Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blank window2 and hello4


  • This topic is locked This topic is locked
19 replies to this topic

#1 Chris Hill

Chris Hill

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 August 2011 - 07:06 AM

Hi,When I start my computer I have flashing windows or sometimes multiple windows open with name "blank window2". My computer is very slow and I'm not able to use certain applications. When I try to reboot or shutdown s a message saying that the program "hello4" is not responding and asks for End program now. This goes on and on and the system cannot be shutdown.

Here is the DDS log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by steve at 22:00:31 on 2011-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3539.2630 [GMT 10:00]
.
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
============== Running Processes ===============
.
C:\Program Files\Norman\Npm\Bin\elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nnf.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SysAid\IliAS.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Nse\Bin\NSESVC.EXE
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\Apoint .exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\IDT\WDM\sttray .exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
C:\Program Files\Wave Systems Corp\SecureUpgrade .exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr .exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Adjustit\Main\AAMC1.exe
C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate .exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://intranet.aamcommercial.com.au:8080/default.aspx
uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Telephony Toolbar Services: {431a60e6-675f-4b9f-b3f0-66e0fecc8b34} - c:\program files\tipt\telstra telephony toolbar\bin\BW_Assistant_Enterprise_IE_S.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Telephony Toolbar Call Control: {8f1ff1a7-c048-4d6b-b052-56e42ce427cb} - c:\program files\tipt\telstra telephony toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: : {ccd77d39-81eb-c924-895b-7c1fd01cd185} - c:\windows\system32\ufnqljjl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Telephony Toolbar Call Control: {6f6690b9-c5db-4f08-8833-f2ef4dee956b} - c:\program files\tipt\telstra telephony toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll
TB: Telephony Toolbar Services: {f10d927f-d3df-4734-98ab-dd258253f5fd} - c:\program files\tipt\telstra telephony toolbar\bin\BW_Assistant_Enterprise_IE_S.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM .exe" -scheduler
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT .exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\aamc1.lnk - c:\adjustit\main\AAMC1.exe
StartupFolder: c:\docume~1\steve\startm~1\programs\startup\launch~1.lnk - c:\program files\internet explorer\iexplore.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: aamcommercial.com.au\intranet
Trusted Zone: aamserver
Trusted Zone: adjustitsystem.com.au\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254722174446
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steve\application data\mozilla\firefox\profiles\tc3tt2lh.default\
FF - prefs.js: browser.startup.homepage - hxxp://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2011-4-12 26744]
R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2011-4-12 74144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-13 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 acexeibj;Remote Access NDIS WAN Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-4-26 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-4-9 447264]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-12 47640]
R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2011-4-12 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\norman\ngs\bin\nnf.exe [2011-4-12 223000]
R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2010-12-2 308408]
R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2011-4-12 90656]
R2 nregsec;Norman Registry Security driver;c:\program files\norman\ngs\bin\nregsec.sys [2011-4-12 40384]
R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2011-4-12 100336]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-4-10 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-9-9 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-9 109568]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2011-4-12 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2011-4-12 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2011-4-12 198168]
R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2011-4-12 99312]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-9-8 232744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-8 7680]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-26 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-08-02 06:29:31 -------- d-----w- c:\documents and settings\steve\application data\SUPERAntiSpyware.com
2011-08-02 06:29:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-08-02 06:29:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-01 23:32:10 65536 --sha-r- c:\windows\system32\adsnds6.dll
2011-08-01 00:22:05 5443584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-07-30 05:22:28 821248 ----a-w- c:\windows\system32\ufnqljjl.dll
.
==================== Find3M ====================
.
2011-08-01 02:50:25 256 ----a-w- c:\windows\system32\pool.bin
2011-07-18 23:34:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-18 23:34:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-18 23:34:26 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-18 23:34:25 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-07-18 23:34:25 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-18 23:34:25 29568 ----a-w- c:\windows\system32\LMIport.dll
.
============= FINISH: 22:01:36.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 02 August 2011 - 03:00 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#3 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 August 2011 - 05:58 PM

Thanks Noviciate,

Have run combo fix and have pastes log.txt.....
Has only just finished so will update you on it running in a bit but heres the log for now.

Chris

*****************************************************************************************

ComboFix 11-08-02.03 - steve 03/08/2011 8:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3539.2572 [GMT 10:00]
Running from: c:\documents and settings\steve\Desktop\ChrisFix.exe
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\Adobe\plugs
c:\documents and settings\NetworkService\Application Data\Adobe\shed
c:\documents and settings\steve\Application Data\EurekaLog
c:\documents and settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\documents and settings\steve\System
c:\documents and settings\steve\System\win_qs8.jqx
c:\documents and settings\steve\WINDOWS
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
c:\program files\DellTPad\Apoint.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
c:\program files\Logitech\Logitech WebCam Software\LWS.exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Norman\Npm\Bin\ZLH.EXE
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
c:\program files\Wave Systems Corp\SecureUpgrade.exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
c:\windows\keys.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\steve\Application Data\SUPERAntiSpyware.com
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-02 06:29 . 2011-08-02 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-02 00:40 . 2011-08-02 02:19 -------- d-----w- c:\documents and settings\steve\Application Data\U3
2011-08-01 23:32 . 2011-08-01 23:32 65536 --sha-r- c:\windows\system32\adsnds6.dll
2011-08-01 02:13 . 2011-08-01 02:13 -------- d-----w- c:\documents and settings\administrator.aam
2011-08-01 00:22 . 2010-02-02 11:46 5443584 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2011-07-30 05:22 . 2011-07-30 05:22 821248 ----a-w- c:\windows\system32\ufnqljjl.dll
2011-07-30 00:34 . 2011-07-30 05:29 -------- d-----w- c:\documents and settings\stevec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 22:15 . 2009-09-18 05:11 0 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\WavXMapDrive.bat
2011-07-18 23:34 . 2011-04-12 03:56 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-18 23:34 . 2011-04-12 03:56 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-16 04:32 . 2011-06-24 22:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT  .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM  .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Logitech\Logitech WebCam Software\LWS .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Norman\Npm\Bin\ZLH .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\system32\rundll32 .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCD77D39-81EB-C924-895B-7C1FD01CD185}]
2011-07-30 05:22 821248 ----a-w- c:\windows\system32\ufnqljjl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{CCD77D39-81EB-C924-895B-7C1FD01CD185}"
[HKEY_CLASSES_ROOT\CLSID\{CCD77D39-81EB-C924-895B-7C1FD01CD185}]
2011-07-30 05:22 821248 ----a-w- c:\windows\system32\ufnqljjl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [N/A]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-08-01 38916]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [N/A]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [N/A]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [N/A]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [N/A]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [N/A]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [N/A]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-02 2670592]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [N/A]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [N/A]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-01 623960]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [N/A]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [N/A]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [N/A]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-05-19 3618104]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [N/A]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\adminmi\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
.
c:\documents and settings\steve\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-4-26 638816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-8 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-18 23:34 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 04:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-08 09:07 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\explorer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35163:TCP"= 35163:TCP:@xpsp2res.dll,-22009
.
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [12/04/2011 4:12 PM 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [12/04/2011 4:12 PM 74144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [13/07/2011 7:55 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 7:55 AM 67664]
R2 acexeibj;Remote Access NDIS WAN Helper;c:\windows\System32\svchost.exe -k netsvcs [26/04/2008 2:16 AM 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 3:47 PM 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 1:07 PM 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 4:02 PM 447264]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/03/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 3:40 PM 12856]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [12/04/2011 4:12 PM 22880]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [12/04/2011 4:12 PM 40384]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [10/04/2009 2:08 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/09/2009 10:46 AM 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/09/2009 10:47 AM 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [8/09/2009 7:29 PM 232744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [8/10/2009 1:34 PM 7680]
S3 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [12/04/2011 4:12 PM 223000]
S3 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [12/04/2011 4:12 PM 90656]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [12/04/2011 4:12 PM 288072]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [12/04/2011 4:12 PM 24176]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [12/04/2011 4:12 PM 198168]
S3 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [12/04/2011 4:12 PM 100336]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [12/04/2011 4:12 PM 99312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [26/04/2008 2:16 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
acexeibj
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\At1.job
- c:\windows\system32\ufnqljjl.dll [2011-07-30 05:22]
.
2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.aamcommercial.com.au:8080/default.aspx
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uInternet Settings,ProxyOverride = <local>
IE: &Dial - c:\program files\TIPT\Telstra Telephony Toolbar\conf\dialIE.htm
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aamcommercial.com.au\intranet
Trusted Zone: aamserver
Trusted Zone: adjustitsystem.com.au\www
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\tc3tt2lh.default\
FF - prefs.js: browser.startup.homepage - hxxp://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-03 08:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(10032)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\igfxdo.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ufnqljjl.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\rundll32.exe
c:\drivers\audio\r213367\stacsv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files (x86)\SysAid\IliAS.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\IDT\WDM\sttray .exe
c:\windows\system32\igfxext.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-08-03 08:54:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 22:53
.
Pre-Run: 217,584,836,608 bytes free
Post-Run: 218,219,929,600 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0BA5A4CAFE84632ADBA2429C39378067

Attached Files

  • Attached File  log.txt   20.84KB   0 downloads


#4 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 02 August 2011 - 07:23 PM

Noviciate,

It looks much better although hello4 still comes up on shutdown but on end task will actually close and allow shutdown. Looks like it still flashes but only once on startup, might be that one hello4 starting up.

