2008/01/16 11:46:48 | 000,081,920 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe -- (ncpclcfg)
SRV - [2007/09/21 18:03:42 | 000,224,768 | ---- | M] (DameWare Development LLC) [On_Demand | Stopped] -- C:\WINDOWS\System32\DWRCS.exe -- (DWMRCS)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/19 10:33:28 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/09/12 18:14:18 | 000,307,295 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2006/06/15 01:40:28 | 000,115,952 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 01:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 01:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/07 16:38:58 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/06/07 16:38:26 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/06/05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 17:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 17:14:56 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/03/24 17:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/01/24 20:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/12/09 04:59:46 | 000,245,760 | ---- | M] (LANDesk Software, Ltd.) [Disabled | Stopped] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2005/12/09 04:58:22 | 000,114,688 | ---- | M] (LANDesk Software, Ltd.) [Disabled | Stopped] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2005/12/09 04:55:16 | 000,081,920 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2005/11/29 11:16:46 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2005/11/29 11:16:10 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2005/11/22 15:07:24 | 000,122,880 | ---- | M] (LANDesk Software, Ltd.) [Disabled | Stopped] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2005/11/17 12:31:52 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/05/24 12:45:02 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE -- (NcpSec)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/02/28 13:35:06 | 000,188,987 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\dcfssvc.exe -- (Dcfssvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/19 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110524.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/19 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110524.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/12 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/12 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\administrator\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/04 16:22:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/12/21 13:22:08 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)
DRV - [2008/04/03 16:16:34 | 000,080,040 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)
DRV - [2008/04/03 16:16:34 | 000,080,040 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)
DRV - [2008/04/03 16:16:34 | 000,080,040 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)
DRV - [2007/01/10 03:56:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/12/25 23:05:00 | 000,100,144 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2006/12/25 23:03:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2006/12/14 16:33:18 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)
DRV - [2006/12/13 16:06:54 | 000,013,616 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\session\7buj15us\tpflhlp.sys -- (tpflhlp)
DRV - [2006/10/19 10:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/02 02:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 02:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/09/13 06:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/12 18:14:18 | 000,109,008 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA)
DRV - [2006/07/16 17:06:16 | 000,023,040 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2006/06/23 17:00:26 | 000,031,488 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2006/05/29 09:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 09:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/05/26 01:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/05/05 16:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/24 21:08:46 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/28 17:57:22 | 000,084,836 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2006/01/24 20:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 20:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/01/24 20:06:28 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/01/24 20:06:24 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/01/24 20:06:18 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/01/24 20:06:14 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/01/19 14:31:34 | 000,010,068 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2006/01/13 01:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/19 20:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/22 11:33:44 | 000,061,456 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2005/11/22 11:33:34 | 000,061,456 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\defrag32.sys -- (Defrag32)
DRV - [2005/11/08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/10/07 17:52:40 | 000,016,768 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\luvtnw.sys -- (luvtnw)
DRV - [2005/09/05 04:21:06 | 000,362,944 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG11TND5.sys -- (AR5523)
DRV - [2005/08/31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005/07/30 08:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/07/25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/07/01 17:48:34 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2005/07/01 17:48:34 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2005/07/01 17:48:34 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2005/05/01 06:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/10/19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/04/15 11:40:36 | 000,020,533 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vch.sys -- ({A7E39B01-B403-11d4-BD18-00D0B7A1821E})
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/09/04 18:06:30 | 000,131,509 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2002/09/04 18:06:22 | 000,034,938 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2002/02/28 13:35:06 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2002/02/28 13:35:06 | 000,055,866 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2002/02/28 13:35:06 | 000,036,885 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2002/02/28 13:35:06 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 14:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [1996/04/13 21:00:00 | 000,063,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 06:29:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 16:06:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/07 15:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/05/20 16:06:11 | 000,000,000 | ---D | M]

