Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Symptoms of Malware Attack/Trojans


  • This topic is locked This topic is locked
237 replies to this topic

#1 rendezvou

rendezvou

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 05 December 2011 - 06:53 PM

Hi,

It seems my machine is heavily infected with malware (trojans, rootkits probably)

The symptoms are as follows-

1) I cannot open any program from the Start menu like firefox, Antivirus, MS Office, MSPaint, regedit It keeps prompting the Open with Dialog Box and when I click ok it downloads a local exe file for the program in question say for example firefox.exe.

2) I cannot open anything in the Control Panel, say Display Option etc. It says C:\Windows\System32\rundll.exe- Application Not Found

3) I cannot update Antivirus (Miscrosoft Security Essentials, it fails to connect to the internet though I can connect on IE

4) Web addresses get redirected.

5) Cannot run GMER.exe

****************


DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by ranit_banerjee at 15:56:27 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1362 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\tools\oracle\11gr1\Bin\extjob.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\BingBar\BingBar.exe
C:\Program Files\Microsoft\BingBar\BingApp.exe
C:\WINDOWS\system32\taskmgr.exe
c:\PROGRA~1\MI239C~1\msseces.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~1\Citrix\ICACLI~1\WFICA32.EXE
C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: FreeOnlineRadioPlayerRecorder Findbar: {3f5276e6-b514-456f-b356-0e00d30d2392} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ranit_banerjee\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Print2PDF Print Monitor] "c:\giveaway of the day softwareeeeeeees\Print2PDF.exe" /server
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: calypso.com
Trusted Zone: postoffice.net\calypso.sp
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189027808234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://calypso.webex.com/client/T26L/webex/ieatgpc.cab
TCP: DhcpNameServer = 10.1.0.233
TCP: Interfaces\{CE0C9C3D-4590-45E3-8DF1-96B17F01DF30} : DhcpNameServer = 10.1.0.233
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: qoMeEurr - qoMeEurr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ranit_banerjee\application data\mozilla\firefox\profiles\6zmnk594.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\ranit_banerjee\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\ranit_banerjee\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ranit_banerjee\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ranit_banerjee\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npatgpc.dll
FF - plugin: c:\progra~1\mozill~1\plugins\NPcol305.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npCouponPrinter.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npdeployJava1.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npicaN.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npMozCouponPrinter.dll
FF - plugin: c:\progra~1\mozill~1\plugins\npNELaunch.dll
FF - plugin: c:\progra~1\mozill~1\plugins\NPOFF12.DLL
FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nppl3260.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprjplug.dll
FF - plugin: c:\progra~1\mozill~1\plugins\nprpjplug.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl298ba62e;MpKsl298ba62e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsl298ba62e.sys [2011-12-4 29904]
R1 MpKsl7281eef8;MpKsl7281eef8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsl7281eef8.sys [2011-12-4 29904]
R1 MpKsld82e8c84;MpKsld82e8c84;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsld82e8c84.sys [2011-12-5 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2011-11-7 73728]
R2 OracleJobSchedulerCALYPSO;OracleJobSchedulerCALYPSO;c:\tools\oracle\11gr1\bin\extjob.exe calypso --> c:\tools\oracle\11gr1\bin\extjob.exe CALYPSO [?]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2006-8-28 20504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S1 MpKsl07422538;MpKsl07422538;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\mpksl07422538.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\MpKsl07422538.sys [?]
S1 MpKsl0991b8e2;MpKsl0991b8e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fbbcc81-4f79-4c9c-b403-1a9ae00eb529}\mpksl0991b8e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fbbcc81-4f79-4c9c-b403-1a9ae00eb529}\MpKsl0991b8e2.sys [?]
S1 MpKsl0eb09268;MpKsl0eb09268;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\mpksl0eb09268.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\MpKsl0eb09268.sys [?]
S1 MpKsl1859233d;MpKsl1859233d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\mpksl1859233d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\MpKsl1859233d.sys [?]
S1 MpKsl2b143e5b;MpKsl2b143e5b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\mpksl2b143e5b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\MpKsl2b143e5b.sys [?]
S1 MpKsl2c588f17;MpKsl2c588f17;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e9608d-caf1-4a96-91c8-638a6073aa08}\mpksl2c588f17.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e9608d-caf1-4a96-91c8-638a6073aa08}\MpKsl2c588f17.sys [?]
S1 MpKsl3c41bb6f;MpKsl3c41bb6f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b43d7cd-bdcd-417f-ae0f-1e12c0eb593c}\mpksl3c41bb6f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b43d7cd-bdcd-417f-ae0f-1e12c0eb593c}\MpKsl3c41bb6f.sys [?]
S1 MpKsl413ab434;MpKsl413ab434;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{578a1a9e-1e5c-4da9-b195-638c110f107a}\mpksl413ab434.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{578a1a9e-1e5c-4da9-b195-638c110f107a}\MpKsl413ab434.sys [?]
S1 MpKsl54d2a6a9;MpKsl54d2a6a9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f57cddc-229e-49ed-90b0-1040c5fce374}\mpksl54d2a6a9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f57cddc-229e-49ed-90b0-1040c5fce374}\MpKsl54d2a6a9.sys [?]
S1 MpKsl56caaf10;MpKsl56caaf10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{860e9b63-8aac-4574-81c8-168c3be59257}\mpksl56caaf10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{860e9b63-8aac-4574-81c8-168c3be59257}\MpKsl56caaf10.sys [?]
S1 MpKsl5c34ef82;MpKsl5c34ef82;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4840bf7b-8cd9-4f2e-8ab6-d71c41d6be7b}\mpksl5c34ef82.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4840bf7b-8cd9-4f2e-8ab6-d71c41d6be7b}\MpKsl5c34ef82.sys [?]
S1 MpKsl6f1b5e12;MpKsl6f1b5e12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\mpksl6f1b5e12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\MpKsl6f1b5e12.sys [?]
S1 MpKsla16a762f;MpKsla16a762f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{646399d4-f0d5-4a6a-a16d-3b1c81267749}\mpksla16a762f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{646399d4-f0d5-4a6a-a16d-3b1c81267749}\MpKsla16a762f.sys [?]
S1 MpKsla40ea13b;MpKsla40ea13b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74de639-bb9e-460a-89cf-5ebb93421b9f}\mpksla40ea13b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74de639-bb9e-460a-89cf-5ebb93421b9f}\MpKsla40ea13b.sys [?]
S1 MpKslc6480f16;MpKslc6480f16;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab20c15-1490-499b-9203-0679cfec871d}\mpkslc6480f16.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab20c15-1490-499b-9203-0679cfec871d}\MpKslc6480f16.sys [?]
S1 MpKslcec671d8;MpKslcec671d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12ff1473-7950-46aa-8b93-ba15cbdf1871}\mpkslcec671d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12ff1473-7950-46aa-8b93-ba15cbdf1871}\MpKslcec671d8.sys [?]
S1 MpKsle4d04fe3;MpKsle4d04fe3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\mpksle4d04fe3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\MpKsle4d04fe3.sys [?]
S1 MpKsled9f6874;MpKsled9f6874;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89961ca4-67d5-48be-80ec-f214682e2818}\mpksled9f6874.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89961ca4-67d5-48be-80ec-f214682e2818}\MpKsled9f6874.sys [?]
S1 MpKslfc5b8e7f;MpKslfc5b8e7f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{010fc79e-7fac-42dc-9f6b-9904b7ac4371}\mpkslfc5b8e7f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{010fc79e-7fac-42dc-9f6b-9904b7ac4371}\MpKslfc5b8e7f.sys [?]
S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2006-4-29 14336]
S2 OracleDBConsoleCALYPSO;OracleDBConsoleCALYPSO;c:\tools\oracle\11gr1\bin\nmesrvc.exe [2008-5-15 25600]
S2 SYBSQL_LOCALHOST;Sybase SQLServer _ LOCALHOST;c:\tools\sybase15\ase-15_0\bin\sqlsrvr.exe -slocalhost -c --> c:\tools\sybase15\ase-15_0\bin\sqlsrvr.exe -sLOCALHOST -C [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-16 191752]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-8-11 81280]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\tools\oracle\11gr1\bin\tnslsnr --> c:\tools\oracle\11gr1\bin\TNSLSNR [?]
S3 OracleServiceCALYPSO;OracleServiceCALYPSO;c:\tools\oracle\11gr1\bin\oracle.exe calypso --> c:\tools\oracle\11gr1\bin\ORACLE.EXE CALYPSO [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 SybaseUAService;Sybase Unified Agent;c:\tools\sybase15\uaf-2_0\utility\ntautostart\release\uaservice.exe [2007-9-5 49152]
S3 SYBBCK_LOCALHOST_BS;Sybase BCKServer _ LOCALHOST_BS;c:\tools\sybase15\ase-15_0\bin\bcksrvr.exe -slocalhost_bs -r --> c:\tools\sybase15\ase-15_0\bin\bcksrvr.exe -SLOCALHOST_BS -R [?]
S3 SYBXPS_LOCALHOST_XP;Sybase XPServer _ LOCALHOST_XP;c:\tools\sybase15\ase-15_0\bin\xpserver.exe -slocalhost_xp -c --> c:\tools\sybase15\ase-15_0\bin\xpserver.exe -SLOCALHOST_XP -C [?]
.
=============== File Associations ===============
.
.exe=ah
.
=============== Created Last 30 ================
.
2011-12-05 16:12:03 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsld82e8c84.sys
2011-12-05 02:41:34 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsl298ba62e.sys
2011-12-04 17:52:20 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsl7281eef8.sys
2011-12-04 17:52:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\offreg.dll
2011-12-03 20:13:40 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\mpengine.dll
2011-11-14 20:38:04 -------- d-----w- c:\program files\ESET
2011-11-14 08:40:15 -------- d-----w- c:\documents and settings\ranit_banerjee\application data\FddWWK8fRZ9hXwU
2011-11-14 08:40:08 -------- d-----w- c:\documents and settings\ranit_banerjee\application data\7C459
2011-11-08 06:51:20 6536192 ----a-w- c:\windows\system32\cdintf450_x64.dll
2011-11-08 06:50:54 1262216 ----a-w- c:\windows\system32\GdViewerpro4.ocx
2011-11-08 06:50:53 2335880 ----a-w- c:\windows\system32\gdpdfplug.dll
2011-11-08 06:50:45 4835328 ----a-w- c:\windows\system32\cdintf450.dll
2011-11-08 06:50:39 -------- d-----w- c:\program files\common files\soft602
2011-11-08 06:50:39 -------- d-----w- c:\documents and settings\ranit_banerjee\application data\602Installer
2011-11-08 06:50:33 -------- d-----w- c:\program files\Software602
.
==================== Find3M ====================
.
2011-09-24 20:42:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:57:15.51 ===============