Thanks

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 03 August 2011 - 02:44 PM

Good evenig. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#6 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 August 2011 - 05:42 AM

Sorry about how long this has taken Noviciate,

Heres the results...

ESET...
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\172ebf6a-65d3de2e multiple threats
C:\Documents and Settings\steve\Application Data\Sun\Java\Deployment\cache\6.0\3\27b75903-2cbab0b6 Java/TrojanDownloader.Agent.NCA trojan
C:\Documents and Settings\steve\Application Data\Sun\Java\Deployment\cache\6.0\39\503e04e7-754cee07 multiple threats
C:\Documents and Settings\steve\Application Data\Sun\Java\Deployment\cache\6.0\55\35b361f7-4e9e61f2 multiple threats
C:\Program Files\IDT\WDM\sttray.exe a variant of Win32/Kryptik.QLX trojan
C:\Program Files\Innovative Solutions\DriverMax\devices.exe a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\2alKfe7G.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Documents and Settings\steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\DellTPad\Apoint.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Logitech\Logitech WebCam Software\LWS.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Norman\Npm\Bin\ZLH.EXE.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Wave Systems Corp\SecureUpgrade.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe.vir a variant of Win32/Kryptik.QLX trojan
C:\Qoobox\Quarantine\C\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe.vir a variant of Win32/Kryptik.QLX trojan

OTL.TXT...

OTL logfile created on: 8/08/2011 8:33:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\Steve
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.46 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 82.16% Memory free
5.29 Gb Paging File | 4.70 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.80 Gb Total Space | 202.41 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.62 Gb Free Space | 75.23% Space Free | Partition Type: FAT32

Computer Name: AAMBRI-LT007 | User Name: steve | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/08 20:32:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\Steve\OTL.scr
PRC - [2011/07/19 09:34:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/27 11:59:18 | 001,053,696 | ---- | M] (SysAid Ltd) -- C:\Program Files (x86)\SysAid\IliAS.exe
PRC - [2010/11/10 22:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010/11/09 01:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Nip.exe
PRC - [2010/11/09 01:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\CClaw.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/09 23:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray .exe
PRC - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/04/22 12:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/04/09 16:05:38 | 001,106,720 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/04/09 16:02:50 | 000,447,264 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/03/17 11:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/29 13:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
PRC - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 02:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011/08/08 20:32:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\Steve\OTL.scr
MOD - [2010/11/09 01:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Niphk.dll
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/07/30 15:22:28 | 000,821,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ufnqljjl.dll -- (acexeibj)
SRV - [2011/07/19 09:34:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/19 09:34:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/24 13:42:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/27 11:59:18 | 001,053,696 | ---- | M] (SysAid Ltd) [Auto | Running] -- C:\Program Files (x86)\SysAid\IliAS.exe -- (SysAidAgent)
SRV - [2010/12/18 00:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010/12/02 11:13:56 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010/11/11 13:43:30 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010/11/10 22:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010/11/10 22:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010/11/09 02:02:27 | 000,111,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010/11/09 02:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010/11/09 01:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010/11/09 01:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/22 12:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/09 16:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/29 13:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 11:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/11 22:01:54 | 000,024,176 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2010/11/10 23:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010/11/10 23:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/08/07 21:28:56 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/03/09 23:56:02 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/02/02 21:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/02/02 21:47:18 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2010/01/04 23:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009/10/09 21:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009/09/07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/22 16:15:58 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/04/08 03:32:56 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/03/24 17:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/02/23 07:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/20 12:33:16 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/10/28 17:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/10/01 10:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/12 10:30:54 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_HWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.jp.msn.com/USREL/19
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.jp.msn.com/USREL/19