[2010/09/07 15:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Extensions
[2010/09/07 15:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/07/22 10:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/04/30 07:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\fvx752w1.default\extensions
[2010/10/18 18:46:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\fvx752w1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 18:46:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\fvx752w1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/18 12:30:04 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\fvx752w1.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/01 06:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/14 10:35:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/30 16:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/29 10:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 15:31:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2009/01/16 20:50:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NcpBudget] C:\Program Files\WatchGuard\Mobile VPN\ncpbudgt.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [SDClientMonitor] C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe (LANDesk Software, Ltd.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe ()
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.yardiasp.com/3611healey/activexviewer9.cab (Crystal Report Viewer Control 9)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141993707533 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170279589187 (MUWebControl Class)
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} https://vpn.frycomm.com/sre/ICSScanner.cab (ICSScanner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://vpn.frycomm.com/SNX/CSHELL/extender.cab (SlimClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 11:59:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell - "" = AutoRun
O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell - "" = AutoRun
O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell - "" = AutoRun
O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a63d80f-083f-11dc-9de7-0019d275b97c}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell - "" = AutoRun
O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell - "" = AutoRun
O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell - "" = AutoRun
O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell - "" = AutoRun
O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell - "" = AutoRun
O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 01:22:53 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/05/26 01:17:30 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\administrator\Desktop\tdsskiller.exe
[2011/05/25 03:45:32 | 000,606,738 | ---- | C] (Swearware) -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2011/05/24 04:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Local Settings\Application Data\Secunia PSI
[2011/05/24 04:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/24 04:38:06 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\administrator\Desktop\PSISetup.exe
[2011/05/24 03:30:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\administrator\Recent
[2011/05/23 01:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/05/20 21:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\My Documents\LabView
[2011/05/12 22:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/12 22:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\SUPERAntiSpyware.com
[2011/05/11 23:20:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2011/05/11 10:20:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Malwarebytes
[2011/05/11 10:20:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/11 10:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/11 10:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/11 10:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/30 16:08:43 | 000,000,000 | ---D | C] -- C:\XPRescueSP3
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/26 01:32:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/05/26 01:32:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/26 01:30:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/26 01:30:42 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 01:22:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2011/05/26 01:17:22 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\administrator\Desktop\tdsskiller.exe
[2011/05/26 01:16:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2244539906-3899546985-1470816656-500UA.job
[2011/05/26 00:17:38 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 00:17:37 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Google Chrome.lnk
[2011/05/26 00:00:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/05/25 14:16:03 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2244539906-3899546985-1470816656-500Core.job
[2011/05/25 04:19:01 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\gmer.zip
[2011/05/25 03:43:47 | 000,606,738 | ---- | M] (Swearware) -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2011/05/24 22:47:49 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2011/05/24 09:07:14 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/24 04:37:59 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\administrator\Desktop\PSISetup.exe
[2011/05/24 03:19:02 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/24 02:46:13 | 000,101,420 | ---- | M] () -- C:\Documents and Settings\administrator\My Documents\cc_24May2011_20110524_024445.reg
[2011/05/22 20:20:22 | 000,014,490 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011/05/22 20:20:22 | 000,014,490 | -HS- | M] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011/05/20 16:06:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/11 16:46:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/11 16:19:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/11 16:02:36 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/11 10:20:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 06:58:30 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128100r