DDS Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/6/2007 4:51:14 AM
System Uptime: 12/5/2011 8:57:45 AM (7 hours ago)
.
Motherboard: LENOVO | | 7664RYU
Processor: Intel Pentium III Xeon processor | None | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 86 GiB total, 4.041 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7910A_________________1.D1____\5&1609414&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Optiarc DVD RW AD-7910A
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7910A_________________1.D1____\5&1609414&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP213: 10/17/2011 12:11:52 PM - Software Distribution Service 3.0
RP214: 10/18/2011 12:10:30 PM - Software Distribution Service 3.0
RP215: 10/19/2011 12:11:36 PM - Software Distribution Service 3.0
RP216: 10/19/2011 2:01:06 PM - Software Distribution Service 3.0
RP217: 10/19/2011 5:03:00 PM - Software Distribution Service 3.0
RP218: 10/20/2011 12:15:21 PM - Software Distribution Service 3.0
RP219: 10/20/2011 9:44:33 PM - Software Distribution Service 3.0
RP220: 10/21/2011 8:16:35 AM - Software Distribution Service 3.0
RP221: 10/22/2011 6:42:46 PM - Software Distribution Service 3.0
RP222: 10/23/2011 12:16:23 PM - Software Distribution Service 3.0
RP223: 10/24/2011 11:58:43 AM - Software Distribution Service 3.0
RP224: 10/25/2011 11:44:49 AM - Software Distribution Service 3.0
RP225: 10/25/2011 10:21:46 PM - Software Distribution Service 3.0
RP226: 10/26/2011 12:11:50 PM - Software Distribution Service 3.0
RP227: 10/27/2011 11:55:34 AM - Software Distribution Service 3.0
RP228: 10/27/2011 7:05:01 PM - Software Distribution Service 3.0
RP229: 10/28/2011 12:08:29 PM - Software Distribution Service 3.0
RP230: 10/29/2011 12:17:23 PM - Software Distribution Service 3.0
RP231: 10/30/2011 12:22:55 PM - Software Distribution Service 3.0
RP232: 10/30/2011 2:41:40 PM - Software Distribution Service 3.0
RP233: 10/31/2011 11:48:56 AM - Software Distribution Service 3.0
RP234: 11/1/2011 12:03:42 PM - System Checkpoint
RP235: 11/1/2011 12:07:21 PM - Software Distribution Service 3.0
RP236: 11/2/2011 11:50:35 AM - Software Distribution Service 3.0
RP237: 11/3/2011 11:47:39 AM - Software Distribution Service 3.0
RP238: 11/4/2011 11:57:29 AM - Software Distribution Service 3.0
RP239: 11/5/2011 7:55:29 PM - Software Distribution Service 3.0
RP240: 11/6/2011 11:36:52 AM - Software Distribution Service 3.0
RP241: 11/7/2011 12:08:27 PM - Software Distribution Service 3.0
RP242: 11/7/2011 10:50:29 PM - Installed Software602 Print2PDF
RP243: 11/7/2011 10:51:34 PM - Printer Driver Print2PDF 9 Installed
RP244: 11/7/2011 10:51:51 PM - Printer Driver Print2PDF 9 Installed
RP245: 11/8/2011 11:35:30 AM - Software Distribution Service 3.0
RP246: 11/9/2011 11:38:10 AM - Software Distribution Service 3.0
RP247: 11/9/2011 5:00:59 PM - Software Distribution Service 3.0
RP248: 11/10/2011 11:49:15 AM - Software Distribution Service 3.0
RP249: 11/11/2011 11:36:04 AM - Software Distribution Service 3.0
RP250: 11/12/2011 12:07:07 PM - Software Distribution Service 3.0
RP251: 11/12/2011 5:57:30 PM - Software Distribution Service 3.0
RP252: 11/13/2011 11:39:20 AM - Software Distribution Service 3.0
RP253: 11/14/2011 12:02:57 PM - Software Distribution Service 3.0
RP254: 11/15/2011 12:36:03 PM - Software Distribution Service 3.0
RP255: 11/16/2011 7:40:14 PM - Software Distribution Service 3.0
RP256: 11/17/2011 11:37:58 AM - Software Distribution Service 3.0
RP257: 11/18/2011 2:12:36 PM - Software Distribution Service 3.0
RP258: 11/19/2011 12:17:23 PM - Software Distribution Service 3.0
RP259: 11/20/2011 11:57:08 AM - Software Distribution Service 3.0
RP260: 11/20/2011 1:37:25 PM - Software Distribution Service 3.0
RP261: 11/20/2011 6:19:03 PM - Software Distribution Service 3.0
RP262: 11/21/2011 12:20:32 PM - Software Distribution Service 3.0
RP263: 11/22/2011 11:52:37 AM - Software Distribution Service 3.0
RP264: 11/23/2011 12:14:46 PM - Software Distribution Service 3.0
RP265: 11/23/2011 12:25:53 PM - Software Distribution Service 3.0
RP266: 11/23/2011 11:55:02 PM - Software Distribution Service 3.0
RP267: 11/24/2011 11:53:46 AM - Software Distribution Service 3.0
RP268: 11/24/2011 10:50:00 PM - Removed Sophos AutoUpdate
RP269: 11/24/2011 10:50:52 PM - Installed Sophos AutoUpdate
RP270: 11/25/2011 12:04:49 PM - Software Distribution Service 3.0
RP271: 11/26/2011 11:33:17 AM - Software Distribution Service 3.0
RP272: 11/27/2011 12:07:40 PM - Software Distribution Service 3.0
RP273: 11/27/2011 12:33:38 PM - Software Distribution Service 3.0
RP274: 11/28/2011 12:27:21 PM - Software Distribution Service 3.0
RP275: 11/29/2011 12:24:42 PM - Software Distribution Service 3.0
RP276: 11/30/2011 12:15:58 PM - Software Distribution Service 3.0
RP277: 12/1/2011 12:31:16 PM - Software Distribution Service 3.0
RP278: 12/2/2011 12:31:52 PM - Software Distribution Service 3.0
RP279: 12/3/2011 12:13:39 PM - Software Distribution Service 3.0
RP280: 12/4/2011 12:56:05 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
2007 Microsoft Office system
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Asterisk Password Decryptor
Bing Bar
Bing Maps 3D
Bonjour
Calypso Main Entry Application
Citrix XenApp Plugin for Hosted Apps
Comcast Desktop Software (v1.2.0.9)
Cool Record Edit Pro v7.9.3
Coupon Printer for Windows
Dell Laser MFP 1815 Software Uninstall
Dell Printer Software Uninstall
Diskeeper Lite
Driver Magician 3.61
ESET Online Scanner v3
FreeOnlineRadioPlayerRecorder Toolbar
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 26
Java™ SE Development Kit 6
Java™ SE Development Kit 6 Update 21
KRyLack Archive Password Recovery
magicJack
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
mCore
mDriver
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox 8.0 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
Notepad++
NVIDIA Drivers
PDFZilla V1.2.9
Perfect Uninstaller v6.3.3.9
Python 2.3.3
RealPlayer
RealUpgrade 1.0
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.5
SnagIt 8
Software602 Print2PDF
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SonicWALL SSL-VPN NetExtender
Sophos AutoUpdate
SoundMAX
SUPERAntiSpyware Free Edition
Sybase Adaptive Server Enterprise Suite
System Update
Tcl/Tk 8.3.2 for Windows
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Uninstall Dell PC Fax
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veoh Web Player Beta
Visokio Omniscope
VNC Free Edition 4.1.3
Wallpapers
WebEx
WebFldrs XP
WinCvs 1.3
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/5/2011 9:30:47 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 8:22:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 8:14:05 AM, error: System Error [1003] - Error code 40000080, parameter1 8a6cbad0, parameter2 8a32f698, parameter3 ba4d3e5c, parameter4 00000001.
12/5/2011 11:35:27 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 10:11:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 9:32:45 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/4/2011 8:56:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/4/2011 8:56:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/4/2011 7:56:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/4/2011 7:56:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/4/2011 6:56:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/4/2011 6:56:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/4/2011 6:51:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 6:41:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'i8042prt.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/4/2011 5:56:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/4/2011 5:56:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/4/2011 4:56:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/4/2011 4:56:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/4/2011 3:56:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/4/2011 3:56:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/4/2011 2:56:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/4/2011 2:56:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/4/2011 12:56:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/4/2011 12:56:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/4/2011 12:18:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 11:53:41 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 1:56:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/4/2011 1:56:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/3/2011 9:56:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
12/3/2011 9:56:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
12/3/2011 9:56:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/3/2011 9:56:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/3/2011 8:56:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
12/3/2011 8:56:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
12/3/2011 7:56:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
12/3/2011 7:56:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
12/3/2011 6:56:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
12/3/2011 6:56:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
12/3/2011 5:56:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
12/3/2011 5:56:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
12/3/2011 4:56:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
12/3/2011 4:56:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
12/3/2011 3:56:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
12/3/2011 3:56:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
12/3/2011 2:56:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
12/3/2011 2:56:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
12/3/2011 12:56:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
12/3/2011 12:56:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
12/3/2011 11:56:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
12/3/2011 11:56:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
12/3/2011 11:56:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/3/2011 11:56:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/3/2011 10:56:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
12/3/2011 10:56:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
12/3/2011 10:56:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/3/2011 10:56:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/3/2011 10:32:25 PM, error: System Error [1003] - Error code 40000080, parameter1 8a84dad0, parameter2 8a34f828, parameter3 ba4dfbb8, parameter4 00000001.
12/3/2011 10:31:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
12/3/2011 10:31:22 PM, error: Service Control Manager [7024] - The OracleDBConsoleCALYPSO service terminated with service-specific error 2 (0x2).
12/3/2011 10:31:22 PM, error: Service Control Manager [7023] - The NEC USB Device Service service terminated with the following error: The specified module could not be found.
12/3/2011 10:31:22 PM, error: Service Control Manager [7023] - The Diskeeper service terminated with the following error: The service has not been started.
12/3/2011 10:31:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sybase SQLServer _ LOCALHOST service to connect.
12/3/2011 10:31:22 PM, error: Service Control Manager [7000] - The Sybase SQLServer _ LOCALHOST service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/3/2011 10:31:22 PM, error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/3/2011 10:31:22 PM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/3/2011 10:31:22 PM, error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/3/2011 1:56:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
12/3/2011 1:56:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
12/2/2011 9:53:35 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 002186589B45 has been denied by the DHCP server 10.1.0.233 (The DHCP Server sent a DHCPNACK message).
12/2/2011 6:47:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SUService service.
12/2/2011 6:01:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/2/2011 10:10:24 PM, error: Dhcp [1002] - The IP address lease 10.1.2.115 for the Network Card with network address 002186589B45 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/1/2011 8:16:47 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
.
==== End Of File ===========================

Edited by rendezvou, 05 December 2011 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 10 December 2011 - 06:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430938 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 11 December 2011 - 11:51 PM

Hi,
I have replied on the link letting you know that I still need help and badly need it.

My laptop (Windows XP SP3) have started showing a new issue since yesterday which is the most dangerous.

I ran Malwarebytes, Miscrosoft Security Essentials and Eset scans a few times and they did detect a few trojans and other problem which were quarantined and removed by them but then the most damaging thing struck.
1) The keyboard and touch-pad of my laptop stopped working, its not responding at all and Windows Device Manager shows a small icon against these devices indicating something is wrong. Using the troubleshoot option has not helped.
I am therefore having to write this from my gf's computer. I am badly screwed!
GMER scan indicates rootkits!! gmer.log cannot be attached as the file is big and I have only 2 kb left in my global quota! How can I post the gmer.log please let me know.

2) I cannot open any program from the Start menu like firefox, Antivirus, MS Office, MSPaint, regedit It keeps prompting the Open with Dialog Box and when I click ok it downloads a local exe file for the program in question say for example firefox.exe.

3) I cannot open anything in the Control Panel, say Display Option etc. It says C:\Windows\System32\rundll.exe- Application Not Found

4) I cannot update Antivirus (Miscrosoft Security Essentials, it fails to connect to the internet though I can connect on IE

5) Web addresses get redirected.


DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by ranitbkup at 15:55:48 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2162 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\tools\oracle\11gr1\Bin\extjob.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFre2.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Print2PDF Print Monitor] "c:\giveaway of the day softwareeeeeeees\Print2PDF.exe" /server
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189027808234
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://calypso.webex.com/client/T26L/webex/ieatgpc.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify - ACNotify.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: qoMeEurr - qoMeEurr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ranitbkup\application data\mozilla\firefox\profiles\hhmhyk3r.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npNELaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslc39f2dcd;MpKslc39f2dcd;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffcd6597-3ac0-49cc-ab98-91d50a1e25a4}\MpKslc39f2dcd.sys [2011-12-11 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2011-11-7 73728]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 OracleJobSchedulerCALYPSO;OracleJobSchedulerCALYPSO;c:\tools\oracle\11gr1\bin\extjob.exe calypso --> c:\tools\oracle\11gr1\bin\extjob.exe CALYPSO [?]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 SYBSQL_LOCALHOST;Sybase SQLServer _ LOCALHOST;c:\tools\sybase15\ase-15_0\bin\sqlsrvr.exe -slocalhost -c --> c:\tools\sybase15\ase-15_0\bin\sqlsrvr.exe -sLOCALHOST -C [?]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2006-8-28 20504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S1 MpKsl07422538;MpKsl07422538;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\mpksl07422538.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\MpKsl07422538.sys [?]
S1 MpKsl0991b8e2;MpKsl0991b8e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fbbcc81-4f79-4c9c-b403-1a9ae00eb529}\mpksl0991b8e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3fbbcc81-4f79-4c9c-b403-1a9ae00eb529}\MpKsl0991b8e2.sys [?]
S1 MpKsl0eb09268;MpKsl0eb09268;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\mpksl0eb09268.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\MpKsl0eb09268.sys [?]
S1 MpKsl1859233d;MpKsl1859233d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\mpksl1859233d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b7cdf3f7-c7a2-4006-a090-bb9343124746}\MpKsl1859233d.sys [?]
S1 MpKsl2b143e5b;MpKsl2b143e5b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\mpksl2b143e5b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b126fa40-28a5-45b4-ab74-b7d44c09433e}\MpKsl2b143e5b.sys [?]
S1 MpKsl2c588f17;MpKsl2c588f17;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e9608d-caf1-4a96-91c8-638a6073aa08}\mpksl2c588f17.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74e9608d-caf1-4a96-91c8-638a6073aa08}\MpKsl2c588f17.sys [?]
S1 MpKsl3c41bb6f;MpKsl3c41bb6f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b43d7cd-bdcd-417f-ae0f-1e12c0eb593c}\mpksl3c41bb6f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b43d7cd-bdcd-417f-ae0f-1e12c0eb593c}\MpKsl3c41bb6f.sys [?]
S1 MpKsl413ab434;MpKsl413ab434;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{578a1a9e-1e5c-4da9-b195-638c110f107a}\mpksl413ab434.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{578a1a9e-1e5c-4da9-b195-638c110f107a}\MpKsl413ab434.sys [?]
S1 MpKsl54d2a6a9;MpKsl54d2a6a9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f57cddc-229e-49ed-90b0-1040c5fce374}\mpksl54d2a6a9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f57cddc-229e-49ed-90b0-1040c5fce374}\MpKsl54d2a6a9.sys [?]
S1 MpKsl56caaf10;MpKsl56caaf10;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{860e9b63-8aac-4574-81c8-168c3be59257}\mpksl56caaf10.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{860e9b63-8aac-4574-81c8-168c3be59257}\MpKsl56caaf10.sys [?]
S1 MpKsl5c34ef82;MpKsl5c34ef82;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4840bf7b-8cd9-4f2e-8ab6-d71c41d6be7b}\mpksl5c34ef82.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4840bf7b-8cd9-4f2e-8ab6-d71c41d6be7b}\MpKsl5c34ef82.sys [?]
S1 MpKsl6f1b5e12;MpKsl6f1b5e12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\mpksl6f1b5e12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\MpKsl6f1b5e12.sys [?]
S1 MpKsl90d22b96;MpKsl90d22b96;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\mpksl90d22b96.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5988593b-bdcb-4ff0-9ccf-009d153c1274}\MpKsl90d22b96.sys [?]
S1 MpKsla16a762f;MpKsla16a762f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{646399d4-f0d5-4a6a-a16d-3b1c81267749}\mpksla16a762f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{646399d4-f0d5-4a6a-a16d-3b1c81267749}\MpKsla16a762f.sys [?]
S1 MpKsla40ea13b;MpKsla40ea13b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74de639-bb9e-460a-89cf-5ebb93421b9f}\mpksla40ea13b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c74de639-bb9e-460a-89cf-5ebb93421b9f}\MpKsla40ea13b.sys [?]
S1 MpKslc6480f16;MpKslc6480f16;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab20c15-1490-499b-9203-0679cfec871d}\mpkslc6480f16.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab20c15-1490-499b-9203-0679cfec871d}\MpKslc6480f16.sys [?]
S1 MpKslcec671d8;MpKslcec671d8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12ff1473-7950-46aa-8b93-ba15cbdf1871}\mpkslcec671d8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{12ff1473-7950-46aa-8b93-ba15cbdf1871}\MpKslcec671d8.sys [?]
S1 MpKsle4d04fe3;MpKsle4d04fe3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\mpksle4d04fe3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb5d33d0-c075-421f-b6df-f79a87bd58fa}\MpKsle4d04fe3.sys [?]
S1 MpKsled9f6874;MpKsled9f6874;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89961ca4-67d5-48be-80ec-f214682e2818}\mpksled9f6874.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89961ca4-67d5-48be-80ec-f214682e2818}\MpKsled9f6874.sys [?]
S1 MpKslfc5b8e7f;MpKslfc5b8e7f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{010fc79e-7fac-42dc-9f6b-9904b7ac4371}\mpkslfc5b8e7f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{010fc79e-7fac-42dc-9f6b-9904b7ac4371}\MpKslfc5b8e7f.sys [?]
S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2006-4-29 14336]
S2 OracleDBConsoleCALYPSO;OracleDBConsoleCALYPSO;c:\tools\oracle\11gr1\bin\nmesrvc.exe [2008-5-15 25600]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-16 191752]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007-8-11 81280]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\tools\oracle\11gr1\bin\tnslsnr --> c:\tools\oracle\11gr1\bin\TNSLSNR [?]
S3 OracleServiceCALYPSO;OracleServiceCALYPSO;c:\tools\oracle\11gr1\bin\oracle.exe calypso --> c:\tools\oracle\11gr1\bin\ORACLE.EXE CALYPSO [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 SybaseUAService;Sybase Unified Agent;c:\tools\sybase15\uaf-2_0\utility\ntautostart\release\uaservice.exe [2007-9-5 49152]
S3 SYBBCK_LOCALHOST_BS;Sybase BCKServer _ LOCALHOST_BS;c:\tools\sybase15\ase-15_0\bin\bcksrvr.exe -slocalhost_bs -r --> c:\tools\sybase15\ase-15_0\bin\bcksrvr.exe -SLOCALHOST_BS -R [?]
S3 SYBXPS_LOCALHOST_XP;Sybase XPServer _ LOCALHOST_XP;c:\tools\sybase15\ase-15_0\bin\xpserver.exe -slocalhost_xp -c --> c:\tools\sybase15\ase-15_0\bin\xpserver.exe -SLOCALHOST_XP -C [?]
.
=============== Created Last 30 ================
.
2011-12-11 18:50:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffcd6597-3ac0-49cc-ab98-91d50a1e25a4}\MpKslc39f2dcd.sys
2011-12-11 18:50:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffcd6597-3ac0-49cc-ab98-91d50a1e25a4}\offreg.dll
2011-12-10 17:35:05 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffcd6597-3ac0-49cc-ab98-91d50a1e25a4}\mpengine.dll
2011-12-07 16:34:05 -------- d-----w- c:\documents and settings\ranitbkup\local settings\application data\TechSmith
2011-12-07 16:26:07 -------- d-----w- c:\documents and settings\ranitbkup\local settings\application data\ESET
2011-12-07 16:26:07 -------- d-----w- c:\documents and settings\ranitbkup\application data\ESET
2011-12-04 21:37:24 -------- d-----w- c:\documents and settings\ranitbkup\local settings\application data\Mozilla
2011-12-04 21:27:15 -------- d-----w- c:\documents and settings\ranitbkup\application data\SUPERAntiSpyware.com
2011-12-04 21:26:16 -------- d-sh--w- c:\documents and settings\ranitbkup\PrivacIE
2011-12-04 21:26:15 -------- d-----w- c:\documents and settings\ranitbkup\local settings\application data\Conduit
2011-12-04 21:26:12 -------- d-----w- c:\documents and settings\ranitbkup\local settings\application data\FreeOnlineRadioPlayerRecorder
2011-11-14 20:38:04 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-24 20:42:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:56:39.50 ===============