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.aamcommercial.com.au:8080/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51111
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/25 08:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2011/06/25 08:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/10/07 16:34:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 14:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/08 19:15:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Telephony Toolbar Services) - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Telephony Toolbar Call Control) - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: () - {CCD77D39-81EB-C924-895B-7C1FD01CD185} - C:\WINDOWS\system32\ufnqljjl.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Telephony Toolbar Call Control) - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O3 - HKLM\..\Toolbar: (Telephony Toolbar Services) - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] File not found
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellControlPoint] File not found
O4 - HKLM..\Run: [EmbassySecurityCheck] File not found
O4 - HKLM..\Run: [IAAnotif] File not found
O4 - HKLM..\Run: [IJNetworkScanUtility] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [PDVDDXSrv] File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] File not found
O4 - HKLM..\Run: [SecureUpgrade] File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe ()
O4 - HKLM..\Run: [USCService] File not found
O4 - HKLM..\Run: [WavXMgr] File not found
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\AAMC1.lnk = C:\Adjustit\Main\AAMC1.exe (PWORKING)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Dial - C:\Program Files\TIPT\Telstra Telephony Toolbar\conf\dialIE.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: aamcommercial.com.au ([intranet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aamcommercial.com.au ([intranet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aamserver ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adjustitsystem.com.au ([www] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254722174446 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AAM.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 07:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 22:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/08 19:17:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/08 19:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/08 19:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/08 19:09:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/08 19:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/08 19:03:10 | 000,000,000 | ---D | C] -- C:\ChrisFix
[2011/08/08 19:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2011/08/08 18:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/07 09:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2011/08/07 09:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\BroadSoft
[2011/08/03 15:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DW WLAN
[2011/08/03 15:20:32 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2011/08/03 15:20:32 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2011/08/03 15:20:31 | 002,670,592 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2011/08/03 14:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norman Security Suite
[2011/08/03 14:29:38 | 000,378,000 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_nf.sys
[2011/08/03 14:29:38 | 000,068,176 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf64.sys
[2011/08/03 14:29:38 | 000,061,472 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys
[2011/08/03 14:29:38 | 000,048,272 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsec.sys
[2011/08/03 14:29:38 | 000,034,192 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl64.sys
[2011/08/03 14:29:38 | 000,030,584 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl.sys
[2011/08/03 14:29:38 | 000,024,176 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[2011/08/03 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/03 12:47:18 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/08/03 12:44:33 | 000,046,592 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\risdptsk.sys
[2011/08/03 12:43:07 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st326274.dll
[2011/08/03 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Secunia PSI
[2011/08/03 12:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\My Drivers
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Innovative Solutions
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/08/03 12:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/08/03 08:37:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/03 08:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/03 08:33:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/03 08:18:08 | 004,165,965 | R--- | C] (Swearware) -- C:\Documents and Settings\steve\Desktop\ChrisFix.exe
[2011/08/02 16:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\SUPERAntiSpyware.com
[2011/08/02 16:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/02 15:57:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\steve\Recent
[2011/08/02 10:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\U3
[2011/08/01 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/01 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/30 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/30 13:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/30 10:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/30 10:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 19:15:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/08 19:10:36 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/08/08 19:08:46 | 004,165,965 | R--- | M] (Swearware) -- C:\Documents and Settings\steve\Desktop\ChrisFix.exe
[2011/08/08 18:40:08 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7t2YF3PDb.dat
[2011/08/08 18:36:12 | 000,515,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/08 18:36:12 | 000,099,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/08 18:35:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job
[2011/08/08 18:19:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/08 18:17:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/08 18:17:51 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 14:00:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/08/06 14:21:59 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Microsoft Office Word 2007.lnk
[2011/08/04 14:19:33 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2011/08/04 13:54:27 | 000,004,499 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\defaultCAMTYYR8.jpg
[2011/08/04 05:55:19 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Microsoft Office Excel 2007.lnk
[2011/08/03 14:06:33 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/03 14:02:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 13:13:13 | 000,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/08/03 13:05:19 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/08/03 08:37:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/03 08:15:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\WavXMapDrive.bat
[2011/08/02 09:32:10 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\adsnds6.dll
[2011/08/01 15:31:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 13:03:19 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2011/08/01 11:27:01 | 000,000,304 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/01 09:33:00 | 000,013,920 | -HS- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/08/01 09:33:00 | 000,013,920 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/08/01 08:26:33 | 000,012,801 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\56D2.7D0
[2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/07/19 09:34:25 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2011/07/19 09:34:25 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/07/19 09:34:25 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/07/15 11:36:46 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Google Chrome.lnk
[2011/07/15 11:36:46 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 19:09:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/08 19:09:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/08 19:09:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/08 19:09:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/08 19:09:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/07 14:00:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/08/07 08:41:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7t2YF3PDb.dat
[2011/08/04 14:19:26 | 000,004,499 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\defaultCAMTYYR8.jpg
[2011/08/03 15:20:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/08/03 15:20:31 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/08/03 15:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/08/03 14:29:38 | 000,222,352 | ---- | C] () -- C:\WINDOWS\System32\nscrnsav.scr
[2011/08/03 13:53:25 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 13:13:13 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/08/03 12:47:19 | 000,178,400 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2011/08/03 12:47:19 | 000,165,374 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2011/08/03 12:47:19 | 000,139,901 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2011/08/03 12:47:19 | 000,133,740 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2011/08/03 12:47:19 | 000,118,677 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2011/08/03 12:47:19 | 000,118,049 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2011/08/03 12:47:19 | 000,114,354 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2011/08/03 12:47:19 | 000,102,872 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2011/08/03 12:47:19 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/08/03 12:47:18 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/08/03 12:47:18 | 000,189,534 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2011/08/03 12:47:18 | 000,136,402 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2011/08/03 12:47:18 | 000,125,547 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2011/08/03 12:47:18 | 000,123,228 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2011/08/03 12:47:18 | 000,122,923 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2011/08/03 12:47:18 | 000,122,700 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2011/08/03 12:47:18 | 000,121,165 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2011/08/03 12:47:18 | 000,120,781 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2011/08/03 12:47:18 | 000,120,360 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2011/08/03 12:47:18 | 000,119,598 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2011/08/03 12:47:18 | 000,119,581 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2011/08/03 12:47:18 | 000,119,341 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2011/08/03 12:47:18 | 000,119,058 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2011/08/03 12:47:18 | 000,118,754 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2011/08/03 12:47:18 | 000,118,409 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2011/08/03 12:47:18 | 000,114,833 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2011/08/03 12:47:18 | 000,114,242 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2011/08/03 12:47:18 | 000,110,205 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2011/08/03 12:47:18 | 000,104,033 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2011/08/03 12:47:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/08/03 12:38:01 | 000,146,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFLProf.cty
[2011/08/03 12:38:01 | 000,144,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/08/03 12:38:01 | 000,141,572 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFSProf.cty
[2011/08/03 12:38:01 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFTProf.cty
[2011/08/03 12:38:01 | 000,133,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFDProf.cty
[2011/08/03 12:38:01 | 000,133,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFEProf.cty
[2011/08/03 12:36:01 | 000,747,498 | ---- | C] () -- C:\WINDOWS\System32\oem50.inf
[2011/08/03 08:37:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/03 08:37:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 17:10:03 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/02 09:32:10 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\adsnds6.dll
[2011/07/30 10:18:11 | 000,013,920 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/07/30 10:18:11 | 000,013,920 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/07/30 10:07:04 | 000,012,801 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\56D2.7D0
[2011/06/25 08:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/22 10:20:51 | 000,016,200 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\d73fb261080i1w4871nxidem0qbqat71m0pu
[2011/05/22 10:20:51 | 000,016,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d73fb261080i1w4871nxidem0qbqat71m0pu
[2011/04/12 18:06:35 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/04/12 18:06:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/04/12 18:05:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/12 18:05:45 | 000,022,892 | ---- | C] () -- C:\WINDOWS\HL-3040CN.INI
[2011/04/12 18:05:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/04/12 18:05:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/04/12 18:05:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC08A.DAT
[2011/04/12 18:05:08 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/05/12 19:03:26 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2009/10/15 12:19:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\qt3wrap.dll
[2009/10/15 12:19:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/10/09 10:39:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini
[2009/10/08 11:48:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/21 08:57:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/18 17:06:02 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/18 17:06:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/18 15:11:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\WavXMapDrive.bat
[2009/09/09 10:47:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/09 10:47:12 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/09 10:46:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/09/09 10:45:38 | 000,001,200 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/08 19:39:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/08 19:30:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/08 19:29:48 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/09/08 19:16:18 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/22 11:58:30 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll
[2009/02/26 18:54:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/02/26 18:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/02/26 18:54:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/02/26 18:54:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/02/26 18:54:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/02/26 18:54:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/02/26 18:54:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/02/26 18:54:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/02/26 18:54:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/02/26 18:54:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/02/26 18:54:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/02/26 18:54:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/02/26 18:54:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/02/26 18:54:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/02/26 18:54:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/02/26 18:54:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/02/26 18:54:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/02/26 18:54:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/02/26 18:54:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/02/26 18:54:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/02/26 18:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/02/26 18:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/02/26 18:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/02/26 18:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/02/17 11:51:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/02/17 11:51:28 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/02/17 11:51:26 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/02/17 11:51:24 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/02/17 11:51:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/02/17 11:51:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/02/17 11:51:22 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/02/17 11:51:22 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/02/17 11:51:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/02/17 11:51:20 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/02/17 11:51:20 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/02/17 11:51:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/02/17 11:51:16 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/02/17 11:51:16 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/02/17 11:51:16 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/02/17 11:51:14 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/02/17 11:51:04 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/02/17 11:51:04 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/02/17 11:51:02 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/02/17 11:51:02 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/02/17 11:51:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/02/17 11:51:00 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/02/17 11:50:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/02/17 11:50:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/02/17 10:46:36 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/01/06 18:25:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/22 16:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/10/06 20:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/26 07:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/26 07:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/26 07:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/26 02:16:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/26 02:16:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/26 02:16:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/26 02:16:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/26 02:16:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/26 02:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/26 02:16:22 | 000,515,436 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/26 02:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/26 02:16:22 | 000,099,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/26 02:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/26 02:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/26 02:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/26 02:16:21 | 000,409,344 | ---- | C] () -- C:\WINDOWS\System32\txnimwhn.dat
[2008/04/26 02:16:21 | 000,365,824 | ---- | C] () -- C:\WINDOWS\System32\weeyevaj.dat
[2008/04/26 02:16:21 | 000,154,368 | ---- | C] () -- C:\WINDOWS\System32\dcfnjaeh.dat
[2008/04/26 02:16:21 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\obartqcb.dat
[2008/04/26 02:16:21 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\zxucweyb.dat
[2008/04/26 02:16:21 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\blprfwku.dat
[2008/04/26 02:16:21 | 000,041,728 | ---- | C] () -- C:\WINDOWS\System32\nvijzmdg.dat
[2008/04/26 02:16:21 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\bslynkpu.dat
[2008/04/26 02:16:21 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\hhapuzvy.dat
[2008/04/26 02:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/26 02:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/26 02:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/26 02:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/26 02:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 19:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 19:21:52 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2010/05/12 19:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/03 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/04/08 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
[2011/08/08 09:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/09/08 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2011/08/03 13:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/09/08 19:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/12/17 10:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Blackberry Desktop
[2009/09/08 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Broadcom
[2011/04/12 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\BroadSoft
[2010/03/12 09:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\EndNote
[2010/04/22 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\FinalMediaPlayer
[2009/10/08 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Research In Motion
[2009/11/13 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\SmartDraw
[2009/09/08 19:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Wave Systems Corp
[2009/09/08 19:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Windows Desktop Search
[2009/09/18 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Windows Search
[2011/08/08 18:35:20 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job