[2011/05/11 06:58:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19128100
[2011/05/11 06:57:49 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19128100
[2011/05/04 13:54:12 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\gmer.exe
[2011/05/01 06:29:23 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/01 06:29:23 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/01 03:53:13 | 000,485,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/01 03:20:40 | 000,444,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/01 03:20:39 | 000,072,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/30 03:46:12 | 000,000,194 | RHS- | M] () -- C:\boot.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 04:19:13 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\gmer.zip
[2011/05/24 02:45:36 | 000,101,420 | ---- | C] () -- C:\Documents and Settings\administrator\My Documents\cc_24May2011_20110524_024445.reg
[2011/05/24 00:25:46 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 20:13:14 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011/05/22 20:13:14 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\mssfsi1vlq8g1bx8lmkcbl8
[2011/05/20 16:06:12 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/20 16:06:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/11 10:20:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/11 06:58:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128100r
[2011/05/11 06:58:29 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19128100
[2011/05/11 06:57:49 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19128100
[2011/05/04 13:54:12 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\gmer.exe
[2011/05/01 06:29:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/30 03:46:12 | 000,000,194 | RHS- | C] () -- C:\boot.ini
[2009/12/04 04:41:35 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/14 09:57:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUEUEMAN.INI
[2009/10/10 11:51:28 | 000,000,352 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/10 09:04:06 | 000,149,392 | R--- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2009/04/23 22:11:06 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\ColorPort.xml
[2009/01/27 12:47:45 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS
[2009/01/27 12:47:45 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL
[2009/01/27 12:47:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\snti386.dll
[2009/01/23 15:11:17 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/01 22:04:12 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/30 21:11:05 | 000,038,503 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\Comma Separated Values (DOS).ADR
[2008/09/25 19:00:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/27 12:19:31 | 000,006,161 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\PrimoPDFSet.xml
[2008/08/27 12:19:29 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\APUSet.xml
[2008/07/04 15:05:36 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/28 17:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/01/09 15:18:01 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2008/01/09 15:17:52 | 000,000,343 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2007/11/09 11:52:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/28 18:55:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\administrator\Application Data\$_hpcst$.hpc
[2007/10/25 10:35:10 | 000,002,849 | ---- | C] () -- C:\WINDOWS\System32\Dwrcs.ini
[2007/09/26 15:05:43 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2007/09/26 13:40:34 | 000,000,009 | ---- | C] () -- C:\WINDOWS\csn.ini
[2007/09/26 12:04:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\fusioncache.dat
[2007/08/23 02:39:17 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/08/23 02:39:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/08/23 02:39:16 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/07/20 10:54:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2007/07/14 10:38:22 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/14 10:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/16 14:03:03 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/04/05 11:47:02 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/03/14 15:06:13 | 000,006,341 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2007/03/13 14:15:18 | 000,001,376 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/02/15 15:02:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/01 00:23:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\1stscrhook.dll
[2007/01/05 17:37:51 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2006/09/21 11:47:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\ENABLING.INI
[2006/07/14 16:17:24 | 000,000,247 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2006/06/12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/14 10:14:12 | 000,014,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2006/04/04 12:48:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/04/04 12:28:18 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2006/04/04 12:28:17 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/03/17 17:39:38 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/03/15 14:00:05 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\NLSAPI32.DLL
[2006/03/15 14:00:05 | 000,088,064 | ---- | C] () -- C:\WINDOWS\System32\NLS32.DLL
[2006/03/15 12:36:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/03/10 18:31:18 | 000,000,572 | ---- | C] () -- C:\WINDOWS\NetOp.INI
[2006/03/10 18:22:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2006/03/10 18:22:31 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\unclient.exe