DDS Attach log

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/6/2007 4:51:14 AM
System Uptime: 12/11/2011 2:52:59 PM (1 hours ago)
.
Motherboard: LENOVO | | 7664RYU
Processor: Intel Pentium III Xeon processor | None | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 86 GiB total, 3.428 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&374CCB25&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&374CCB25&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: ThinkPad UltraNav Pointing Device
Device ID: ACPI\IBM0057\4&374CCB25&0
Manufacturer: Lenovo
Name: ThinkPad UltraNav Pointing Device
PNP Device ID: ACPI\IBM0057\4&374CCB25&0
Service: i8042prt
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7910A_________________1.D1____\5&1609414&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: Optiarc DVD RW AD-7910A
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7910A_________________1.D1____\5&1609414&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP213: 10/17/2011 12:11:52 PM - Software Distribution Service 3.0
RP214: 10/18/2011 12:10:30 PM - Software Distribution Service 3.0
RP215: 10/19/2011 12:11:36 PM - Software Distribution Service 3.0
RP216: 10/19/2011 2:01:06 PM - Software Distribution Service 3.0
RP217: 10/19/2011 5:03:00 PM - Software Distribution Service 3.0
RP218: 10/20/2011 12:15:21 PM - Software Distribution Service 3.0
RP219: 10/20/2011 9:44:33 PM - Software Distribution Service 3.0
RP220: 10/21/2011 8:16:35 AM - Software Distribution Service 3.0
RP221: 10/22/2011 6:42:46 PM - Software Distribution Service 3.0
RP222: 10/23/2011 12:16:23 PM - Software Distribution Service 3.0
RP223: 10/24/2011 11:58:43 AM - Software Distribution Service 3.0
RP224: 10/25/2011 11:44:49 AM - Software Distribution Service 3.0
RP225: 10/25/2011 10:21:46 PM - Software Distribution Service 3.0
RP226: 10/26/2011 12:11:50 PM - Software Distribution Service 3.0
RP227: 10/27/2011 11:55:34 AM - Software Distribution Service 3.0
RP228: 10/27/2011 7:05:01 PM - Software Distribution Service 3.0
RP229: 10/28/2011 12:08:29 PM - Software Distribution Service 3.0
RP230: 10/29/2011 12:17:23 PM - Software Distribution Service 3.0
RP231: 10/30/2011 12:22:55 PM - Software Distribution Service 3.0
RP232: 10/30/2011 2:41:40 PM - Software Distribution Service 3.0
RP233: 10/31/2011 11:48:56 AM - Software Distribution Service 3.0
RP234: 11/1/2011 12:03:42 PM - System Checkpoint
RP235: 11/1/2011 12:07:21 PM - Software Distribution Service 3.0
RP236: 11/2/2011 11:50:35 AM - Software Distribution Service 3.0
RP237: 11/3/2011 11:47:39 AM - Software Distribution Service 3.0
RP238: 11/4/2011 11:57:29 AM - Software Distribution Service 3.0
RP239: 11/5/2011 7:55:29 PM - Software Distribution Service 3.0
RP240: 11/6/2011 11:36:52 AM - Software Distribution Service 3.0
RP241: 11/7/2011 12:08:27 PM - Software Distribution Service 3.0
RP242: 11/7/2011 10:50:29 PM - Installed Software602 Print2PDF
RP243: 11/7/2011 10:51:34 PM - Printer Driver Print2PDF 9 Installed
RP244: 11/7/2011 10:51:51 PM - Printer Driver Print2PDF 9 Installed
RP245: 11/8/2011 11:35:30 AM - Software Distribution Service 3.0
RP246: 11/9/2011 11:38:10 AM - Software Distribution Service 3.0
RP247: 11/9/2011 5:00:59 PM - Software Distribution Service 3.0
RP248: 11/10/2011 11:49:15 AM - Software Distribution Service 3.0
RP249: 11/11/2011 11:36:04 AM - Software Distribution Service 3.0
RP250: 11/12/2011 12:07:07 PM - Software Distribution Service 3.0
RP251: 11/12/2011 5:57:30 PM - Software Distribution Service 3.0
RP252: 11/13/2011 11:39:20 AM - Software Distribution Service 3.0
RP253: 11/14/2011 12:02:57 PM - Software Distribution Service 3.0
RP254: 11/15/2011 12:36:03 PM - Software Distribution Service 3.0
RP255: 11/16/2011 7:40:14 PM - Software Distribution Service 3.0
RP256: 11/17/2011 11:37:58 AM - Software Distribution Service 3.0
RP257: 11/18/2011 2:12:36 PM - Software Distribution Service 3.0
RP258: 11/19/2011 12:17:23 PM - Software Distribution Service 3.0
RP259: 11/20/2011 11:57:08 AM - Software Distribution Service 3.0
RP260: 11/20/2011 1:37:25 PM - Software Distribution Service 3.0
RP261: 11/20/2011 6:19:03 PM - Software Distribution Service 3.0
RP262: 11/21/2011 12:20:32 PM - Software Distribution Service 3.0
RP263: 11/22/2011 11:52:37 AM - Software Distribution Service 3.0
RP264: 11/23/2011 12:14:46 PM - Software Distribution Service 3.0
RP265: 11/23/2011 12:25:53 PM - Software Distribution Service 3.0
RP266: 11/23/2011 11:55:02 PM - Software Distribution Service 3.0
RP267: 11/24/2011 11:53:46 AM - Software Distribution Service 3.0
RP268: 11/24/2011 10:50:00 PM - Removed Sophos AutoUpdate
RP269: 11/24/2011 10:50:52 PM - Installed Sophos AutoUpdate
RP270: 11/25/2011 12:04:49 PM - Software Distribution Service 3.0
RP271: 11/26/2011 11:33:17 AM - Software Distribution Service 3.0
RP272: 11/27/2011 12:07:40 PM - Software Distribution Service 3.0
RP273: 11/27/2011 12:33:38 PM - Software Distribution Service 3.0
RP274: 11/28/2011 12:27:21 PM - Software Distribution Service 3.0
RP275: 11/29/2011 12:24:42 PM - Software Distribution Service 3.0
RP276: 11/30/2011 12:15:58 PM - Software Distribution Service 3.0
RP277: 12/1/2011 12:31:16 PM - Software Distribution Service 3.0
RP278: 12/2/2011 12:31:52 PM - Software Distribution Service 3.0
RP279: 12/3/2011 12:13:39 PM - Software Distribution Service 3.0
RP280: 12/4/2011 12:56:05 PM - System Checkpoint
RP281: 12/6/2011 2:56:14 PM - System Checkpoint
RP282: 12/7/2011 11:13:07 PM - System Checkpoint
RP283: 12/9/2011 8:18:57 PM - System Checkpoint
RP284: 12/10/2011 10:23:58 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
2007 Microsoft Office system
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Asterisk Password Decryptor
Bing Bar
Bing Maps 3D
Bonjour
Citrix XenApp Plugin for Hosted Apps
Comcast Desktop Software (v1.2.0.9)
Cool Record Edit Pro v7.9.3
Coupon Printer for Windows
Dell Laser MFP 1815 Software Uninstall
Dell Printer Software Uninstall
Diskeeper Lite
Driver Magician 3.61
ESET Online Scanner v3
ESET Smart Security
FreeOnlineRadioPlayerRecorder Toolbar
Google Talk (remove only)
Google Talk Plugin
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 26
Java™ SE Development Kit 6
Java™ SE Development Kit 6 Update 21
KRyLack Archive Password Recovery
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
mCore
mDriver
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox 8.0 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
Notepad++
NVIDIA Drivers
PDFZilla V1.2.9
Perfect Uninstaller v6.3.3.9
Python 2.3.3
RealPlayer
RealUpgrade 1.0
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.5
SnagIt 8
Software602 Print2PDF
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SonicWALL SSL-VPN NetExtender
Sophos AutoUpdate
SoundMAX
SUPERAntiSpyware Free Edition
Sybase Adaptive Server Enterprise Suite
System Update
Tcl/Tk 8.3.2 for Windows
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Uninstall Dell PC Fax
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veoh Web Player Beta
Visokio Omniscope
VNC Free Edition 4.1.3
Wallpapers
WebEx
WebFldrs XP
WinCvs 1.3
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XP Themes
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 9:57:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/9/2011 6:24:12 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SUService service.
12/8/2011 9:56:00 AM, error: Schedule [7901] - The At68.job command failed to start due to the following error: %%2147942402
12/8/2011 9:27:43 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
12/8/2011 10:15:37 AM, error: PSched [14103] - QoS [Adapter {2E566090-38E4-4380-88C5-FA23407F62C2}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
12/7/2011 8:29:22 PM, error: Dhcp [1002] - The IP address lease 10.1.2.115 for the Network Card with network address 002186589B45 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/7/2011 12:17:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/6/2011 5:56:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
12/6/2011 5:56:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
12/6/2011 4:56:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
12/5/2011 9:30:47 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 8:22:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 8:14:05 AM, error: System Error [1003] - Error code 40000080, parameter1 8a6cbad0, parameter2 8a32f698, parameter3 ba4d3e5c, parameter4 00000001.
12/5/2011 8:13:09 AM, error: Service Control Manager [7023] - The NEC USB Device Service service terminated with the following error: The specified module could not be found.
12/5/2011 8:13:09 AM, error: Service Control Manager [7023] - The Diskeeper service terminated with the following error: The service has not been started.
12/5/2011 8:13:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sybase SQLServer _ LOCALHOST service to connect.
12/5/2011 8:13:09 AM, error: Service Control Manager [7000] - The rimsptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/5/2011 8:13:09 AM, error: Service Control Manager [7000] - The rimmptsk service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/5/2011 8:13:09 AM, error: Service Control Manager [7000] - The Ricoh xD-Picture Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/5/2011 8:05:04 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/5/2011 7:56:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/5/2011 7:56:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/5/2011 6:56:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/5/2011 6:56:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/5/2011 5:56:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/5/2011 5:56:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/5/2011 4:56:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
12/5/2011 4:56:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
12/5/2011 3:56:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
12/5/2011 3:56:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
12/5/2011 2:56:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
12/5/2011 2:56:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
12/5/2011 12:56:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
12/5/2011 12:56:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
12/5/2011 11:35:27 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 10:16:43 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 002186589B45 has been denied by the DHCP server 10.1.0.233 (The DHCP Server sent a DHCPNACK message).
12/5/2011 10:11:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/5/2011 1:56:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
12/5/2011 1:56:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
12/4/2011 9:56:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
12/4/2011 9:56:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
12/4/2011 9:56:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/4/2011 9:56:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/4/2011 8:56:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
12/4/2011 8:56:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
12/4/2011 8:56:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/4/2011 8:56:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/4/2011 7:56:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
12/4/2011 7:56:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
12/4/2011 6:56:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
12/4/2011 6:56:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
12/4/2011 6:51:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 6:42:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
12/4/2011 6:42:41 PM, error: Service Control Manager [7024] - The OracleDBConsoleCALYPSO service terminated with service-specific error 2 (0x2).
12/4/2011 6:42:41 PM, error: Service Control Manager [7000] - The Sybase SQLServer _ LOCALHOST service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/4/2011 6:41:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'i8042prt.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/4/2011 3:56:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
12/4/2011 3:56:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
12/4/2011 2:56:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
12/4/2011 2:56:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
12/4/2011 12:56:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
12/4/2011 12:56:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
12/4/2011 12:18:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 11:56:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
12/4/2011 11:56:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
12/4/2011 11:56:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/4/2011 11:56:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/4/2011 11:53:41 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.275.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/4/2011 10:56:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
12/4/2011 10:56:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
12/4/2011 10:56:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/4/2011 10:56:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/4/2011 1:56:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
12/4/2011 1:56:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
12/11/2011 11:01:03 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
12/11/2011 10:52:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Update service to connect.
12/11/2011 10:52:16 AM, error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 9:12:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom i8042prt Imapi
12/10/2011 9:05:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 12:31:44 PM, error: Service Control Manager [7024] - The Sybase SQLServer _ LOCALHOST service terminated with service-specific error 13 (0xD).
.
==== End Of File ===========================