========== Purity Check ==========



< End of report >

EXTRAS.TXT

Extras

OTL Extras logfile created on: 8/08/2011 8:33:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\Steve
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.46 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 82.16% Memory free
5.29 Gb Paging File | 4.70 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.80 Gb Total Space | 202.41 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.62 Gb Free Space | 75.23% Space Free | Partition Type: FAT32

Computer Name: AAMBRI-LT007 | User Name: steve | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"35163:TCP" = 35163:TCP:*:Enabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"35163:TCP" = 35163:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\QNAP\Finder\Finder.exe" = C:\Program Files\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Microsoft Media Collaboration Extender (MCE-In) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0639F993-7F7E-4BA5-BEC7-53CAC2E5B973}" = Dell ControlPoint System Manager
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3187D374-8584-4D51-8B24-ECE0123110A5}" = Telstra Telephony Toolbar 14 SP10 (14.10.117.3) MB9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45B01AEF-00A5-469B-93C9-92944951D61B}" = Brother HL-3040CN
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009 Plus
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75729BD7-F978-4C18-AF98-C0A682BF17D0}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3AE0BDB-1679-4873-BED4-F94B36CB10E4}" = DecisionTools Suite Industrial 5.5 for Excel
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"center" = center Screen Saver
"Client Services" = Client Services 1.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DW WLAN Card Utility" = DW WLAN Card Utility
"ESET Online Scanner" = ESET Online Scanner v3
"FinalMediaPlayer_is1" = Final Media Player 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROHYBRIDR" = 2007 Microsoft Office system
"QNAP_FINDER" = QNAP Finder
"SysAid_is1" = SysAid Agent version 7.5.05
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/08/2011 8:01:35 PM | Computer Name = AAMBRI-LT007 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application bw_assistant_enterprise_sp.exe, version 14.10.117.0,
stamp 4c5aabe0, faulting module bw_assistant_enterprise_sp.exe, version 14.10.117.0,
stamp 4c5aabe0, debug? 0, fault address 0x00042efa.

Error - 7/08/2011 7:34:41 PM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 7/08/2011 7:35:33 PM | Computer Name = AAMBRI-LT007 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/08/2011 8:25:42 PM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/08/2011 4:19:01 AM | Computer Name = AAMBRI-LT007 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/08/2011 4:19:56 AM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 8/08/2011 4:30:55 AM | Computer Name = AAMBRI-LT007 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/08/2011 6:24:25 AM | Computer Name = AAMBRI-LT007 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ OSession Events ]
Error - 3/01/2010 7:59:40 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:28:10 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:28:47 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:29:19 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/06/2010 6:46:43 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 662
seconds with 600 seconds of active time. This session ended with a crash.

Error - 11/02/2011 8:31:29 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8311
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 25/02/2011 6:23:50 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9796
seconds with 300 seconds of active time. This session ended with a crash.

Error - 27/02/2011 6:33:37 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/08/2011 7:33:55 PM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/08/2011 7:33:55 PM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/08/2011 7:43:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/08/2011 7:45:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/08/2011 7:47:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AAM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/08/2011 4:26:02 AM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/08/2011 5:01:37 AM | Computer Name = AAMBRI-LT007 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/08/2011 5:02:33 AM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/08/2011 5:10:59 AM | Computer Name = AAMBRI-LT007 | Source = Service Control Manager | ID = 7034
Description = The DW WLAN Tray Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

Attached Files



#7 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 August 2011 - 05:43 AM

Extras

OTL Extras logfile created on: 8/08/2011 8:33:44 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\Steve
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.46 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 82.16% Memory free
5.29 Gb Paging File | 4.70 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.80 Gb Total Space | 202.41 Gb Free Space | 86.95% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.62 Gb Free Space | 75.23% Space Free | Partition Type: FAT32

Computer Name: AAMBRI-LT007 | User Name: steve | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009
"35163:TCP" = 35163:TCP:*:Enabled:@xpsp2res.dll,-22009
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"35163:TCP" = 35163:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\QNAP\Finder\Finder.exe" = C:\Program Files\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Microsoft Media Collaboration Extender (MCE-In) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0639F993-7F7E-4BA5-BEC7-53CAC2E5B973}" = Dell ControlPoint System Manager
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3187D374-8584-4D51-8B24-ECE0123110A5}" = Telstra Telephony Toolbar 14 SP10 (14.10.117.3) MB9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45B01AEF-00A5-469B-93C9-92944951D61B}" = Brother HL-3040CN
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009 Plus
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{75729BD7-F978-4C18-AF98-C0A682BF17D0}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79214B92-A439-4841-B160-0896E977A383}" = Norman Security Suite
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3AE0BDB-1679-4873-BED4-F94B36CB10E4}" = DecisionTools Suite Industrial 5.5 for Excel
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"center" = center Screen Saver
"Client Services" = Client Services 1.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DW WLAN Card Utility" = DW WLAN Card Utility
"ESET Online Scanner" = ESET Online Scanner v3
"FinalMediaPlayer_is1" = Final Media Player 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROHYBRIDR" = 2007 Microsoft Office system
"QNAP_FINDER" = QNAP Finder
"SysAid_is1" = SysAid Agent version 7.5.05
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/08/2011 8:01:35 PM | Computer Name = AAMBRI-LT007 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application bw_assistant_enterprise_sp.exe, version 14.10.117.0,
stamp 4c5aabe0, faulting module bw_assistant_enterprise_sp.exe, version 14.10.117.0,
stamp 4c5aabe0, debug? 0, fault address 0x00042efa.

Error - 7/08/2011 7:34:41 PM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 7/08/2011 7:35:33 PM | Computer Name = AAMBRI-LT007 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/08/2011 8:25:42 PM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/08/2011 4:19:01 AM | Computer Name = AAMBRI-LT007 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/08/2011 4:19:56 AM | Computer Name = AAMBRI-LT007 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 8/08/2011 4:30:55 AM | Computer Name = AAMBRI-LT007 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/08/2011 6:24:25 AM | Computer Name = AAMBRI-LT007 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ OSession Events ]
Error - 3/01/2010 7:59:40 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:28:10 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:28:47 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/05/2010 4:29:19 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/06/2010 6:46:43 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 662
seconds with 600 seconds of active time. This session ended with a crash.

Error - 11/02/2011 8:31:29 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8311
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 25/02/2011 6:23:50 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9796
seconds with 300 seconds of active time. This session ended with a crash.

Error - 27/02/2011 6:33:37 PM | Computer Name = AAMBRI-LT007 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/08/2011 7:33:55 PM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/08/2011 7:33:55 PM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/08/2011 7:43:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/08/2011 7:45:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 7/08/2011 7:47:21 PM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/08/2011 4:18:11 AM | Computer Name = AAMBRI-LT007 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AAM due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/08/2011 4:26:02 AM | Computer Name = AAMBRI-LT007 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/08/2011 5:01:37 AM | Computer Name = AAMBRI-LT007 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/08/2011 5:02:33 AM | Computer Name = AAMBRI-LT007 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/08/2011 5:10:59 AM | Computer Name = AAMBRI-LT007 | Source = Service Control Manager | ID = 7034
Description = The DW WLAN Tray Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 08 August 2011 - 02:32 PM

Good evening. :)

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

RenV::
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl .exe
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\Logitech\Logitech WebCam Software\LWS .exe
c:\program files\LogMeIn\x86\LogMeInSystray .exe
c:\program files\Norman\Npm\Bin\ZLH .exe
c:\program files\Wave Systems Corp\SecureUpgrade .exe
c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
c:\windows\system32\rundll32 .exe

File::
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\WINDOWS\system32\ufnqljjl.dll
c:\windows\Tasks\At1.job


Save it to your Desktop with the following filename: CFScript
Drag and drop CFScript.txt onto your copy of Combofix and let it do it's thing.
Let me have the log produced, as before, and a description of how the PC is behaving.

So long, and thanks for all the fish.

 

 


#9 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 August 2011 - 04:53 PM

Heres the log file....