[2006/03/10 18:19:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/03/10 18:19:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2006/03/10 12:56:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 12:48:46 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/03/07 12:29:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2006/03/07 12:29:05 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/03/07 12:28:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2006/03/07 12:28:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/03/07 12:04:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/07 11:53:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/07 11:38:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/07 11:36:06 | 000,485,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/01 16:09:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/02/01 16:09:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2005/07/30 08:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/07/13 04:55:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2005/07/13 04:55:00 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2005/04/27 10:53:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/08 17:42:06 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/09 11:59:12 | 004,014,080 | ---- | C] () -- C:\WINDOWS\System32\qt-mt333.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,444,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,072,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/15 12:02:38 | 000,000,412 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
[2004/03/03 05:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2004/02/11 15:21:38 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2003/09/26 07:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/06/24 14:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/08 22:28:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\TpScrLk.exe
[2002/10/07 19:15:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/10/07 19:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Autodesk
[2009/05/12 12:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Bearshare Premium P2P
[2008/12/01 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Blackberry Desktop
[2008/04/23 13:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Check Point
[2009/08/17 11:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\com.boscarol.DeltaE.AD9C939B7E18AE2C7EFA8B57283D41D202EC58F4.1
[2008/02/15 12:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\DameWare Development
[2007/10/25 10:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\DWMRCMSI
[2008/09/29 15:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\ICAClient
[2008/02/08 21:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Leadertech
[2006/07/14 17:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Lenovo
[2008/03/06 10:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Nokia
[2008/03/06 10:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\PC Suite
[2007/09/29 12:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\PPMate
[2008/01/09 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\ppStream
[2007/09/28 12:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\ProjectPoint-2007
[2008/12/01 20:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Research In Motion
[2008/09/29 15:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Runaware
[2009/06/14 13:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Serif
[2010/01/24 14:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\T-Mobile
[2010/02/07 19:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\T-Mobile Internet Manager
[2006/07/14 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\ThinkVantage
[2010/09/07 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Thunderbird
[2007/12/17 11:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\TomTom
[2010/10/26 17:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Virgin Media
[2009/10/07 21:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/02/28 16:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2006/03/15 13:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Danware Data
[2011/05/24 03:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/07/16 17:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2007/03/01 13:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2006/07/14 12:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2006/03/10 18:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2008/03/06 10:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/07/04 14:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/10/26 17:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2009/12/09 20:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/13 05:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/01/23 16:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/14 11:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThinkVantage
[2010/10/26 17:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2011/05/24 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/05/26 00:00:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2011/05/26 01:32:23 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/27 13:40:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/27 13:40:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,056,462 | R--- | M] () .cab file -- C:\XPRescueSP3\I386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0051\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/27 13:40:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/27 13:40:17 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,056,462 | R--- | M] () .cab file -- C:\XPRescueSP3\I386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0025\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/21 06:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\XPRescueSP3\I386\IASTOR.SYS
[2006/09/07 21:53:22 | 000,874,624 | ---- | M] (Intel Corporation) MD5=865FEC2D85069FD180EA75049829A7A2 -- C:\Program Files\Lenovo\System Update\session\79IM06WW\iastor.sys
[2006/09/07 21:53:22 | 000,874,624 | ---- | M] (Intel Corporation) MD5=865FEC2D85069FD180EA75049829A7A2 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/09/07 21:53:22 | 000,874,624 | ---- | M] (Intel Corporation) MD5=865FEC2D85069FD180EA75049829A7A2 -- C:\WINDOWS\system32\ReinstallBackups\0039\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 19:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\XPRescueSP3\I386\NVGTS.SYS