Edited by rendezvou, 12 December 2011 - 12:31 AM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:51 AM

Posted 12 December 2011 - 09:30 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then run OTL, a scanner

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 13 December 2011 - 02:03 AM

Hi M0le,

I got your instructions.
I will be sending the results in the new few minutes.

Thanks

#6 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 13 December 2011 - 11:15 PM

TDS killer scan returned 0 threats surorisingly when I had the default parameters (Services and Drivers & Boot sectors)selected.

However when I selected the additional options and reran the scan it produced a large file with results.

Let me know if you would like to see those results.

OTL scan is stopping everytime while scanning Firefix settings. Please advise what can I do.

#7 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 14 December 2011 - 01:31 AM

Ok I was able to run OTL scan

It completed the scan but didn't produce any log files like you said it would.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:51 AM

Posted 14 December 2011 - 06:29 PM

Check the OTL folder (found where you saved the program on your computer) for the OTL.txt file.
Posted Image
m0le is a proud member of UNITE

#9 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 14 December 2011 - 08:24 PM

You were right.. Thanks

I found the OTL.txt

OTL logfile created on: 12/13/2011 10:31:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ranit_banerjee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.37% Memory free
5.84 Gb Paging File | 4.41 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.45 Gb Total Space | 6.32 Gb Free Space | 7.32% Space Free | Partition Type: NTFS

Computer Name: RANITBANERJEE | User Name: ranit_banerjee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - C:\Documents and Settings\ranit_banerjee\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft\BingBar\BingApp.exe (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\services.exe (Microsoft Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [RPCSS] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [NETSVCS] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [IMGSVC] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] (Microsoft Corporation)
PRC - C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
PRC - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe ()
PRC - c:\tools\oracle\11gR1\BIN\extjob.exe ()
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)


========== Modules (All) ==========

MOD - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCD6597-3AC0-49CC-AB98-91D50A1E25A4}\offreg.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\ranit_banerjee\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
MOD - c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCD6597-3AC0-49CC-AB98-91D50A1E25A4}\mpengine.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\FreeOnlineRadioPlayerRecorder\tbFre2.dll (Conduit Ltd.)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\updater.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\shellExt.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnHips.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnParental.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll (ESET)
MOD - C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll (ESET)
MOD - C:\WINDOWS\system32\Macromed\Flash\Flash10w.ocx (Adobe Systems, Inc.)
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ed10e9e96140f52afb752de4b2cd8739\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c224b0dc1a75fd48e95f9e149ce9a9c6\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\67665cbcec1b0ce92e236e15cae358a4\System.ni.dll ()
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Microsoft\BingBar\Apps\Rewards_e3d654a3d16a49cfaba24a26771e9570\7.0.864\BingRewardsClient.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\FreeOnlineRadioPlayerRecorder\ldrtbFre2.dll (Conduit Ltd.)
MOD - C:\Program Files\Conduit\Community Alerts\Alert0.dll (Conduit Ltd.)
MOD - C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wininet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msfeeds.dll (Microsoft Corporation)
MOD - C:\Program Files\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iepeers.dll (Microsoft Corporation)
MOD - C:\Program Files\Internet Explorer\xpshims.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\shellext.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
MOD - C:\Program Files\Microsoft\BingBar\BingApp.exe (Microsoft Corporation.)
MOD - C:\Program Files\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
MOD - C:\Program Files\Microsoft\BingBar\common.dll (Microsoft Corporation.)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Microsoft\BingBar\Apps\Search_6f21d9007fa34bc78d94309126de58f5\7.0.760\SearchHistoryStore.dll (Microsoft Corporation.)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.0.760\mailcomm.dll (Microsoft Corporation.)
MOD - C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Microsoft\BingBar\Apps\Search_6f21d9007fa34bc78d94309126de58f5\7.0.760\SearchGhosting.dll (Microsoft Corporation.)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll (Microsoft Corporation)
MOD - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll (Conduit Ltd.)
MOD - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
MOD - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MpRTP.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Security Client\Antimalware\MpOAv.dll (Microsoft Corporation)
MOD - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
MOD - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
MOD - C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
MOD - C:\Program Files\Microsoft\BingBar\DefMgr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()
MOD - c:\Program Files\Microsoft Silverlight\4.0.60310.0\agcore.dll (Microsoft Corporation)
MOD - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
MOD - C:\WINDOWS\system32\dnsapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
MOD - C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
MOD - C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\lsasrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\ado\msado15.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbc32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
MOD - C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rpcrt4.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
MOD - C:\Program Files\Java\jre6\bin\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\WINDOWS\system32\msxml3.dll (Microsoft Corporation)
MOD - C:\Program Files\Perfect Uninstaller\Contextmenu.dll ()
MOD - C:\Program Files\Sophos\AutoUpdate\config.dll (Sophos Plc)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\usp10.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
MOD - C:\WINDOWS\system32\WMVCore.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\asycfilt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Sophos\AutoUpdate\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\Sophos\AutoUpdate\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wintrust.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shlwapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\AppPatch\aclayers.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\oakley.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rastls.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\raschap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msasn1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winhttp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msxml6.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wuapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\atl.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\secur32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\localspl.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
MOD - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msrating.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\jscript.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\vbscript.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dxtmsft.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dxtrans.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\imgutil.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pngfilt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ieui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msls31.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pdh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wmiprvsd.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\services.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xmllite.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\normaliz.dll (Microsoft Corporation)
MOD - C:\Program Files\Notepad++\nppcm.dll (Burgaud.com)
MOD - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\gdi32.dll (Microsoft Corporation)
MOD - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
MOD - c:\Program Files\Lenovo\System Update\TvsuServiceCommon.dll ( )
MOD - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
MOD - C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation)
MOD - C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\ctxmui.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\cgpcfg.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\icalogon.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\confmgr.dll ()
MOD - C:\Program Files\Citrix\ICA Client\icafile.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\ctxlogging.dll ()
MOD - C:\Program Files\Citrix\ICA Client\TcpPServ.dll (Citrix Systems, Inc.)
MOD - C:\Program Files\Citrix\ICA Client\CgpCore.dll (Citrix Systems, Inc.)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll (Microsoft Corporation)
MOD - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\es.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mscms.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msdtcprx.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mtxoci.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mtxclu.dll (Microsoft Corporation)
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
MOD - C:\WINDOWS\system32\scrrun.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\msadc\msadce.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\setupapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rdpwsx.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\h323.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\unimdm.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winspool.drv (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ndptsp.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\kmddsp.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hidphone.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ipconf.tsp (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\smss.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
MOD - C:\WINDOWS\explorer.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wzcdlg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wzcsapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xolehlp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ws2_32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsnmp32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ws2help.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wshtcpip.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winmm.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wldap32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winscard.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wlanapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winipsec.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\userenv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\user32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemcore.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\vssapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemess.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemcomn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\upnp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\win32spl.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\usbui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\version.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\usbmon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sxs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\themeui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\umpnpmgr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\unimdmat.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sti.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\srclient.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\twext.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tcpmon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ssdpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\tcpmib.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\uniplat.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\spoolss.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\snmpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\scesrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\scecli.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shimeng.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sensapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sfc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\riched20.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\samsrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\repdrvfs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\samlib.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\resutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\regapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasdlg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasppp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\psbase.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\qutil.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasqec.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rastapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pstorsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\profmap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\psapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\powrprof.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netshell.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\Ole DB\oledb32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcjt32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\newdev.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui1.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\onex.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntshrui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntmarta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbccp32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\olepro32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui0.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntdsapi.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\Ole DB\oledb32r.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlanman.dll (Microsoft Corporation)
MOD - c:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\perfdisk.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\perfos.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcbcp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\pjlmon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ntlsapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netcfgx.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netlogon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netman.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvfw32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mydocs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\ncprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ncobjapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nddeapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netrap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mstask.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msutb.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msjint40.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mstlsapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msgina.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\Ole DB\msdasql.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msimtf.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msdart.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\Ole DB\msdatl3.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msidle.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msimg32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msctf.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\modemui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mpr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfcsubs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mgmtapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ksuser.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ipsecsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\inetpp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\imagehlp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\imm32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hidserv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\icaapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\esent.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\esscli.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\faultrep.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eventlog.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\fltlib.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dsound.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\duser.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eappcfg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eappprxy.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dispex.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eapolqec.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dot3api.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.)
MOD - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\drprov.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dot3dlg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\d3dim700.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comres.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cryptui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cscui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\colbact.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\cryptdll.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ddrawex.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\davclnt.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\catsrvut.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\clbcatq.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\catsrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\certcli.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\browser.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\authz.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\clusapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cnbjmon.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\batmeter.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\apphelp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\activeds.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\adsldpc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\actxprxy.dll (Microsoft Corporation)
MOD - C:\WINDOWS\AppPatch\acadproc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcji32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
MOD - C:\WINDOWS\system32\icmp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dssenh.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\odbcint.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\System\msadc\msadcer.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\browselc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\shdoclc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msprivs.dll (Microsoft Corporation)
MOD - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\SLog.dll (SonicWALL Inc.)
MOD - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
MOD - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NECore.dll (SonicWALL Inc.)
MOD - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
MOD - C:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe ()
MOD - C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
MOD - C:\WINDOWS\system32\wmasf.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msjet40.dll (Microsoft Corporation)
MOD - c:\tools\oracle\11gR1\BIN\oci.dll (Oracle Corporation)
MOD - c:\tools\oracle\11gR1\BIN\extjob.exe ()
MOD - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
MOD - c:\tools\oracle\11gR1\BIN\oracore11.dll (Oracle Corporation)
MOD - c:\tools\oracle\11gR1\BIN\orauts.dll (Oracle Corporation)
MOD - c:\tools\oracle\11gR1\BIN\oraunls11.dll (Oracle Corporation)
MOD - c:\tools\oracle\11gR1\BIN\oranls11.dll (Oracle Corporation)
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybaseldap.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybblk.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybct.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybtcl.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybcs.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybcomn.dll ()
MOD - C:\tools\sybase15\ASE-15_0\bin\libsybintl.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll (Lenovo)
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll (Lenovo )
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll (IBM Corp.)
MOD - C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll (IBM Corp.)
MOD - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
MOD - C:\tools\sybase15\ASE-15_0\bin\dbghelp.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
MOD - C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll (TechSmith Corporation)
MOD - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddinRes.dll (TechSmith Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\MurocApi.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\DbEngine.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll (Intel Corporation)
MOD - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
MOD - C:\WINDOWS\system32\mswstr10.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msjter40.dll (Microsoft Corporation)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\ps2css.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\pscssint.dll (UPEK Inc.)
MOD - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\homepass.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\bio.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\crypto.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\remote.dll (UPEK Inc.)
MOD - C:\Program Files\ThinkVantage Fingerprint Software\infra.dll (UPEK Inc.)
MOD - C:\tools\sybase15\DataAccess\ODBC\dll\sbgse2.dll ()
MOD - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
MOD - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
MOD - C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\system32\BTNCopy.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\system32\wbtapi.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\system32\WidcommSdk.dll (Broadcom Corporation.)
MOD - C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com)
MOD - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\Tem.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\en-us\cmres.dll.mui (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\searchboxRes.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\mtbres.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\en-us\mtbres.dll.mui (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\cmres.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\CBRes.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\msn_slrs.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\en-us\cbRes.dll.mui (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\en-us\searchboxRes.dll.mui (Microsoft Corporation)
MOD - C:\Program Files\Windows Live Toolbar\en-us\msn_slrs.dll.mui (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
MOD - C:\Program Files\Common Files\Lenovo\ui.dll (Lenovo Group Limited)
MOD - C:\Program Files\Common Files\Lenovo\zlib.dll (Lenovo Group Limited)
MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll (The OpenSSL Project, http://www.openssl.org/)
MOD - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfc71u.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll (Diskeeper Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll (Diskeeper Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll (Diskeeper Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll (Diskeeper Corporation)
MOD - C:\WINDOWS\system32\RealMediaSplitter.ax (Gabest)
MOD - C:\WINDOWS\system32\DellFaxPort.dll ()
MOD - C:\WINDOWS\system32\Delg1LMK.DLL (Samsung Electronics.)
MOD - C:\tools\sybase15\ASE-15_0\dll\SYBEVENT.DLL ()
MOD - c:\tools\oracle\11gR1\BIN\msvcr71.dll (Microsoft Corporation)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll (Executive Software International, Inc.)
MOD - C:\tools\sybase15\OCS-15_0\dll\libsybunic.dll (Sybase)
MOD - C:\WINDOWS\system32\wmploc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netui2.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\netmsg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\oleacc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\langwrbk.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mprui.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\KOPPR001.Dll (Konica)
MOD - C:\Program Files\Diskeeper Corporation\Diskeeper\msvcr71.dll (Microsoft Corporation)
MOD - C:\tools\sybase15\ASE-15_0\bin\msvcp60.dll (Microsoft Corporation)