ComboFix 11-08-08.02 - steve 09/08/2011 7:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3539.2929 [GMT 10:00]
Running from: c:\documents and settings\steve\Desktop\ChrisFix.exe
Command switches used :: c:\documents and settings\steve\Desktop\CFScript.txt
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
FILE ::
"c:\program files\IDT\WDM\sttray.exe"
"c:\program files\Innovative Solutions\DriverMax\devices.exe"
"c:\windows\system32\ufnqljjl.dll"
"c:\windows\Tasks\At1.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2alKfe7G.exe
c:\program files\IDT\WDM\sttray.exe
c:\program files\Innovative Solutions\DriverMax\devices.exe
c:\windows\system32\ufnqljjl.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEXEIBJ
-------\Service_acexeibj
.
.
((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))
.
.
2011-08-08 09:08 . 2011-08-08 09:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-08-08 09:03 . 2011-08-08 09:04 -------- d-----w- C:\ChrisFix
2011-08-08 09:01 . 2011-08-08 09:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search
2011-08-08 09:01 . 2011-08-08 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-08-08 08:38 . 2011-08-08 08:38 -------- d-----w- c:\program files\ESET
2011-08-07 04:00 . 2008-04-13 19:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-08-06 23:18 . 2011-08-06 23:18 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-08-06 23:11 . 2011-08-06 23:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2011-08-06 23:11 . 2011-08-06 23:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-08-06 23:10 . 2011-08-06 23:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\BroadSoft
2011-08-03 04:29 . 2010-11-11 12:01 24176 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2011-08-03 04:29 . 2010-11-10 13:48 378000 ----a-w- c:\windows\system32\drivers\tdi_nf.sys
2011-08-03 04:29 . 2010-11-10 13:47 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2011-08-03 04:29 . 2010-11-10 13:47 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2011-08-03 04:29 . 2010-11-10 07:06 222352 ----a-w- c:\windows\system32\nscrnsav.scr
2011-08-03 04:29 . 2010-06-21 12:54 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2011-08-03 04:29 . 2010-05-28 10:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
2011-08-03 04:29 . 2010-05-25 12:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys
2011-08-03 04:17 . 2011-08-03 04:17 -------- d-----w- c:\program files\IDT
2011-08-03 03:36 . 2011-08-03 03:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 02:47 . 2010-09-21 01:24 81920 ----a-w- c:\windows\system32\igfxCoIn_v5303.dll
2011-08-03 02:47 . 2010-09-21 01:00 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2011-08-03 02:47 . 2010-09-21 00:59 3139584 ----a-w- c:\windows\system32\GfxUI.exe
2011-08-03 02:47 . 2010-09-21 00:59 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-08-03 02:47 . 2010-09-21 00:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-08-03 02:44 . 2008-10-01 00:01 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2011-08-03 02:43 . 2010-03-09 13:56 175616 ----a-w- c:\windows\system32\st326274.dll
2011-08-03 02:38 . 2008-05-08 04:53 985472 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2011-08-03 02:38 . 2008-05-08 04:52 210688 ----a-w- c:\windows\system32\drivers\HSF_HWAZL.sys
2011-08-03 02:35 . 2010-10-28 14:15 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Secunia PSI
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\program files\Secunia
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Innovative Solutions
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\program files\Innovative Solutions
2011-08-03 00:44 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-02 23:58 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\steve\Application Data\SUPERAntiSpyware.com
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-02 00:40 . 2011-08-02 02:19 -------- d-----w- c:\documents and settings\steve\Application Data\U3
2011-08-01 23:32 . 2011-08-01 23:32 65536 --sha-r- c:\windows\system32\adsnds6.dll
2011-08-01 02:13 . 2011-08-01 02:13 -------- d-----w- c:\documents and settings\administrator.aam
2011-07-30 00:34 . 2011-07-30 05:29 -------- d-----w- c:\documents and settings\stevec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 21:38 . 2009-09-18 05:11 0 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\WavXMapDrive.bat
2011-07-18 23:34 . 2011-04-12 03:56 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-18 23:34 . 2011-04-12 03:56 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-02 14:07 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:32 . 2011-06-24 22:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT  .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM  .exe
c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
c:\program files\Innovative Solutions\DriverMax\devices .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot_2011-08-08_09.16.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2011-08-08 21:41 99108 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2011-08-08 08:36 99108 c:\windows\system32\perfc009.dat
+ 2011-08-08 21:36 . 2009-04-30 06:01 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2008-04-25 16:16 . 2011-08-08 21:41 515436 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2011-08-08 08:36 515436 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [N/A]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-05-19 3618104]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-02 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-21 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-21 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-21 138752]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [N/A]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [N/A]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-02 2670592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\adminmi\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
.
c:\documents and settings\steve\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-4-26 638816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-8 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-18 23:34 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 02:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-02 11:47 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35163:TCP"= 35163:TCP:@xpsp2res.dll,-22009
.
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [3/08/2011 2:29 PM 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [3/08/2011 2:29 PM 74144]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 3:47 PM 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 1:07 PM 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 4:02 PM 447264]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/03/2011 12:11 PM 374152]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [3/08/2011 2:29 PM 22880]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [3/08/2011 2:29 PM 90656]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [3/08/2011 2:29 PM 40384]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/09/2009 10:46 AM 113664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/09/2009 10:47 AM 116224]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [3/08/2011 2:29 PM 24176]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [8/09/2009 7:29 PM 232744]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 3:40 PM 12856]
S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [3/08/2011 2:29 PM 223000]
S2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [3/08/2011 2:29 PM 100336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [8/10/2009 1:34 PM 7680]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [3/08/2011 2:29 PM 288072]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [3/08/2011 2:29 PM 198168]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [3/08/2011 2:29 PM 99312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [26/04/2008 2:16 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-08 c:\windows\Tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.aamcommercial.com.au:8080/default.aspx
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uInternet Settings,ProxyOverride = <local>
IE: &Dial - c:\program files\TIPT\Telstra Telephony Toolbar\conf\dialIE.htm
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aamcommercial.com.au\intranet
Trusted Zone: aamserver
Trusted Zone: adjustitsystem.com.au\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\tc3tt2lh.default\
FF - prefs.js: browser.startup.homepage - hxxp://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CCD77D39-81EB-C924-895B-7C1FD01CD185} - c:\windows\system32\ufnqljjl.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 07:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1788)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Norman\nvc\bin\Niphk.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files (x86)\SysAid\IliAS.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Norman\Nvc\Bin\Nip.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-08-09 07:43:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-08 21:43
ComboFix2.txt 2011-08-08 09:17
ComboFix3.txt 2011-08-02 22:55
.
Pre-Run: 217,281,761,280 bytes free
Post-Run: 216,842,727,424 bytes free
.
- - End Of File - - F016FC76BB90AFD28DB32A9783A51FC4

Attached Files



#10 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 August 2011 - 05:38 PM

Actually looks quite good, nothing jumping out at me just yet, so all looks good

Thankyou Noviciate!

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 09 August 2011 - 02:14 PM

Good evening. :)

Looks like we may be getting there.

Repeat the ComboFix instructions above, but copy and paste the following this time:

RenV::
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe
c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent .exe
c:\program files\Innovative Solutions\DriverMax\devices .exe


I'll have the log as before.

So long, and thanks for all the fish.

 

 


#12 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 10 August 2011 - 04:51 AM

Ok here we go Noviciate.....