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2008/04/13 19:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2011/05/26 01:29:53 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\vpclog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\PRINT CONSISTENCY AND QUALI...pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\Presentation1.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\Fry Communications 9 - 13 June 2008_.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\fm-salaries-07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\administrator\My Documents\_Xpress_ Press Signature - ...pdf:Roxio EMC Stream
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E1404CE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3

< End of report >

.......................................................................

OTL Extras logfile created on: 26/05/2011 01:42:02 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 291.45 Mb Available Physical Memory | 28.73% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.49 Gb Total Space | 17.49 Gb Free Space | 33.97% Space Free | Partition Type: NTFS

Computer Name: LAPTOP1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update
"C:\Program Files\Danware Data\NetOp Remote Control\Host\NHSTW32.EXE" = C:\Program Files\Danware Data\NetOp Remote Control\Host\NHSTW32.EXE:*:Enabled:NetOp Host
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update
"C:\Program Files\Danware Data\NetOp Remote Control\Host\NHSTW32.EXE" = C:\Program Files\Danware Data\NetOp Remote Control\Host\NHSTW32.EXE:*:Enabled:NetOp Host
"C:\WINDOWS\system32\cba\pds.exe" = C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service -- (LANDesk Software Ltd.)
"C:\WINDOWS\system32\msgsys.exe" = C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service -- (LANDesk Software Ltd.)
"C:\Program Files\LANDesk\LDClient\issuser.exe" = C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\LANDesk\Shared Files\residentagent.exe" = C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent -- (LANDesk Software, Ltd.)
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- ()
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate -- (ppmate)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{11DB853A-6966-4724-BEAD-793C48AC8C54}" = Kodak EasyShare software
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1bbf7e39-7953-4c4e-816e-2e8b730dab91}" = Check Point SSL Network Extender Service
"{1DC6563E-181C-4A28-AE7C-6256C3268511}" = DameWare Mini Remote Control Client Agent Service
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 23
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{50847162-45B3-D01B-F86B-6083F6C7939A}" = DeltaE
"{539C6F43-E2C5-4513-980F-4728D7926175}" = DameWare Mini Remote Control
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66B8C65C-1903-4285-93A3-D14F9E3CB898}" = DameWare NT Utilities
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E339193-0873-4AC5-BE48-8020E2574EE7}" = VERITAS Enterprise Vault User Extensions 6.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{905eb1d9-8674-4384-884c-4e26e3127b76}" = Check Point SSL Network Extender Components Shell
"{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}" = BlueSoleil
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}" = Nokia Connectivity Cable Driver
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}" = Symantec Client Security
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}" = Vodafone Mobile Connect Lite Runtime Components
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5E6E687-1033-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel® PROSet
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3D Studio MAX" = 3D Studio MAX
"Adobe Acrobat 7.0 Elements" = Adobe Acrobat 7.0.5 Elements
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ColorPort 1.5.4" = ColorPort 1.5.4
"com.boscarol.DeltaE.AD9C939B7E18AE2C7EFA8B57283D41D202EC58F4.1" = DeltaE
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Eye-One Match_is1" = Eye-One Match 3.1
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"i1ColorPoint 1.0" = i1ColorPoint 1.0
"i1Diagnostics_is1" = i1Diagnostics
"ie8" = Windows Internet Explorer 8
"Jessops Picture Suite" = Jessops Picture Suite
"KeyWizard 2.5" = KeyWizard 2.5
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NCP RWS/GA" = WatchGuard Mobile VPN
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"Power Management Driver" = ThinkPad Power Management Driver
"ppmate" = PPMate Network TV 2.1.0.42
"Presentation Director" = ThinkPad Presentation Director
"PrimoPDF4.0.2.5" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"PROJECT in a box Community Edtion 2" = PROJECT in a box Community Edition 2
"ProjectPoint-2007" = Autodesk Buzzsaw 2007.2.1936.12
"PROSet" = Intel® PRO Network Connections Drivers
"RadialpointClientGateway_is1" = Virgin Media HUB 3.5.12
"ShockwaveFlash" = Macromedia Flash Player 8
"SopCast" = SopCast 1.1.2
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TomTom HOME" = TomTom HOME 2.7.2.1825
"TPKBDLED" = Scroll Lock Indicator Utility
"TrackPoint" = ThinkPad TrackPoint Driver
"TVAnts 1.0" = TVAnts 1.0
"VideoPad" = VideoPad Video Editor
"VitalAgent" = VitalAgent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/05/2011 16:30:37 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:31:27 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:43:35 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:44:35 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:52:09 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 17:52:19 | Computer Name = LAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleil.exe, version 2.3.0.0, faulting module
mfc42.dll, version 6.2.8081.0, fault address 0x000011a3.