========== Win32 Services (All) ==========

SRV - (necusb) -- File not found
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (lanmanserver) -- C:\WINDOWS\system32\srvsvc.dll (Microsoft Corporation)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (602XML Updater) -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe (Software602 a.s.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Themes) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (ShellHWDetection) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility) -- C:\WINDOWS\system32\shsvcs.dll (Microsoft Corporation)
SRV - (lanmanworkstation) -- C:\WINDOWS\system32\wkssvc.dll (Microsoft Corporation)
SRV - (Dnscache) -- C:\WINDOWS\system32\dnsrslvr.dll (Microsoft Corporation)
SRV - (Wmi) -- C:\WINDOWS\system32\advapi32.dll (Microsoft Corporation)
SRV - (RpcSs) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (DcomLaunch) -- C:\WINDOWS\system32\rpcss.dll (Microsoft Corporation)
SRV - (PlugPlay) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (Eventlog) -- C:\WINDOWS\system32\services.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (EventSystem) -- C:\WINDOWS\system32\es.dll (Microsoft Corporation)
SRV - (Nla) Network Location Awareness (NLA) -- C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
SRV - (WmiApSrv) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
SRV - (VSS) -- C:\WINDOWS\system32\vssvc.exe (Microsoft Corporation)
SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Microsoft Corporation)
SRV - (UPS) -- C:\WINDOWS\system32\ups.exe (Microsoft Corporation)
SRV - (SysmonLog) -- C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation)
SRV - (RDSessMgr) -- C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (MSIServer) -- C:\WINDOWS\System32\msiexec.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation)
SRV - (mnmsrvc) -- C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation)
SRV - (RpcLocator) Remote Procedure Call (RPC) -- C:\WINDOWS\system32\locator.exe (Microsoft Corporation)
SRV - (SamSs) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ProtectedStorage) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (PolicyAgent) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (NtLmSsp) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (Netlogon) -- C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
SRV - (ImapiService) -- C:\WINDOWS\system32\imapi.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINDOWS\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SRV - (SwPrv) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (COMSysApp) -- C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation)
SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation)
SRV - (CiSvc) -- C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation)
SRV - (ALG) -- C:\WINDOWS\system32\alg.exe (Microsoft Corporation)
SRV - (WZCSVC) -- C:\WINDOWS\system32\wzcsvc.dll (Microsoft Corporation)
SRV - (xmlprov) -- C:\WINDOWS\system32\xmlprov.dll (Microsoft Corporation)
SRV - (winmgmt) -- C:\WINDOWS\system32\wbem\wmisvc.dll (Microsoft Corporation)
SRV - (stisvc) Windows Image Acquisition (WIA) -- C:\WINDOWS\system32\wiaservc.dll (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation)
SRV - (W32Time) -- C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
SRV - (WebClient) -- C:\WINDOWS\system32\webclnt.dll (Microsoft Corporation)
SRV - (HTTPFilter) -- C:\WINDOWS\system32\w3ssl.dll (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (TapiSrv) -- C:\WINDOWS\system32\tapisrv.dll (Microsoft Corporation)
SRV - (srservice) -- C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
SRV - (TrkWks) -- C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation)
SRV - (Schedule) -- C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
SRV - (SENS) -- C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
SRV - (seclogon) -- C:\WINDOWS\system32\seclogon.dll (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINDOWS\system32\regsvc.dll (Microsoft Corporation)
SRV - (BITS) -- C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)
SRV - (napagent) -- C:\WINDOWS\system32\qagentrt.dll (Microsoft Corporation)
SRV - (RasMan) -- C:\WINDOWS\system32\rasmans.dll (Microsoft Corporation)
SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation)
SRV - (NtmsSvc) -- C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Netman) -- C:\WINDOWS\system32\netman.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (hkmsvc) -- C:\WINDOWS\system32\kmsvc.dll (Microsoft Corporation)
SRV - (LmHosts) -- C:\WINDOWS\system32\lmhsvc.dll (Microsoft Corporation)
SRV - (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) -- C:\WINDOWS\system32\ipnathlp.dll (Microsoft Corporation)
SRV - (HidServ) -- C:\WINDOWS\system32\hidserv.dll (Microsoft Corporation)
SRV - (ERSvc) -- C:\WINDOWS\system32\ersvc.dll (Microsoft Corporation)
SRV - (Dot3svc) -- C:\WINDOWS\system32\dot3svc.dll (Microsoft Corporation)
SRV - (EapHost) -- C:\WINDOWS\system32\eapsvc.dll (Microsoft Corporation)
SRV - (dmserver) -- C:\WINDOWS\system32\dmserver.dll (Microsoft Corp.)
SRV - (Dhcp) -- C:\WINDOWS\system32\dhcpcsvc.dll (Microsoft Corporation)
SRV - (CryptSvc) -- C:\WINDOWS\system32\cryptsvc.dll (Microsoft Corporation)
SRV - (Browser) -- C:\WINDOWS\system32\browser.dll (Microsoft Corporation)
SRV - (AudioSrv) -- C:\WINDOWS\system32\audiosrv.dll (Microsoft Corporation)
SRV - (AppMgmt) -- C:\WINDOWS\system32\appmgmts.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)
SRV - (SONICWALL_NetExtender) -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe (SonicWALL Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (SYBSQL_LOCALHOST) -- C:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe ()
SRV - (SYBXPS_LOCALHOST_XP) -- C:\tools\sybase15\ASE-15_0\bin\xpserver.exe ()
SRV - (SYBBCK_LOCALHOST_BS) -- C:\tools\sybase15\ASE-15_0\bin\bcksrvr.exe ()
SRV - (OracleServiceCALYPSO) -- c:\tools\oracle\11gr1\bin\ORACLE.EXE (Oracle Corporation)
SRV - (OracleJobSchedulerCALYPSO) -- c:\tools\oracle\11gr1\Bin\extjob.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (OracleDBConsoleCALYPSO) -- c:\tools\oracle\11gR1\BIN\nmesrvc.exe (Oracle Corporation)
SRV - (OracleOraDb11g_home1TNSListener) -- c:\tools\oracle\11gR1\BIN\TNSLSNR.exe ()
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (SybaseUAService) -- C:\tools\sybase15\UAF-2_0\utility\ntautostart\release\uaservice.exe ()
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WmdmPmSN) -- C:\WINDOWS\system32\MsPMSNSv.dll (Microsoft Corporation)
SRV - (RSVP) -- C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation)