ComboFix 11-08-10.01 - steve 10/08/2011 19:35:52.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3539.2884 [GMT 10:00]
Running from: c:\documents and settings\steve\Desktop\ChrisFix.exe
Command switches used :: c:\documents and settings\steve\Desktop\CFScript.txt
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-09 23:13 . 2011-08-09 23:13 -------- dc----w- c:\documents and settings\steve\Local Settings\Application Data\MigWiz
2011-08-08 09:08 . 2011-08-08 09:08 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-08-08 09:03 . 2011-08-08 09:04 -------- d-----w- C:\ChrisFix
2011-08-08 09:01 . 2011-08-08 09:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\Windows Search
2011-08-08 09:01 . 2011-08-08 09:01 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-08-08 08:38 . 2011-08-08 08:38 -------- d-----w- c:\program files\ESET
2011-08-07 04:00 . 2008-04-13 19:41 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2011-08-06 23:18 . 2011-08-06 23:18 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-08-06 23:11 . 2011-08-06 23:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2011-08-06 23:11 . 2011-08-06 23:11 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2011-08-06 23:10 . 2011-08-06 23:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\BroadSoft
2011-08-03 04:29 . 2010-11-11 12:01 24176 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys
2011-08-03 04:29 . 2010-11-10 13:48 378000 ----a-w- c:\windows\system32\drivers\tdi_nf.sys
2011-08-03 04:29 . 2010-11-10 13:47 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2011-08-03 04:29 . 2010-11-10 13:47 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2011-08-03 04:29 . 2010-11-10 07:06 222352 ----a-w- c:\windows\system32\nscrnsav.scr
2011-08-03 04:29 . 2010-06-21 12:54 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2011-08-03 04:29 . 2010-05-28 10:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
2011-08-03 04:29 . 2010-05-25 12:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys
2011-08-03 04:17 . 2011-08-03 04:17 -------- d-----w- c:\program files\IDT
2011-08-03 03:36 . 2011-08-03 03:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 02:47 . 2010-09-21 01:24 81920 ----a-w- c:\windows\system32\igfxCoIn_v5303.dll
2011-08-03 02:47 . 2010-09-21 01:00 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2011-08-03 02:47 . 2010-09-21 00:59 3139584 ----a-w- c:\windows\system32\GfxUI.exe
2011-08-03 02:47 . 2010-09-21 00:59 121344 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-08-03 02:47 . 2010-09-21 00:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-08-03 02:44 . 2008-10-01 00:01 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2011-08-03 02:43 . 2010-03-09 13:56 175616 ----a-w- c:\windows\system32\st326274.dll
2011-08-03 02:38 . 2008-05-08 04:53 985472 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2011-08-03 02:38 . 2008-05-08 04:52 210688 ----a-w- c:\windows\system32\drivers\HSF_HWAZL.sys
2011-08-03 02:35 . 2010-10-28 14:15 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Secunia PSI
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\program files\Secunia
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\steve\Local Settings\Application Data\Innovative Solutions
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2011-08-03 02:20 . 2011-08-03 02:20 -------- d-----w- c:\program files\Innovative Solutions
2011-08-03 00:44 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-08-02 23:58 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\steve\Application Data\SUPERAntiSpyware.com
2011-08-02 06:29 . 2011-08-02 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-02 00:40 . 2011-08-02 02:19 -------- d-----w- c:\documents and settings\steve\Application Data\U3
2011-08-01 23:32 . 2011-08-01 23:32 65536 --sha-r- c:\windows\system32\adsnds6.dll
2011-08-01 02:13 . 2011-08-01 02:13 -------- d-----w- c:\documents and settings\administrator.aam
2011-07-30 00:34 . 2011-07-30 05:29 -------- d-----w- c:\documents and settings\stevec
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-10 09:45 . 2009-09-18 05:11 0 ----a-w- c:\documents and settings\steve\Local Settings\Application Data\WavXMapDrive.bat
2011-07-18 23:34 . 2011-04-12 03:56 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-18 23:34 . 2011-04-12 03:56 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2011-07-18 23:34 . 2011-04-12 03:56 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-06-02 14:07 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 04:32 . 2011-06-24 22:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT  .exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM  .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 02:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM .exe -scheduler" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-02-26 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-03-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-04-22 15360]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT .exe" [N/A]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-05-19 3618104]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-21 129536]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-21 163328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-21 138752]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [N/A]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-02 2670592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\adminmi\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
.
c:\documents and settings\steve\Start Menu\Programs\Startup\
AAMC1.lnk - c:\adjustit\Main\AAMC1.exe [2008-10-2 159744]
Launch Internet Explorer Browser.lnk - c:\program files\Internet Explorer\iexplore.exe [2008-4-26 638816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-9-8 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-18 23:34 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2010-02-02 11:47 2670592 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35163:TCP"= 35163:TCP:@xpsp2res.dll,-22009
.
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [3/08/2011 2:29 PM 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [3/08/2011 2:29 PM 74144]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [27/06/2008 3:47 PM 1664248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [29/12/2008 1:07 PM 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [9/04/2009 4:02 PM 447264]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/03/2011 12:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 3:40 PM 12856]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [3/08/2011 2:29 PM 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [3/08/2011 2:29 PM 223000]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [3/08/2011 2:29 PM 90656]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [3/08/2011 2:29 PM 40384]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [3/08/2011 2:29 PM 100336]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/09/2009 10:46 AM 113664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/09/2009 10:47 AM 116224]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [3/08/2011 2:29 PM 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [3/08/2011 2:29 PM 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [3/08/2011 2:29 PM 198168]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [3/08/2011 2:29 PM 99312]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [8/09/2009 7:29 PM 232744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [8/10/2009 1:34 PM 7680]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [26/04/2008 2:16 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-10 c:\windows\Tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.aamcommercial.com.au:8080/default.aspx
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aamcommercial.com.au\intranet
Trusted Zone: aamserver
Trusted Zone: adjustitsystem.com.au\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\steve\Application Data\Mozilla\Firefox\Profiles\tc3tt2lh.default\
FF - prefs.js: browser.startup.homepage - hxxp://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5328)
c:\windows\system32\WININET.dll
c:\program files\Norman\nvc\bin\Niphk.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norman\Npm\Bin\elogsvc.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\wdm\stacsv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files (x86)\SysAid\IliAS.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Norman\Npm\Bin\Njeeves.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Norman\Nvc\Bin\Nip.exe
c:\program files\Norman\Nvc\Bin\cclaw.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-08-10 19:48:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-10 09:48
ComboFix2.txt 2011-08-08 21:43
ComboFix3.txt 2011-08-08 09:17
ComboFix4.txt 2011-08-02 22:55
.
Pre-Run: 219,043,962,880 bytes free
Post-Run: 219,031,126,016 bytes free
.
- - End Of File - - EAE54A10BF49ED5E090F9526B69D8301

Attached Files



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 10 August 2011 - 02:38 PM

Good evening. :)

Will you run OTL as before and let me have the log produced - there will be only one this time.

So long, and thanks for all the fish.

 

 


#14 Chris Hill

Chris Hill
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 11 August 2011 - 01:44 AM

OTL logfile created on: 11/08/2011 4:38:04 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\steve\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.46 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 79.25% Memory free
5.29 Gb Paging File | 4.50 Gb Available in Paging File | 85.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.80 Gb Total Space | 203.45 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
Drive I: | 361.61 Gb Total Space | 21.24 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive L: | 37.26 Gb Total Space | 15.28 Gb Free Space | 41.01% Space Free | Partition Type: NTFS
Drive M: | 361.61 Gb Total Space | 21.24 Gb Free Space | 5.87% Space Free | Partition Type: NTFS