Error - 23/05/2011 17:59:23 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 24/05/2011 09:28:42 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 24/05/2011 17:56:11 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 25/05/2011 05:10:51 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

[ Application Events ]
Error - 23/05/2011 16:30:37 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:31:27 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:43:35 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:44:35 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 16:52:09 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 23/05/2011 17:52:19 | Computer Name = LAPTOP1 | Source = Application Error | ID = 1000
Description = Faulting application BlueSoleil.exe, version 2.3.0.0, faulting module
mfc42.dll, version 6.2.8081.0, fault address 0x000011a3.

Error - 23/05/2011 17:59:23 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 24/05/2011 09:28:42 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 24/05/2011 17:56:11 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

Error - 25/05/2011 05:10:51 | Computer Name = LAPTOP1 | Source = Inventory Scanner | ID = 25
Description = LDIScn32: Failed to resolve the Host Nam

[ System Events ]
Error - 24/05/2011 09:21:37 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2147483720 (0x80000048).

Error - 24/05/2011 17:50:25 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%3

Error - 24/05/2011 17:50:33 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2147483720 (0x80000048).

Error - 24/05/2011 19:59:54 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 24/05/2011 20:26:19 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 24/05/2011 20:43:36 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 25/05/2011 20:30:53 | Computer Name = LAPTOP1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 25/05/2011 20:31:44 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7000
Description = The SMI helper driver service failed to start due to the following
error: %%3

Error - 25/05/2011 20:31:52 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 25/05/2011 20:31:53 | Computer Name = LAPTOP1 | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2147483720 (0x80000048).


< End of report >

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:19 AM

Posted 25 May 2011 - 08:44 PM

Hello,


1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    [2011/05/22 20:13:14 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mssfsi1vlq8g1bx8lmkcbl8
    [2011/05/22 20:13:14 | 000,014,490 | -HS- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\mssfsi1vlq8g1bx8lmkcbl8
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell - "" = AutoRun
    O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
    O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell - "" = AutoRun
    O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\Shell\AutoRun\command - "" = D:\setup.exe
    O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell - "" = AutoRun
    O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{9a63d80f-083f-11dc-9de7-0019d275b97c}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
    O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell - "" = AutoRun
    O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
    O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell - "" = AutoRun
    O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
    O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell - "" = AutoRun
    O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
    O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell - "" = AutoRun
    O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
    O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell - "" = AutoRun
    O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

3.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

4.
  • Double click on the Posted Image icon on your desktop.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Things to include in your next reply::
OTL fix log
TDSSKiller log
aswMbr log
Otl.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 09:55 PM

Hello fireman4it,

Computer is not currently bleeping :) I had a message that my post was too long so have attached the final OTL Scan Log in order to shorten this. Please find the other two logs pasted below.
Many thanks.

OTL Fix Log:

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\mssfsi1vlq8g1bx8lmkcbl8 moved successfully.
C:\Documents and Settings\administrator\Local Settings\Application Data\mssfsi1vlq8g1bx8lmkcbl8 moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03016d0d-6fca-11df-9f4f-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03016d0d-6fca-11df-9f4f-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03016d0d-6fca-11df-9f4f-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03016d0d-6fca-11df-9f4f-54554344522f}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dffa364-b5a4-11da-a443-00096b820339}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dffa364-b5a4-11da-a443-00096b820339}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dffa364-b5a4-11da-a443-00096b820339}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dffa364-b5a4-11da-a443-00096b820339}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a322a50-08f0-11df-9f3a-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a322a50-08f0-11df-9f3a-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a322a50-08f0-11df-9f3a-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a322a50-08f0-11df-9f3a-54554344522f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a63d80f-083f-11dc-9de7-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a63d80f-083f-11dc-9de7-0019d275b97c}\ not found.
File E:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72619e8-6c39-11dc-9e52-0019d275b97c}\ not found.
File E:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a35ccd-95d8-11dc-9e5d-0019d275b97c}\ not found.
File E:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3c45b4-08e9-11df-9f39-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3c45b4-08e9-11df-9f39-54554344522f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb3c45b4-08e9-11df-9f39-54554344522f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb3c45b4-08e9-11df-9f39-54554344522f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5b648f0-5c77-11dc-9e4a-0019d275b97c}\ not found.
File E:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dc-9eb3-11dc-9e60-0019d275b97c}\ not found.
File E:\VMC_PBStarter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f91719dd-9eb3-11dc-9e60-0019d275b97c}\ not found.
File E:\VMC_PBStarter.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 408409563 bytes
->Temporary Internet Files folder emptied: 3117824 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54408449 bytes
->Google Chrome cache emptied: 13334883 bytes
->Flash cache emptied: 41536 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 311430 bytes
->Java cache emptied: 187834 bytes
->Flash cache emptied: 41392 bytes