========== Driver Services (All) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- File not found
DRV - (Simbad) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MpKslfc5b8e7f) -- File not found
DRV - (MpKsled9f6874) -- File not found
DRV - (MpKsle4d04fe3) -- File not found
DRV - (MpKslcec671d8) -- File not found
DRV - (MpKslc6480f16) -- File not found
DRV - (MpKsla40ea13b) -- File not found
DRV - (MpKsla16a762f) -- File not found
DRV - (MpKsl90d22b96) -- File not found
DRV - (MpKsl6f1b5e12) -- File not found
DRV - (MpKsl5c34ef82) -- File not found
DRV - (MpKsl56caaf10) -- File not found
DRV - (MpKsl54d2a6a9) -- File not found
DRV - (MpKsl413ab434) -- File not found
DRV - (MpKsl3c41bb6f) -- File not found
DRV - (MpKsl2c588f17) -- File not found
DRV - (MpKsl2b143e5b) -- File not found
DRV - (MpKsl1859233d) -- File not found
DRV - (MpKsl0eb09268) -- File not found
DRV - (MpKsl0991b8e2) -- File not found
DRV - (MpKsl07422538) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i8042prt) -- File not found
DRV - (Changer) -- File not found
DRV - (Cdrom) -- File not found
DRV - (catchme) -- File not found
DRV - (Atdisk) -- File not found
DRV - (Abiosdsk) -- File not found
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys (Microsoft Corporation)
DRV - (NdisTapi) -- C:\WINDOWS\system32\drivers\ndistapi.sys (Microsoft Corporation)
DRV - (RDPWD) -- C:\WINDOWS\System32\drivers\rdpwd.sys (Microsoft Corporation)
DRV - (Mup) -- C:\WINDOWS\System32\drivers\mup.sys (Microsoft Corporation)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (Srv) -- C:\WINDOWS\system32\drivers\srv.sys (Microsoft Corporation)
DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sys (Microsoft Corporation)
DRV - (NDProxy) -- C:\WINDOWS\System32\drivers\ndproxy.sys (Microsoft Corporation)
DRV - (HTTP) -- C:\WINDOWS\system32\drivers\http.sys (Microsoft Corporation)
DRV - (KSecDD) -- C:\WINDOWS\System32\drivers\ksecdd.sys (Microsoft Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip) -- C:\WINDOWS\system32\drivers\tcpip.sys (Microsoft Corporation)
DRV - (TDTCP) -- C:\WINDOWS\System32\drivers\tdtcp.sys (Microsoft Corporation)
DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys (Microsoft Corporation)
DRV - (TDPIPE) -- C:\WINDOWS\System32\drivers\tdpipe.sys (Microsoft Corporation)
DRV - (Rdbss) -- C:\WINDOWS\system32\drivers\rdbss.sys (Microsoft Corporation)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys (Microsoft Corporation)
DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys (Microsoft Corporation)
DRV - (NDIS) -- C:\WINDOWS\System32\drivers\ndis.sys (Microsoft Corporation)
DRV - (PptpMiniport) WAN Miniport (PPTP) -- C:\WINDOWS\system32\drivers\raspptp.sys (Microsoft Corporation)
DRV - (Rasl2tp) WAN Miniport (L2TP) -- C:\WINDOWS\system32\drivers\rasl2tp.sys (Microsoft Corporation)
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys (Microsoft Corporation)
DRV - (wdmaud) -- C:\WINDOWS\system32\drivers\wdmaud.sys (Microsoft Corporation)
DRV - (sysaudio) -- C:\WINDOWS\system32\drivers\sysaudio.sys (Microsoft Corporation)
DRV - (Ntfs) -- C:\WINDOWS\System32\drivers\ntfs.sys (Microsoft Corporation)
DRV - (Serial) -- C:\WINDOWS\system32\drivers\serial.sys (Microsoft Corporation)
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (Cdfs) -- C:\WINDOWS\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (Modem) -- C:\WINDOWS\System32\drivers\modem.sys (Microsoft Corporation)
DRV - (RasPppoe) -- C:\WINDOWS\system32\drivers\raspppoe.sys (Microsoft Corporation)
DRV - (AsyncMac) -- C:\WINDOWS\system32\drivers\asyncmac.sys (Microsoft Corporation)
DRV - (Wanarp) -- C:\WINDOWS\system32\drivers\wanarp.sys (Microsoft Corporation)
DRV - (IpNat) -- C:\WINDOWS\system32\drivers\ipnat.sys (Microsoft Corporation)
DRV - (IpInIp) -- C:\WINDOWS\system32\drivers\ipinip.sys (Microsoft Corporation)
DRV - (PSched) -- C:\WINDOWS\system32\drivers\psched.sys (Microsoft Corporation)
DRV - (Gpc) -- C:\WINDOWS\system32\drivers\msgpc.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\WINDOWS\system32\drivers\netbios.sys (Microsoft Corporation)
DRV - (Ndisuio) -- C:\WINDOWS\system32\drivers\ndisuio.sys (Microsoft Corporation)
DRV - (IRENUM) -- C:\WINDOWS\system32\drivers\irenum.sys (Microsoft Corporation)
DRV - (Ip6Fw) -- C:\WINDOWS\system32\drivers\ip6fw.sys (Microsoft Corporation)
DRV - (NIC1394) -- C:\WINDOWS\system32\drivers\nic1394.sys (Microsoft Corporation)
DRV - (Arp1394) -- C:\WINDOWS\system32\drivers\arp1394.sys (Microsoft Corporation)
DRV - (Atmarpc) -- C:\WINDOWS\system32\drivers\atmarpc.sys (Microsoft Corporation)
DRV - (ohci1394) -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys (Microsoft Corporation)
DRV - (usbccgp) -- C:\WINDOWS\system32\drivers\usbccgp.sys (Microsoft Corporation)
DRV - (USBSTOR) -- C:\WINDOWS\system32\drivers\usbstor.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\WINDOWS\system32\drivers\usbhub.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\WINDOWS\system32\drivers\usbehci.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\WINDOWS\system32\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (usbscan) -- C:\WINDOWS\system32\drivers\usbscan.sys (Microsoft Corporation)
DRV - (HidUsb) -- C:\WINDOWS\system32\drivers\hidusb.sys (Microsoft Corporation)
DRV - (drmkaud) -- C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (kmixer) -- C:\WINDOWS\system32\drivers\kmixer.sys (Microsoft Corporation)
DRV - (swmidi) -- C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft Corporation)
DRV - (splitter) -- C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Corporation)
DRV - (DMusic) -- C:\WINDOWS\system32\drivers\dmusic.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (VgaSave) -- C:\WINDOWS\System32\drivers\vga.sys (Microsoft Corporation)
DRV - (i2omp) -- C:\WINDOWS\system32\DRIVERS\i2omp.sys (Microsoft Corporation)
DRV - (i2omgmt) -- C:\WINDOWS\System32\drivers\i2omgmt.sys (Microsoft Corporation)
DRV - (VolSnap) -- C:\WINDOWS\System32\drivers\volsnap.sys (Microsoft Corporation)
DRV - (Imapi) -- C:\WINDOWS\system32\drivers\imapi.sys (Microsoft Corporation)
DRV - (PartMgr) -- C:\WINDOWS\System32\drivers\partmgr.sys (Microsoft Corporation)
DRV - (Sfloppy) -- C:\WINDOWS\system32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (Disk) -- C:\WINDOWS\system32\DRIVERS\disk.sys (Microsoft Corporation)
DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaide.sys (Microsoft Corporation)
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys (Microsoft Corporation)
DRV - (IntelIde) -- C:\WINDOWS\system32\DRIVERS\intelide.sys (Microsoft Corporation)
DRV - (redbook) -- C:\WINDOWS\system32\drivers\redbook.sys (Microsoft Corporation)
DRV - (Fdc) -- C:\WINDOWS\system32\drivers\fdc.sys (Microsoft Corporation)
DRV - (Flpydisk) -- C:\WINDOWS\system32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (serenum) -- C:\WINDOWS\system32\drivers\serenum.sys (Microsoft Corporation)
DRV - (Parport) -- C:\WINDOWS\system32\drivers\parport.sys (Microsoft Corporation)
DRV - (swenum) -- C:\WINDOWS\system32\drivers\swenum.sys (Microsoft Corporation)
DRV - (MSKSSRV) -- C:\WINDOWS\system32\drivers\mskssrv.sys (Microsoft Corporation)
DRV - (MSPQM) -- C:\WINDOWS\system32\drivers\mspqm.sys (Microsoft Corporation)
DRV - (MSPCLOCK) -- C:\WINDOWS\system32\drivers\mspclock.sys (Microsoft Corporation)
DRV - (kbdhid) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys (Microsoft Corporation)
DRV - (Mouclass) -- C:\WINDOWS\system32\drivers\mouclass.sys (Microsoft Corporation)
DRV - (Update) -- C:\WINDOWS\system32\drivers\update.sys (Microsoft Corporation)
DRV - (MountMgr) -- C:\WINDOWS\System32\drivers\mountmgr.sys (Microsoft Corporation)
DRV - (sr) -- C:\WINDOWS\system32\DRIVERS\sr.sys (Microsoft Corporation)
DRV - (mssmbios) -- C:\WINDOWS\system32\drivers\mssmbios.sys (Microsoft Corporation)
DRV - (sdbus) -- C:\WINDOWS\system32\drivers\sdbus.sys (Microsoft Corporation)
DRV - (PCI) -- C:\WINDOWS\system32\DRIVERS\pci.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\system32\DRIVERS\pcmcia.sys (Microsoft Corporation)
DRV - (isapnp) -- C:\WINDOWS\system32\DRIVERS\isapnp.sys (Microsoft Corporation)
DRV - (viaagp) -- C:\WINDOWS\system32\DRIVERS\viaagp.sys (Microsoft Corporation)
DRV - (agpCPQ) -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (alim1541) -- C:\WINDOWS\system32\DRIVERS\alim1541.sys (Microsoft Corporation)
DRV - (agp440) -- C:\WINDOWS\system32\DRIVERS\agp440.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\WINDOWS\system32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (CmBatt) -- C:\WINDOWS\system32\drivers\cmbatt.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\WINDOWS\system32\DRIVERS\compbatt.sys (Microsoft Corporation)
DRV - (ACPI) -- C:\WINDOWS\system32\DRIVERS\ACPI.sys (Microsoft Corporation)
DRV - (Fips) -- C:\WINDOWS\System32\drivers\fips.sys (Microsoft Corporation)
DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Corporation)
DRV - (rdpdr) -- C:\WINDOWS\system32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys (Microsoft Corporation)
DRV - (Npfs) -- C:\WINDOWS\System32\drivers\npfs.sys (Microsoft Corporation)
DRV - (Msfs) -- C:\WINDOWS\System32\drivers\msfs.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (intelppm) -- C:\WINDOWS\system32\drivers\intelppm.sys (Microsoft Corporation)
DRV - (Processor) -- C:\WINDOWS\system32\drivers\processr.sys (Microsoft Corporation)
DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SSLDrv) -- C:\WINDOWS\system32\drivers\SSLDrv.sys (SonicWALL Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (WpdUsb) -- C:\WINDOWS\system32\drivers\wpdusb.sys (Microsoft Corporation)
DRV - (IpFilterDriver) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys (Microsoft Corporation)
DRV - (NwlnkFwd) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys (Microsoft Corporation)
DRV - (Cdaudio) -- C:\WINDOWS\System32\drivers\cdaudio.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Raspti) -- C:\WINDOWS\system32\drivers\raspti.sys (Microsoft Corporation)
DRV - (NwlnkFlt) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys (Microsoft Corporation)
DRV - (WS2IFSL) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (ACPIEC) -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (Microsoft Corporation)
DRV - (RasAcd) -- C:\WINDOWS\system32\drivers\rasacd.sys (Microsoft Corporation)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINDOWS\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (RDPCDD) -- C:\WINDOWS\system32\drivers\rdpcdd.sys (Microsoft Corporation)
DRV - (mnmdd) -- C:\WINDOWS\System32\drivers\mnmdd.sys (Microsoft Corporation)
DRV - (Beep) -- C:\WINDOWS\System32\drivers\beep.sys (Microsoft Corporation)
DRV - (Null) -- C:\WINDOWS\System32\drivers\null.sys (Microsoft Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (hpn) -- C:\WINDOWS\system32\DRIVERS\hpn.sys (Microsoft Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (perc2hib) -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys (Microsoft Corporation)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (perc2) -- C:\WINDOWS\system32\DRIVERS\perc2.sys (Microsoft Corporation)
DRV - (aic78xx) -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys (Microsoft Corporation)
DRV - (aic78u2) -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys (Microsoft Corporation)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (adpu160m) -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys (Microsoft Corporation)
DRV - (Ftdisk) -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1240) -- C:\WINDOWS\system32\DRIVERS\ql1240.sys (Microsoft Corporation)
DRV - (Ql10wnt) -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys (Microsoft Corporation)
DRV - (dac960nt) -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys (Microsoft Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (ini910u) -- C:\WINDOWS\system32\DRIVERS\ini910u.sys (Microsoft Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (cbidf) -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys (Microsoft Corporation)
DRV - (Cpqarray) -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Microsoft Corporation)
DRV - (cd20xrnt) -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys (Microsoft Corporation)
DRV - (asc3350p) -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys (Microsoft Corporation)
DRV - (amsint) -- C:\WINDOWS\system32\DRIVERS\amsint.sys (Microsoft Corporation)
DRV - (Aha154x) -- C:\WINDOWS\system32\DRIVERS\aha154x.sys (Microsoft Corporation)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (abp480n5) -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS (Microsoft Corporation)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (TosIde) -- C:\WINDOWS\system32\DRIVERS\toside.sys (Microsoft Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (PCIIde) -- C:\WINDOWS\system32\DRIVERS\pciide.sys (Microsoft Corporation)
DRV - (mouhid) -- C:\WINDOWS\system32\drivers\mouhid.sys (Microsoft Corporation)
DRV - (audstub) -- C:\WINDOWS\system32\drivers\audstub.sys (Microsoft Corporation)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8DF
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/02/09 14:25:19 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 02:00:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/08 13:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/09 12:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 22:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 16:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/07 08:24:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/03/15 07:05:05 | 000,000,000 | ---D | M]