Computer Name: AAMBRI-LT007 | User Name: steve | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 16:37:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.scr
PRC - [2011/07/19 09:34:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/19 09:34:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/03/22 15:15:16 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\ZLH.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/27 11:59:18 | 001,053,696 | ---- | M] (SysAid Ltd) -- C:\Program Files (x86)\SysAid\IliAS.exe
PRC - [2010/12/18 00:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010/12/02 11:13:56 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010/11/11 13:43:30 | 000,075,104 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2010/11/10 22:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nprosec.exe
PRC - [2010/11/10 22:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Ngs\Bin\nnf.exe
PRC - [2010/11/09 02:02:27 | 000,111,912 | ---- | M] () -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2010/11/09 02:02:27 | 000,099,312 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2010/11/09 01:56:34 | 000,198,168 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Nvcoas.exe
PRC - [2010/11/09 01:56:34 | 000,182,712 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Nip.exe
PRC - [2010/11/09 01:56:34 | 000,100,336 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010/11/09 01:56:34 | 000,074,592 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\CClaw.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/05/19 19:56:36 | 003,618,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/22 17:41:52 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/04/22 16:15:56 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/04/22 12:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/04/09 16:05:38 | 001,106,720 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/04/09 16:02:50 | 000,447,264 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/03/19 20:25:06 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/03/17 11:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/02/23 07:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/23 07:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/23 07:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/23 07:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 19:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2009/02/04 23:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/29 13:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/22 16:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/11/20 11:34:00 | 000,159,744 | ---- | M] (PWORKING) -- C:\Adjustit\Main\AAMC1.exe
PRC - [2008/10/20 14:01:28 | 000,222,512 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brownie\BRNIPMON.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
PRC - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 02:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2011/08/11 16:37:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.scr
MOD - [2010/11/09 01:56:34 | 000,251,240 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Niphk.dll
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/07/19 09:34:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/19 09:34:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/24 13:42:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/27 11:59:18 | 001,053,696 | ---- | M] (SysAid Ltd) [Auto | Running] -- C:\Program Files (x86)\SysAid\IliAS.exe -- (SysAidAgent)
SRV - [2010/12/18 00:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010/12/02 11:13:56 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010/11/11 13:43:30 | 000,075,104 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe -- (eLoggerSvc6)
SRV - [2010/11/10 22:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010/11/10 22:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010/11/09 02:02:27 | 000,111,912 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2010/11/09 02:02:27 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2010/11/09 01:56:34 | 000,198,168 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010/11/09 01:56:34 | 000,100,336 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/22 12:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/09 16:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/11 19:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/29 13:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 11:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/11 22:01:54 | 000,024,176 | ---- | M] (Norman ASA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2010/11/10 23:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010/11/10 23:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/08/07 21:28:56 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/03/09 23:56:02 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/02/02 21:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/02/02 21:47:18 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2010/01/04 23:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009/10/09 21:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009/09/07 18:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/22 16:15:58 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/04/08 03:32:56 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/03/24 17:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/02/23 07:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/20 12:33:16 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/10/28 17:39:44 | 000,089,600 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/10/01 10:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/12 10:30:54 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/08 14:53:36 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DPV)
DRV - [2008/05/08 14:52:54 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_HWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.jp.msn.com/USREL/19
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.jp.msn.com/USREL/19