User: gagea
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 2609905 bytes
->FireFox cache emptied: 31425411 bytes
->Flash cache emptied: 22155 bytes

User: germinate
->Temp folder emptied: 751386 bytes
->Temporary Internet Files folder emptied: 1633374 bytes
->Java cache emptied: 187834 bytes
->FireFox cache emptied: 3267206 bytes
->Flash cache emptied: 348 bytes

User: Guest
->Temp folder emptied: 11059 bytes
->Temporary Internet Files folder emptied: 1230918 bytes
->Java cache emptied: 187834 bytes
->FireFox cache emptied: 3242646 bytes
->Flash cache emptied: 41392 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7709520 bytes
->Flash cache emptied: 535 bytes

User: Stuart
->Temp folder emptied: 28773 bytes
->Temporary Internet Files folder emptied: 1340429 bytes
->Java cache emptied: 187834 bytes
->Flash cache emptied: 41392 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5486996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 75210674 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 586.00 mb


[EMPTYFLASH]

User: administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: gagea
->Flash cache emptied: 0 bytes

User: germinate
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Stuart
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 05262011_025632

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

aswMBR Log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-26 03:22:51
-----------------------------
03:22:51.593 OS Version: Windows 5.1.2600 Service Pack 3
03:22:51.593 Number of processors: 2 586 0xE0C
03:22:51.593 ComputerName: LAPTOP1 UserName:
03:22:52.296 Initialize success
03:23:44.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:23:44.296 Disk 0 Vendor: FUJITSU_ 0084 Size: 57231MB BusType: 3
03:23:44.328 Disk 0 MBR read successfully
03:23:44.328 Disk 0 MBR scan
03:23:44.328 Disk 0 Windows XP default MBR code
03:23:44.343 Disk 0 scanning sectors +117195120
03:23:44.375 Disk 0 scanning C:\WINDOWS\system32\drivers
03:23:57.109 Service scanning
03:24:03.609 Disk 0 trace - called modules:
03:24:03.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
03:24:03.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b1bab8]
03:24:03.640 3 CLASSPNP.SYS[f75ddfd7] -> nt!IofCallDriver -> \Device\000000e5[0x87b13958]
03:24:03.640 5 ACPI.sys[f7454620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87b18030]
03:24:03.640 Scan finished successfully
03:24:56.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\administrator\Desktop\MBR.dat"
03:24:56.968 The log file has been saved successfully to "C:\Documents and Settings\administrator\Desktop\aswMBR.txt"


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

OTL Scan Log attached

Attached Files

  • Attached File  OTL.Txt   164.49KB   1 downloads


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:19 AM

Posted 25 May 2011 - 10:25 PM

Hello, LoonyToon.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 25 May 2011 - 11:01 PM

Hello fireman4it,

Absolutely fantastic :thumbsup: I will work through your list of things to do as soon as I post this :)

A couple of questions: I've not attempted to start Windows firewall yet, but if this runs ok, is it sufficient? I have Norton security on here, including firewall (but not confident in using/lacking knowledge) and I'm far from impressed with Norton Antivirus. As you say, new threats are born daily, but Symantec virus db updates can be as long as three days apart. Have been considering un-installing it and replacing it with AVG, but loathed to do this as, I have had experience of VPN's that will not allow entry with AVG installed, why they deem Norton as acceptable is beyond me, but that's another saga!