[2009/01/11 06:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Extensions
[2009/01/11 06:58:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/12/05 15:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\extensions
[2009/08/13 09:04:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/06 21:10:08 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/12/05 15:51:25 | 000,000,000 | ---D | M] (FreeOnlineRadioPlayerRecorder Community Toolbar) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
[2011/11/07 01:08:41 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\extensions\info@priceblink.com
[2011/11/16 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/16 09:16:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/08 22:08:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RANIT_BANERJEE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6ZMNK594.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2010/07/09 12:54:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/08 22:08:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/19 13:04:36 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/02/19 13:04:36 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2008/08/16 17:42:36 | 000,013,112 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/08/16 17:43:00 | 000,206,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxmui.dll
[2008/08/16 17:42:10 | 000,031,032 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icafile.dll
[2008/08/16 17:42:32 | 000,040,248 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\icalogon.dll
[2009/02/19 13:04:39 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/02/19 13:04:35 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/06/29 11:56:14 | 000,417,792 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol305.dll
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/08/28 16:13:00 | 000,126,192 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\mozilla firefox\plugins\npNELaunch.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/05/08 13:14:18 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2010/05/08 13:14:26 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2010/05/08 13:14:17 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/06/05 13:58:54 | 000,648,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/01/01 00:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 00:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 00:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/11/08 22:08:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010/01/01 00:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 00:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Print2PDF Print Monitor] "C:\Giveaway of the day softwareeeeeeees\Print2PDF.exe" /server File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031..\Run: [Google Update] C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..Trusted Domains: calypso.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..Trusted Domains: postoffice.net ([calypso.sp] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189027808234 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://calypso.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0C9C3D-4590-45E3-8DF1-96B17F01DF30}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\qoMeEurr: DllName - (qoMeEurr.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\...exe [@ = ah] -- "C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\ryc.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 23:00:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ranit_banerjee\Desktop\OTL.exe
[2011/12/12 22:59:48 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ranit_banerjee\Desktop\TDSSKiller.exe
[2011/12/07 16:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\ESET
[2011/12/07 16:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Application Data\ESET
[2011/12/07 08:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/12/07 08:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/12/07 08:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/12/04 13:44:03 | 001,047,208 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\ranit_banerjee\Desktop\mbam.exe
[2011/12/04 13:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/12/04 10:05:59 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\ranit_banerjee\Desktop\firefox.exe
[2011/12/04 09:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/04 09:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/04 09:10:49 | 162,156,576 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\ranit_banerjee\Desktop\kis2012_12.0.0.374a-2488en_us.exe
[2011/12/03 22:47:35 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\ranit_banerjee\Desktop\esetsmartinstaller_enu.exe
[2011/12/03 18:14:37 | 009,791,688 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\ranit_banerjee\Desktop\ashampoo_registry_cleaner_1.00_9607.exe
[2011/11/16 09:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/15 05:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/14 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/14 10:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/14 00:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/14 00:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/14 00:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU
[2011/11/14 00:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Application Data\7C459
[2008/09/17 15:48:44 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\WorkAfterReboot.exe
[2007/08/12 00:11:29 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/08/12 00:11:29 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/13 22:40:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-257438896-4239395036-1050642295-1031UA.job
[2011/12/13 22:38:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/12/13 19:49:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/13 08:13:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/13 08:13:30 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-257438896-4239395036-1050642295-1031.job
[2011/12/13 08:09:39 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_13_8_9_39.dmp
[2011/12/13 08:08:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 23:01:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ranit_banerjee\Desktop\OTL.exe
[2011/12/12 22:59:23 | 001,557,928 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\tdsskiller.zip
[2011/12/12 22:47:18 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_12_22_47_18.dmp
[2011/12/12 17:30:22 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 15:17:39 | 000,041,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/12 11:02:49 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_12_11_2_48.dmp
[2011/12/11 20:26:32 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_11_20_26_31.dmp
[2011/12/11 10:51:45 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_11_10_51_39.dmp
[2011/12/10 22:08:37 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_22_8_34.dmp
[2011/12/10 21:12:13 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_21_12_11.dmp
[2011/12/10 21:08:58 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_21_8_57.dmp
[2011/12/10 12:41:02 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_12_41_1.dmp
[2011/12/10 12:35:14 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_12_35_10.dmp
[2011/12/10 10:00:07 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_10_0_6.dmp
[2011/12/10 09:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 08:40:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-257438896-4239395036-1050642295-1031Core.job
[2011/12/09 08:07:52 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_9_8_7_48.dmp
[2011/12/08 20:18:58 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_8_20_18_57.dmp
[2011/12/08 12:58:12 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\I3154qQ.dat
[2011/12/07 23:53:19 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_7_23_53_13.dmp
[2011/12/07 22:48:40 | 000,013,306 | -HS- | M] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\4a75a0cgp0jo3241v
[2011/12/07 22:48:40 | 000,013,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4a75a0cgp0jo3241v
[2011/12/07 17:12:28 | 000,001,205 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\FixNCR.reg
[2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ranit_banerjee\Desktop\TDSSKiller.exe
[2011/12/06 22:11:37 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_6_22_11_34.dmp
[2011/12/06 13:20:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_6_13_20_23.dmp
[2011/12/05 20:37:54 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_5_20_37_50.dmp
[2011/12/05 08:12:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_5_8_12_44.dmp
[2011/12/04 19:19:40 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/04 13:44:01 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\ranit_banerjee\Desktop\mbam.exe
[2011/12/04 12:31:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-257438896-4239395036-1050642295-1031.job
[2011/12/04 10:05:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\ranit_banerjee\Desktop\firefox.exe
[2011/12/04 09:53:03 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_4_9_53_0.dmp
[2011/12/04 09:35:03 | 000,015,494 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o7pu54g8jp6mmu
[2011/12/04 09:35:02 | 000,015,494 | -HS- | M] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\o7pu54g8jp6mmu
[2011/12/04 09:12:09 | 162,156,576 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\ranit_banerjee\Desktop\kis2012_12.0.0.374a-2488en_us.exe
[2011/12/04 09:08:23 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\HiJackThis.lnk
[2011/12/03 22:47:42 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\ranit_banerjee\Desktop\esetsmartinstaller_enu.exe
[2011/12/03 22:31:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_3_22_31_0.dmp
[2011/12/03 18:15:16 | 009,791,688 | ---- | M] (Ashampoo GmbH & Co. KG ) -- C:\Documents and Settings\ranit_banerjee\Desktop\ashampoo_registry_cleaner_1.00_9607.exe
[2011/12/02 22:13:43 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_2_22_13_43.dmp
[2011/12/01 09:09:57 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_1_9_9_53.dmp
[2011/12/01 00:02:10 | 138,005,868 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Csmp-2011_08_downmagaz.com.pdf
[2011/11/30 23:53:09 | 098,297,171 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Cosmopolitan Magazine Sexy Kim Kardashian - May 2011 (UK).pdf
[2011/11/30 08:40:27 | 001,032,291 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\11.20Norelco$5-$30.pdf
[2011/11/29 19:33:37 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_29_19_33_35.dmp
[2011/11/28 19:29:56 | 001,686,084 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Jun 2011.pdf
[2011/11/28 19:29:48 | 000,106,414 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Jul 2011.pdf
[2011/11/28 19:29:34 | 000,613,234 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Aug 2011.pdf
[2011/11/28 19:29:27 | 001,629,781 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Sep 2011.pdf
[2011/11/28 19:29:18 | 000,662,936 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Oct 2011.pdf
[2011/11/28 19:24:23 | 001,369,026 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Nov 2011.pdf
[2011/11/28 08:09:03 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_28_8_9_3.dmp
[2011/11/27 13:29:30 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_13_29_30.dmp
[2011/11/27 12:23:18 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_12_23_18.dmp
[2011/11/27 04:03:50 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/27 04:03:50 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/27 02:30:14 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_2_30_14.dmp
[2011/11/25 11:52:45 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_25_11_52_45.dmp
[2011/11/24 23:35:44 | 000,014,442 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_24_23_35_43.dmp
[2011/11/24 22:52:32 | 001,273,469 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\26-Clearing-and-Settlement-of-Derivatives.pdf
[2011/11/21 16:12:07 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Software602 Print2PDF.lnk
[2011/11/21 15:26:31 | 000,168,737 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\BondDuration.pdf
[2011/11/21 15:22:24 | 000,045,874 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Bond Duration Calculator Method.PDF
[2011/11/20 18:07:22 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_20_18_7_22.dmp
[2011/11/20 15:05:52 | 000,007,394 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Message.html
[2011/11/18 13:11:18 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_18_13_11_18.dmp
[2011/11/18 10:02:07 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_18_10_2_6.dmp
[2011/11/16 20:25:29 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_16_20_25_28.dmp
[2011/11/15 14:29:56 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/11/15 12:24:51 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_12_24_51.dmp
[2011/11/15 11:58:09 | 000,488,920 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\hedgefunds_012005.pdf
[2011/11/15 11:39:30 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_11_39_27.dmp
[2011/11/15 08:54:51 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_8_54_48.dmp
[2011/11/15 08:15:54 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_8_15_53.dmp
[2011/11/14 23:21:30 | 000,159,408 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Parkside Nov 14 Night rent.jpg
[2011/11/14 21:55:56 | 002,174,779 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\ACTEX_MRB.pdf
[2011/11/14 16:18:21 | 000,001,904 | -H-- | M] () -- C:\Documents and Settings\ranit_banerjee\My Documents\Default.rdp
[2011/11/14 12:14:07 | 000,100,702 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/14 12:14:07 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/14 11:45:35 | 000,177,070 | ---- | M] () -- C:\Documents and Settings\ranit_banerjee\Desktop\k_goldETFLeaflet.pdf
[2011/11/14 07:59:35 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_14_7_59_35.dmp
[2011/11/14 07:16:51 | 000,014,230 | ---- | M] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_14_7_16_50.dmp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kalujafa
[2011/12/13 08:09:39 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_13_8_9_39.dmp
[2011/12/12 22:59:09 | 001,557,928 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\tdsskiller.zip
[2011/12/12 22:47:18 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_12_22_47_18.dmp
[2011/12/12 15:17:39 | 000,041,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/12/12 11:02:48 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_12_11_2_48.dmp
[2011/12/11 20:26:31 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_11_20_26_31.dmp
[2011/12/11 10:51:45 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_11_10_51_39.dmp
[2011/12/10 22:08:36 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_22_8_34.dmp
[2011/12/10 21:12:12 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_21_12_11.dmp
[2011/12/10 21:08:58 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_21_8_57.dmp
[2011/12/10 12:41:02 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_12_41_1.dmp
[2011/12/10 12:35:13 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_12_35_10.dmp
[2011/12/10 10:00:07 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_10_10_0_6.dmp
[2011/12/09 18:29:52 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/09 08:07:52 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_9_8_7_48.dmp
[2011/12/08 20:18:57 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_8_20_18_57.dmp
[2011/12/07 23:53:17 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_7_23_53_13.dmp
[2011/12/07 17:12:20 | 000,001,205 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\FixNCR.reg
[2011/12/07 10:06:44 | 000,013,306 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\4a75a0cgp0jo3241v
[2011/12/07 10:06:44 | 000,013,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4a75a0cgp0jo3241v
[2011/12/06 22:11:37 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_6_22_11_34.dmp
[2011/12/06 13:20:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_6_13_20_23.dmp
[2011/12/05 20:37:53 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_5_20_37_50.dmp
[2011/12/05 08:12:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_5_8_12_44.dmp
[2011/12/04 19:19:40 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/04 09:53:03 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_4_9_53_0.dmp
[2011/12/03 22:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_3_22_31_0.dmp
[2011/12/03 22:10:41 | 000,015,494 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\o7pu54g8jp6mmu
[2011/12/03 22:10:41 | 000,015,494 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o7pu54g8jp6mmu
[2011/12/02 22:13:43 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_2_22_13_43.dmp
[2011/12/01 09:09:57 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_12_1_9_9_53.dmp
[2011/11/30 23:50:53 | 138,005,868 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Csmp-2011_08_downmagaz.com.pdf
[2011/11/30 23:47:51 | 098,297,171 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Cosmopolitan Magazine Sexy Kim Kardashian - May 2011 (UK).pdf
[2011/11/30 08:40:21 | 001,032,291 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\11.20Norelco$5-$30.pdf
[2011/11/29 19:33:36 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_29_19_33_35.dmp
[2011/11/28 19:29:56 | 001,686,084 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Jun 2011.pdf
[2011/11/28 19:29:47 | 000,106,414 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Jul 2011.pdf
[2011/11/28 19:29:33 | 000,613,234 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Aug 2011.pdf
[2011/11/28 19:29:26 | 001,629,781 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Sep 2011.pdf
[2011/11/28 19:29:18 | 000,662,936 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Oct 2011.pdf
[2011/11/28 19:24:13 | 001,369,026 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Statement_Nov 2011.pdf
[2011/11/28 08:09:03 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_28_8_9_3.dmp
[2011/11/27 13:29:30 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_13_29_30.dmp
[2011/11/27 12:23:18 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_12_23_18.dmp
[2011/11/27 02:30:14 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_27_2_30_14.dmp
[2011/11/25 11:52:45 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_25_11_52_45.dmp
[2011/11/24 23:35:44 | 000,014,442 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_24_23_35_43.dmp
[2011/11/24 22:52:22 | 001,273,469 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\26-Clearing-and-Settlement-of-Derivatives.pdf
[2011/11/21 15:26:31 | 000,168,737 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\BondDuration.pdf
[2011/11/21 15:22:23 | 000,045,874 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Bond Duration Calculator Method.PDF
[2011/11/20 18:07:22 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_20_18_7_22.dmp
[2011/11/20 15:05:50 | 000,007,394 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Message.html
[2011/11/18 13:11:18 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_18_13_11_18.dmp
[2011/11/18 10:02:06 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_18_10_2_6.dmp
[2011/11/16 20:25:29 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_16_20_25_28.dmp
[2011/11/15 12:24:51 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_12_24_51.dmp
[2011/11/15 11:58:09 | 000,488,920 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\hedgefunds_012005.pdf
[2011/11/15 11:39:30 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_11_39_27.dmp
[2011/11/15 10:01:21 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\I3154qQ.dat
[2011/11/15 08:54:50 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_8_54_48.dmp
[2011/11/15 08:15:53 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_15_8_15_53.dmp
[2011/11/14 23:21:28 | 000,159,408 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\Parkside Nov 14 Night rent.jpg
[2011/11/14 21:55:44 | 002,174,779 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\ACTEX_MRB.pdf
[2011/11/14 12:14:07 | 000,100,702 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/14 12:14:07 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/14 11:45:34 | 000,177,070 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Desktop\k_goldETFLeaflet.pdf
[2011/11/14 07:59:35 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_14_7_59_35.dmp
[2011/11/14 07:33:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/14 07:16:51 | 000,014,230 | ---- | C] () -- C:\WINDOWS\System32\nmesrvc_core_2011_11_14_7_16_50.dmp
[2011/09/12 10:08:06 | 000,056,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/08/30 22:51:53 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin
[2011/07/27 07:06:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 07:06:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 07:06:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 07:06:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 07:06:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/15 02:10:12 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\yil3t84f668y2jc
[2011/05/15 02:10:12 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yil3t84f668y2jc
[2011/05/15 00:27:12 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 00:27:12 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/01/10 17:53:07 | 000,711,168 | ---- | C] () -- C:\WINDOWS\is-F750S.exe
[2010/05/08 13:15:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/01 18:46:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/24 16:53:14 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\PUTTY.RND
[2009/06/11 17:19:49 | 000,000,585 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to javaws.exe.lnk
[2009/02/08 20:08:21 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Lidbeep.ini
[2008/12/19 19:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syconfig.INI
[2008/10/30 13:31:11 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2008/10/30 13:31:11 | 000,007,073 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Application Data\DellFaxOptions.xml
[2008/10/30 13:31:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DellFaxPort.dll
[2008/10/30 13:30:53 | 000,073,728 | ---- | C] () -- C:\WINDOWS\wiainst.exe
[2008/10/30 13:30:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2008/10/30 13:30:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2008/10/30 13:30:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\DELG1CI.exe
[2008/10/30 13:30:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DELG1CI.dll
[2008/10/30 13:29:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DPSetup.Exe
[2008/10/30 13:29:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\DP1815ci.exe
[2008/10/30 13:29:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DP1815ci.dll
[2008/10/30 13:29:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\DPSetup.dll
[2008/10/30 12:43:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2008/10/30 12:43:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2008/10/30 12:43:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2008/10/30 12:43:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2008/10/27 14:33:26 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 17:13:22 | 000,540,240 | ---- | C] () -- C:\WINDOWS\NESetupM.exe
[2008/02/06 13:24:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/02/05 12:10:12 | 000,001,882 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/01/30 15:05:30 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2007/09/05 14:36:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsedit.INI
[2007/09/05 14:15:35 | 000,005,125 | ---- | C] () -- C:\WINDOWS\W32RegistryState.dat
[2007/09/05 14:04:37 | 000,000,873 | ---- | C] () -- C:\WINDOWS\DKAAJ2DD.ini
[2007/09/05 13:46:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/12 00:53:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/12 00:32:17 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/08/12 00:31:05 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2007/08/12 00:25:49 | 000,000,378 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/12 00:24:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/08/12 00:24:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/08/12 00:24:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/08/12 00:24:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/08/12 00:24:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/08/12 00:24:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/08/12 00:16:54 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/12 00:16:54 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/08/12 00:16:54 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/12 00:16:52 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/12 00:16:52 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/08/12 00:16:52 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/08/12 00:16:52 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/08/12 00:16:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/08/12 00:16:48 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/08/12 00:12:15 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2007/08/12 00:12:15 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/08/12 00:11:29 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/08/12 00:11:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/08/12 00:02:33 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/08/11 23:53:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/02/27 16:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 16:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/16 07:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/29 23:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/29 23:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/29 23:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/29 23:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/29 22:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/29 22:55:55 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/29 22:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/29 22:55:55 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/29 22:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/29 22:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/29 22:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/29 22:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/29 22:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/29 22:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/29 22:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/29 22:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 16:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 16:03:29 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/11 23:57:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\d1815ci.dll
[2005/12/11 23:57:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VdSetup.dll
[2005/12/11 23:57:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\VdSetup.Exe
[2005/12/11 23:56:44 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\d1815ci.exe
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2007/08/12 00:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2011/12/07 08:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/08/12 00:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2011/02/08 01:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2008/05/21 12:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reuters
[2011/03/03 02:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2009/01/15 13:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/05/16 12:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/12 00:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2008/10/27 14:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007/08/12 00:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2011/08/27 01:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AskToolbar
[2011/02/14 06:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Citrix
[2007/08/12 00:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Lenovo
[2011/12/07 08:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranitbkup\Application Data\ESET
[2007/08/12 00:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranitbkup\Application Data\Lenovo
[2011/11/07 22:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\602Installer
[2011/11/14 12:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\7C459
[2011/08/05 11:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Asterisk Password Decryptor
[2010/12/23 19:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Citrix
[2011/07/22 11:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Cool Record Edit Pro
[2011/12/07 16:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\ESET
[2011/11/14 00:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU
[2010/12/28 10:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\ICAClient
[2008/10/27 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\InterVideo
[2011/09/04 12:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\KRyLack Archive Password Recovery
[2011/03/25 02:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Leadertech
[2007/08/12 00:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Lenovo
[2011/03/23 09:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\mjusbsp
[2009/06/24 15:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\Notepad++
[2011/04/21 13:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\webex
[2011/01/20 22:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\YCanPDF
[2011/12/13 22:38:00 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/12/13 19:49:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/02/08 20:08:55 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#10 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 14 December 2011 - 08:33 PM