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet.aamcommercial.com.au:8080/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://aamserver/default.aspx|http://www.adjustitsystem.com.au/adjustit/default1.aspx"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51111
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\steve\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 08:11:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/25 08:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2011/06/25 08:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/10/07 16:34:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 14:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 18:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 18:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 18:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 18:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/10 19:44:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Telephony Toolbar Services) - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Telephony Toolbar Call Control) - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Telephony Toolbar Call Control) - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O3 - HKLM\..\Toolbar: (Telephony Toolbar Services) - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files\TIPT\Telstra Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SysTrayApp] File not found
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\AAMC1.lnk = C:\Adjustit\Main\AAMC1.exe (PWORKING)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: aamcommercial.com.au ([intranet] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aamcommercial.com.au ([intranet] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aamserver ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: adjustitsystem.com.au ([www] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254722174446 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AAM.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/26 07:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 16:37:43 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.scr
[2011/08/10 19:40:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/10 09:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\MigWiz
[2011/08/08 19:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/08 19:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/08 19:09:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/08 19:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/08 19:03:10 | 000,000,000 | ---D | C] -- C:\ChrisFix
[2011/08/08 19:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Windows Search
[2011/08/08 18:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/07 09:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Windows Search
[2011/08/07 09:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\BroadSoft
[2011/08/03 15:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DW WLAN
[2011/08/03 15:20:32 | 000,069,632 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\bcmwlpkt.dll
[2011/08/03 15:20:32 | 000,033,664 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\BCMWLNPF.SYS
[2011/08/03 15:20:31 | 002,670,592 | ---- | C] (BCGSoft Ltd) -- C:\WINDOWS\System32\WLBCGCBPRO731.DLL
[2011/08/03 14:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norman Security Suite
[2011/08/03 14:29:38 | 000,378,000 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_nf.sys
[2011/08/03 14:29:38 | 000,068,176 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf64.sys
[2011/08/03 14:29:38 | 000,061,472 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys
[2011/08/03 14:29:38 | 000,048,272 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsec.sys
[2011/08/03 14:29:38 | 000,034,192 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl64.sys
[2011/08/03 14:29:38 | 000,030,584 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nnetsecl.sys
[2011/08/03 14:29:38 | 000,024,176 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[2011/08/03 14:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/03 12:47:18 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/08/03 12:44:33 | 000,046,592 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\risdptsk.sys
[2011/08/03 12:43:07 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\st326274.dll
[2011/08/03 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Secunia PSI
[2011/08/03 12:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\My Documents\My Drivers
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Innovative Solutions
[2011/08/03 12:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/08/03 12:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/08/03 08:37:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/03 08:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/03 08:33:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/03 08:18:08 | 004,168,135 | R--- | C] (Swearware) -- C:\Documents and Settings\steve\Desktop\ChrisFix.exe
[2011/08/02 16:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\SUPERAntiSpyware.com
[2011/08/02 16:29:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/02 15:57:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\steve\Recent
[2011/08/02 10:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\U3
[2011/08/01 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/01 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/30 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/30 13:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/30 10:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/07/30 10:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 16:37:49 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\OTL.scr
[2011/08/11 16:34:04 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2011/08/11 16:33:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\WavXMapDrive.bat
[2011/08/11 16:33:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/11 16:31:26 | 000,515,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 16:31:26 | 000,099,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/11 16:26:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 16:26:57 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 15:44:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 15:44:34 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job
[2011/08/10 19:44:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/10 19:33:50 | 004,168,135 | R--- | M] (Swearware) -- C:\Documents and Settings\steve\Desktop\ChrisFix.exe
[2011/08/09 16:11:45 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/09 07:28:18 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7t2YF3PDb.dat
[2011/08/07 14:00:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/08/06 14:21:59 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Microsoft Office Word 2007.lnk
[2011/08/04 14:19:33 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2011/08/04 13:54:27 | 000,004,499 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\defaultCAMTYYR8.jpg
[2011/08/04 05:55:19 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Microsoft Office Excel 2007.lnk
[2011/08/03 13:13:13 | 000,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/08/03 13:05:19 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/08/03 08:37:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/02 09:32:10 | 000,065,536 | RHS- | M] () -- C:\WINDOWS\System32\adsnds6.dll
[2011/08/01 15:31:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/01 11:27:01 | 000,000,304 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/08/01 09:33:00 | 000,013,920 | -HS- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/08/01 09:33:00 | 000,013,920 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/08/01 08:26:33 | 000,012,801 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\56D2.7D0
[2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll.000.bak
[2011/07/19 09:34:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/07/19 09:34:25 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2011/07/19 09:34:25 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/07/19 09:34:25 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/07/15 11:36:46 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Google Chrome.lnk
[2011/07/15 11:36:46 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/08 19:09:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/08 19:09:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/08 19:09:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/08 19:09:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/08 19:09:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/07 14:00:20 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2011/08/07 08:41:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7t2YF3PDb.dat
[2011/08/04 14:19:26 | 000,004,499 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\defaultCAMTYYR8.jpg
[2011/08/03 15:20:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/08/03 15:20:31 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/08/03 15:20:31 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/08/03 14:29:38 | 000,222,352 | ---- | C] () -- C:\WINDOWS\System32\nscrnsav.scr
[2011/08/03 13:53:25 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/03 13:13:13 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk
[2011/08/03 12:47:19 | 000,178,400 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.el-GR.resources
[2011/08/03 12:47:19 | 000,165,374 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ru-RU.resources
[2011/08/03 12:47:19 | 000,139,901 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ar-SA.resources
[2011/08/03 12:47:19 | 000,133,740 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.he-IL.resources
[2011/08/03 12:47:19 | 000,118,677 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fi-FI.resources
[2011/08/03 12:47:19 | 000,118,049 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sk-SK.resources
[2011/08/03 12:47:19 | 000,114,354 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sl-SI.resources
[2011/08/03 12:47:19 | 000,102,872 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-CN.resources
[2011/08/03 12:47:19 | 000,001,023 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2011/08/03 12:47:18 | 001,674,683 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2011/08/03 12:47:18 | 000,189,534 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.th-TH.resources
[2011/08/03 12:47:18 | 000,136,402 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ja-JP.resources
[2011/08/03 12:47:18 | 000,125,547 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.it-IT.resources
[2011/08/03 12:47:18 | 000,123,228 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.ko-KR.resources
[2011/08/03 12:47:18 | 000,122,923 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.es-ES.resources
[2011/08/03 12:47:18 | 000,122,700 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.de-DE.resources
[2011/08/03 12:47:18 | 000,121,165 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.tr-TR.resources
[2011/08/03 12:47:18 | 000,120,781 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.fr-FR.resources
[2011/08/03 12:47:18 | 000,120,360 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-BR.resources
[2011/08/03 12:47:18 | 000,119,598 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.hu-HU.resources
[2011/08/03 12:47:18 | 000,119,581 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nl-NL.resources
[2011/08/03 12:47:18 | 000,119,341 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.sv-SE.resources
[2011/08/03 12:47:18 | 000,119,058 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pt-PT.resources
[2011/08/03 12:47:18 | 000,118,754 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[2011/08/03 12:47:18 | 000,118,409 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.pl-PL.resources
[2011/08/03 12:47:18 | 000,114,833 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.nb-NO.resources
[2011/08/03 12:47:18 | 000,114,242 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.da-DK.resources
[2011/08/03 12:47:18 | 000,110,205 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.en-US.resources
[2011/08/03 12:47:18 | 000,104,033 | ---- | C] () -- C:\WINDOWS\System32\Gfxres.zh-TW.resources
[2011/08/03 12:47:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/08/03 12:38:01 | 000,146,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFLProf.cty
[2011/08/03 12:38:01 | 000,144,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2011/08/03 12:38:01 | 000,141,572 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFSProf.cty
[2011/08/03 12:38:01 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFTProf.cty
[2011/08/03 12:38:01 | 000,133,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFDProf.cty
[2011/08/03 12:38:01 | 000,133,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFEProf.cty
[2011/08/03 12:36:01 | 000,747,498 | ---- | C] () -- C:\WINDOWS\System32\oem50.inf
[2011/08/03 08:37:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/03 08:37:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 17:10:03 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/02 09:32:10 | 000,065,536 | RHS- | C] () -- C:\WINDOWS\System32\adsnds6.dll
[2011/07/30 10:18:11 | 000,013,920 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/07/30 10:18:11 | 000,013,920 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ogdmy737y8746828vda75um246q08cn8gyyi2uxeb2
[2011/07/30 10:07:04 | 000,012,801 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\56D2.7D0
[2011/06/25 08:11:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/22 10:20:51 | 000,016,200 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\d73fb261080i1w4871nxidem0qbqat71m0pu
[2011/05/22 10:20:51 | 000,016,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d73fb261080i1w4871nxidem0qbqat71m0pu
[2011/04/12 18:06:35 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011/04/12 18:06:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/04/12 18:05:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/12 18:05:45 | 000,022,892 | ---- | C] () -- C:\WINDOWS\HL-3040CN.INI
[2011/04/12 18:05:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011/04/12 18:05:40 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/04/12 18:05:39 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC08A.DAT
[2011/04/12 18:05:08 | 000,000,318 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/05/12 19:03:26 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLfNL.DLL
[2009/10/15 12:19:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\qt3wrap.dll
[2009/10/15 12:19:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/10/09 10:39:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini
[2009/10/08 11:48:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/21 08:57:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/18 17:06:02 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/18 17:06:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/18 15:11:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\WavXMapDrive.bat
[2009/09/09 10:47:12 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/09/09 10:47:12 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/09/09 10:46:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/09/09 10:45:38 | 000,001,200 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/09/08 19:39:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/08 19:30:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/08 19:29:48 | 000,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/09/08 19:16:18 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/22 11:58:30 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll
[2009/02/26 18:54:52 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2009/02/26 18:54:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2009/02/26 18:54:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2009/02/26 18:54:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2009/02/26 18:54:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2009/02/26 18:54:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2009/02/26 18:54:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2009/02/26 18:54:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2009/02/26 18:54:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2009/02/26 18:54:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2009/02/26 18:54:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2009/02/26 18:54:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2009/02/26 18:54:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2009/02/26 18:54:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2009/02/26 18:54:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2009/02/26 18:54:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2009/02/26 18:54:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2009/02/26 18:54:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2009/02/26 18:54:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2009/02/26 18:54:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2009/02/26 18:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2009/02/26 18:54:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2009/02/26 18:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2009/02/26 18:54:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2009/02/17 11:51:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2009/02/17 11:51:28 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2009/02/17 11:51:26 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2009/02/17 11:51:24 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2009/02/17 11:51:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2009/02/17 11:51:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2009/02/17 11:51:22 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2009/02/17 11:51:22 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2009/02/17 11:51:20 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll
[2009/02/17 11:51:20 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2009/02/17 11:51:20 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2009/02/17 11:51:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2009/02/17 11:51:16 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2009/02/17 11:51:16 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2009/02/17 11:51:16 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2009/02/17 11:51:14 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2009/02/17 11:51:04 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll
[2009/02/17 11:51:04 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll
[2009/02/17 11:51:02 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll
[2009/02/17 11:51:02 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll
[2009/02/17 11:51:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll
[2009/02/17 11:51:00 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll
[2009/02/17 11:50:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll
[2009/02/17 11:50:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll
[2009/02/17 10:46:36 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2009/01/06 18:25:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/12/22 16:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/10/06 20:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2008/05/26 23:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/26 07:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/26 07:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/26 07:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/26 02:16:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/26 02:16:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/26 02:16:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/26 02:16:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/26 02:16:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/26 02:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/26 02:16:22 | 000,515,436 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/26 02:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/26 02:16:22 | 000,099,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/26 02:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/26 02:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/26 02:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/26 02:16:21 | 000,409,344 | ---- | C] () -- C:\WINDOWS\System32\txnimwhn.dat
[2008/04/26 02:16:21 | 000,365,824 | ---- | C] () -- C:\WINDOWS\System32\weeyevaj.dat
[2008/04/26 02:16:21 | 000,154,368 | ---- | C] () -- C:\WINDOWS\System32\dcfnjaeh.dat
[2008/04/26 02:16:21 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\obartqcb.dat
[2008/04/26 02:16:21 | 000,058,112 | ---- | C] () -- C:\WINDOWS\System32\zxucweyb.dat
[2008/04/26 02:16:21 | 000,055,040 | ---- | C] () -- C:\WINDOWS\System32\blprfwku.dat
[2008/04/26 02:16:21 | 000,041,728 | ---- | C] () -- C:\WINDOWS\System32\nvijzmdg.dat
[2008/04/26 02:16:21 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\bslynkpu.dat
[2008/04/26 02:16:21 | 000,031,488 | ---- | C] () -- C:\WINDOWS\System32\hhapuzvy.dat
[2008/04/26 02:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/26 02:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/26 02:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/26 02:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/26 02:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 19:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 19:21:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 11:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 15:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2002/04/16 10:14:42 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/04/16 10:14:00 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2002/04/16 10:14:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== LOP Check ==========

[2010/05/12 19:04:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/08/03 12:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/04/08 21:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalCache
[2011/08/11 15:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/09/08 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2011/08/03 13:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/09/08 19:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/12/17 10:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Blackberry Desktop
[2009/09/08 19:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Broadcom
[2011/04/12 14:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\BroadSoft
[2010/03/12 09:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\EndNote
[2010/04/22 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\FinalMediaPlayer
[2009/10/08 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Research In Motion
[2009/11/13 12:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\SmartDraw
[2009/09/08 19:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Wave Systems Corp
[2009/09/08 19:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Windows Desktop Search
[2009/09/18 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Windows Search
[2011/08/11 15:44:34 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F7A0CF14-B461-4B53-853A-826D231650EC}.job

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   111.22KB   0 downloads


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:56 AM

Posted 13 August 2011 - 05:29 PM

Good evening. :)

Download SUPERAntiSpyware from here and save it to your Desktop.

  • Double click SUPERAntiSpyware.exe to begin installation.
  • Read the various options and check/uncheck as you deem appropriate - I ignored the email option and also the submit a diagnostic one too.
  • Make sure you check for the latest updates though.
  • Once the main menu opens, select the "Complete Scan" radio button and then click "Scan your Computer...".
  • Once the scan has completed, a summary will be displayed - click "OK" to proceed.
  • Clicking "Next >" will cause the items to be quarantined.
  • Should you be informed that a reboot is necessary, please allow it and then continue after the reboot otherwise, clicking "Finish" will return you to the main menu
  • Select "Preferences...", and then the "Statistics/Logs" Tab.
  • Highlight the most recent log and click "View Log...".
  • Copy and paste the log into your next reply along with a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users