We also have another machine here that my wife uses. This machine too has the problem of being unable to initiate Windows Firewall. Ugh! Would you recommend going through these procedures on that machine also? Start a new topic? Going to be a problem getting her off it but hey! Anything is possible!

Finally,

A great many thanks for your help so far. My experience using this site has been fantastic and quite frankly, do not know what I would have done without the help I have received. As soon as I have some paid work in my field (things are not good at present) a donation is definitely due :)


Take care for now.

Cheers,

Loony


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:19 AM

Posted 26 May 2011 - 10:42 AM

Hello,

Norton should be ok to run in conjunction with your Windows Firewall.


We can go ahead and take a look at your wife computer.

1.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

Save both reports to your desktop post the contents of the DDS.txt log. Save the other report incase I need to look at it later.

2.
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

3.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 26 May 2011 - 05:42 PM

1. Downloading dds.scr:
Firefox download is immediately cancelled in the dowlnoad window.
Clicking 'Retry' shows the file is downloading but can not be found in target folder on completion.

(File downloads successfully without renaming using Google Chrome BTW. But, it needs un-blocking before it can be opened. Double clicking it results in system msg 'Windows can not access the specified device, path, or file. You may not have permissions to access the item' File properties reports that 'this file came from another computer and might be blocked to help protect this computer.)

Downloaded file and saved as 'Something.txt' which is successful with Firefox, then renamed it to dds.scr.

Double clicking the file results in a note pad window opening filled with hieroglyphics. First line has readable text of 'This program can not be run in DOS mode'

gMER EXE file downloads no problem.

I Will run that now and post results in next msg.


#14 LoonyToon

LoonyToon
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:19 AM

Posted 26 May 2011 - 07:30 PM

ello fireman4it :)

Ran gmer.exe, strange thing though, log file didnt appear on desk top when saved so had to copy and paste from a text doc, please see below along with awsMBR log:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-27 01:08:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084
Running: g38jwr51.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT 87B37CD0 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA50BCC0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA50BF20]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3628] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A7364D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet001\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet001\control\Class\{87DA5330-1C08-11DB-A98B-0800200C9A66}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{87DA5330-1C08-11DB-A98B-0800200C9A66}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-27 01:21:17
-----------------------------
01:21:17.531 OS Version: Windows 5.1.2600 Service Pack 3
01:21:17.531 Number of processors: 2 586 0xE0C
01:21:17.531 ComputerName: LAPTOP1 UserName:
01:21:18.296 Initialize success
01:21:28.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:21:28.734 Disk 0 Vendor: FUJITSU_ 0084 Size: 57231MB BusType: 3
01:21:28.765 Disk 0 MBR read successfully
01:21:28.765 Disk 0 MBR scan
01:21:28.765 Disk 0 Windows XP default MBR code
01:21:28.781 Disk 0 scanning sectors +117195120
01:21:28.859 Disk 0 scanning C:\WINDOWS\system32\drivers
01:22:07.343 Service scanning
01:22:13.781 Disk 0 trace - called modules:
01:22:13.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
01:22:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b2a030]
01:22:13.828 3 CLASSPNP.SYS[f75ddfd7] -> nt!IofCallDriver -> \Device\000000e6[0x87b3ff18]
01:22:13.828 5 ACPI.sys[f7454620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87b06030]
01:22:13.828 Scan finished successfully
01:23:31.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\administrator\Desktop\MBR.dat"
01:23:31.078 The log file has been saved successfully to "C:\Documents and Settings\administrator\Desktop\aswMBR.txt"




#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:19 AM

Posted 26 May 2011 - 08:15 PM

Lets try OTL instead of DDS and lets run TDSSKiller



1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    volsnap.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Edited by fireman4it, 26 May 2011 - 08:16 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users