Extras.txt-

OTL Extras logfile created on: 12/13/2011 10:31:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ranit_banerjee\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.37% Memory free
5.84 Gb Paging File | 4.41 Gb Available in Paging File | 75.53% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.45 Gb Total Space | 6.32 Gb Free Space | 7.32% Space Free | Partition Type: NTFS

Computer Name: RANITBANERJEE | User Name: ranit_banerjee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Classes\<extension>]
.exe [@ = ah] -- "C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\ryc.exe" -a "%1" %*
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\tools\eclipse\eclipse.exe" = C:\tools\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\tools\jdk1.5.0_02\bin\javaw.exe" = C:\tools\jdk1.5.0_02\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0_21\bin\javaw.exe" = C:\Program Files\Java\jdk1.6.0_21\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\ranit_banerjee\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\ranit_banerjee\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11A80E40-621F-489C-A626-58886B60FEAC}" = Uninstall Dell PC Fax
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30482AC3-4FC6-4E35-95F2-0BB415960631}" = Bing Bar
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java™ SE Development Kit 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7AB6C326-A486-4CBE-A799-7A55CEEEFF2C}" = Asterisk Password Decryptor
"{7B6DBA08-0DB3-4159-8944-F85FE79D4979}" = KRyLack Archive Password Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E3F4E4-CEA1-452B-9180-A40813CD111C}" = ESET Smart Security
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = WinCvs 1.3
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF06A6A8-6B81-4A09-8223-789953972FFF}" = SonicWALL SSL-VPN NetExtender
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"760a7acbfe42b627be6f7f090f15c1cf" = Sybase Adaptive Server Enterprise Suite
"7-Zip" = 7-Zip 4.57
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Cool Record Edit Pro_is1" = Cool Record Edit Pro v7.9.3
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Laser MFP 1815" = Dell Laser MFP 1815 Software Uninstall
"Dell Printer Software Uninstall" = Dell Printer Software Uninstall
"Driver Magician_is1" = Driver Magician 3.61
"ESET Online Scanner" = ESET Online Scanner v3
"FreeOnlineRadioPlayerRecorder Toolbar" = FreeOnlineRadioPlayerRecorder Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDFZilla_is1" = PDFZilla V1.2.9
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Python 2.3.3" = Python 2.3.3
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Tcl/Tk 8.3.2 for Windows" = Tcl/Tk 8.3.2 for Windows
"Unlocker" = Unlocker 1.9.1
"Veoh Web Player Beta" = Veoh Web Player Beta
"Visokio Omniscope" = Visokio Omniscope
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-257438896-4239395036-1050642295-1031\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Calypso Main Entry Application" = Calypso Main Entry Application
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 4:32:06 AM | Computer Name = RANITBANERJEE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2011 4:33:38 AM | Computer Name = RANITBANERJEE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2011 12:09:39 PM | Computer Name = RANITBANERJEE | Source = OracleDBConsoleCALYPSO | ID = 131076
Description = Process exited abnormally during initialization.

Error - 12/13/2011 12:19:01 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/13/2011 2:42:09 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/13/2011 3:37:37 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/13/2011 4:14:23 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/13/2011 4:26:13 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/13/2011 11:49:16 PM | Computer Name = RANITBANERJEE | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 12/14/2011 12:07:49 AM | Computer Name = RANITBANERJEE | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 11/1/2011 11:18:37 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41516
seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/2/2011 2:09:53 AM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10219
seconds with 780 seconds of active time. This session ended with a crash.

Error - 11/5/2011 1:40:13 AM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 46531
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 11/11/2011 11:34:14 AM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 143537
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 11/13/2011 5:54:20 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 192421
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 11/19/2011 11:51:32 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 107345
seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/22/2011 2:03:52 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/28/2011 7:07:25 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25020
seconds with 2340 seconds of active time. This session ended with a crash.

Error - 12/1/2011 6:53:40 AM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60834
seconds with 3480 seconds of active time. This session ended with a crash.

Error - 12/1/2011 9:51:36 PM | Computer Name = RANITBANERJEE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28225
seconds with 1560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/13/2011 12:10:17 PM | Computer Name = RANITBANERJEE | Source = Service Control Manager | ID = 7024
Description = The OracleDBConsoleCALYPSO service terminated with service-specific
error 2 (0x2).

Error - 12/13/2011 12:10:17 PM | Computer Name = RANITBANERJEE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom i8042prt Imapi

Error - 12/13/2011 12:19:00 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/13/2011 2:42:09 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/13/2011 2:55:14 PM | Computer Name = RANITBANERJEE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 002186589B45 has been denied by the DHCP server 10.1.0.233 (The DHCP Server
sent a DHCPNACK message).

Error - 12/13/2011 3:37:37 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/13/2011 4:14:23 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/13/2011 4:26:13 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 12/13/2011 11:39:15 PM | Computer Name = RANITBANERJEE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.2.115 for the Network Card with network
address 002186589B45 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/13/2011 11:49:16 PM | Computer Name = RANITBANERJEE | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.787.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:51 AM

Posted 15 December 2011 - 07:22 PM

Let's see if we can remove some of this which will help loosen the malware's grip

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - (necusb) -- File not found
DRV - (WDICA) -- File not found
DRV - (UIUSys) -- File not found
DRV - (Simbad) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MpKslfc5b8e7f) -- File not found
DRV - (MpKsled9f6874) -- File not found
DRV - (MpKsle4d04fe3) -- File not found
DRV - (MpKslcec671d8) -- File not found
DRV - (MpKslc6480f16) -- File not found
DRV - (MpKsla40ea13b) -- File not found
DRV - (MpKsla16a762f) -- File not found
DRV - (MpKsl90d22b96) -- File not found
DRV - (MpKsl6f1b5e12) -- File not found
DRV - (MpKsl5c34ef82) -- File not found
DRV - (MpKsl56caaf10) -- File not found
DRV - (MpKsl54d2a6a9) -- File not found
DRV - (MpKsl413ab434) -- File not found
DRV - (MpKsl3c41bb6f) -- File not found
DRV - (MpKsl2c588f17) -- File not found
DRV - (MpKsl2b143e5b) -- File not found
DRV - (MpKsl1859233d) -- File not found
DRV - (MpKsl0eb09268) -- File not found
DRV - (MpKsl0991b8e2) -- File not found
DRV - (MpKsl07422538) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i8042prt) -- File not found
DRV - (Changer) -- File not found
DRV - (Cdrom) -- File not found
DRV - (catchme) -- File not found
DRV - (Atdisk) -- File not found
DRV - (Abiosdsk) -- File not found
IE - HKU\S-1-5-21-257438896-4239395036-1050642295-1031\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
O20 - Winlogon\Notify\qoMeEurr: DllName - (qoMeEurr.dll) - File not found
[2011/11/14 00:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU
[2011/11/14 00:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ranit_banerjee\Application Data\7C459
[2011/12/08 12:58:12 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\I3154qQ.dat
[2011/12/07 22:48:40 | 000,013,306 | -HS- | M] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\4a75a0cgp0jo3241v
[2011/12/07 22:48:40 | 000,013,306 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4a75a0cgp0jo3241v
[2011/12/04 09:35:03 | 000,015,494 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\o7pu54g8jp6mmu
[2011/12/04 09:35:02 | 000,015,494 | -HS- | M] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\o7pu54g8jp6mmu
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\kalujafa
[2011/05/15 02:10:12 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\yil3t84f668y2jc
[2011/05/15 02:10:12 | 000,015,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yil3t84f668y2jc
[2011/05/15 00:27:12 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/05/15 00:27:12 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e
[2011/11/14 00:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Following that please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 16 December 2011 - 04:06 PM

OTL scan log- combofix is up next

OTL fix did not ask for reboot

========== OTL ==========
Service necusb stopped successfully!
Service necusb deleted successfully!
File File not found not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File File not found not found.
Service Simbad stopped successfully!
Service Simbad deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service MpKslfc5b8e7f stopped successfully!
Service MpKslfc5b8e7f deleted successfully!
File File not found not found.
Service MpKsled9f6874 stopped successfully!
Service MpKsled9f6874 deleted successfully!
File File not found not found.
Service MpKsle4d04fe3 stopped successfully!
Service MpKsle4d04fe3 deleted successfully!
File File not found not found.
Service MpKslcec671d8 stopped successfully!
Service MpKslcec671d8 deleted successfully!
File File not found not found.
Service MpKslc6480f16 stopped successfully!
Service MpKslc6480f16 deleted successfully!
File File not found not found.
Service MpKsla40ea13b stopped successfully!
Service MpKsla40ea13b deleted successfully!
File File not found not found.
Service MpKsla16a762f stopped successfully!
Service MpKsla16a762f deleted successfully!
File File not found not found.
Service MpKsl90d22b96 stopped successfully!
Service MpKsl90d22b96 deleted successfully!
File File not found not found.
Service MpKsl6f1b5e12 stopped successfully!
Service MpKsl6f1b5e12 deleted successfully!
File File not found not found.
Service MpKsl5c34ef82 stopped successfully!
Service MpKsl5c34ef82 deleted successfully!
File File not found not found.
Service MpKsl56caaf10 stopped successfully!
Service MpKsl56caaf10 deleted successfully!
File File not found not found.
Service MpKsl54d2a6a9 stopped successfully!
Service MpKsl54d2a6a9 deleted successfully!
File File not found not found.
Service MpKsl413ab434 stopped successfully!
Service MpKsl413ab434 deleted successfully!
File File not found not found.
Service MpKsl3c41bb6f stopped successfully!
Service MpKsl3c41bb6f deleted successfully!
File File not found not found.
Service MpKsl2c588f17 stopped successfully!
Service MpKsl2c588f17 deleted successfully!
File File not found not found.
Service MpKsl2b143e5b stopped successfully!
Service MpKsl2b143e5b deleted successfully!
File File not found not found.
Service MpKsl1859233d stopped successfully!
Service MpKsl1859233d deleted successfully!
File File not found not found.
Service MpKsl0eb09268 stopped successfully!
Service MpKsl0eb09268 deleted successfully!
File File not found not found.
Service MpKsl0991b8e2 stopped successfully!
Service MpKsl0991b8e2 deleted successfully!
File File not found not found.
Service MpKsl07422538 stopped successfully!
Service MpKsl07422538 deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i8042prt stopped successfully!
Service i8042prt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service Cdrom stopped successfully!
Service Cdrom deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File File not found not found.
Service Atdisk stopped successfully!
Service Atdisk deleted successfully!
File File not found not found.
Service Abiosdsk stopped successfully!
Service Abiosdsk deleted successfully!
File File not found not found.
Registry value HKEY_USERS\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeEurr\ deleted successfully.
C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU folder moved successfully.
C:\Documents and Settings\ranit_banerjee\Application Data\7C459 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\I3154qQ.dat moved successfully.
C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\4a75a0cgp0jo3241v moved successfully.
C:\Documents and Settings\All Users\Application Data\4a75a0cgp0jo3241v moved successfully.
C:\Documents and Settings\All Users\Application Data\o7pu54g8jp6mmu moved successfully.
C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\o7pu54g8jp6mmu moved successfully.
C:\WINDOWS\system32\kalujafa moved successfully.
C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\yil3t84f668y2jc moved successfully.
C:\Documents and Settings\All Users\Application Data\yil3t84f668y2jc moved successfully.
C:\Documents and Settings\ranit_banerjee\Local Settings\Application Data\t8ep373pu27424b48188bn415sj2fd77e moved successfully.
C:\Documents and Settings\All Users\Application Data\t8ep373pu27424b48188bn415sj2fd77e moved successfully.
Folder C:\Documents and Settings\ranit_banerjee\Application Data\FddWWK8fRZ9hXwU\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 12162011_103011

#13 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 17 December 2011 - 02:55 PM

Combofix log-

ComboFix 11-12-16.03 - ranit_banerjee 12/16/2011 13:21:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2247 [GMT -8:00]
Running from: c:\documents and settings\ranit_banerjee\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB6185$
c:\windows\$NtUninstallKB6185$\4262782525\@
c:\windows\$NtUninstallKB6185$\4262782525\bckfg.tmp
c:\windows\$NtUninstallKB6185$\4262782525\cfg.ini
c:\windows\$NtUninstallKB6185$\4262782525\Desktop.ini
c:\windows\$NtUninstallKB6185$\4262782525\keywords
c:\windows\$NtUninstallKB6185$\4262782525\kwrd.dll
c:\windows\$NtUninstallKB6185$\4262782525\L\hvmonmrs
c:\windows\$NtUninstallKB6185$\4262782525\lsflt7.ver
c:\windows\$NtUninstallKB6185$\4262782525\U\00000001.@
c:\windows\$NtUninstallKB6185$\4262782525\U\00000002.@
c:\windows\$NtUninstallKB6185$\4262782525\U\00000004.@
c:\windows\$NtUninstallKB6185$\4262782525\U\80000000.@
c:\windows\$NtUninstallKB6185$\4262782525\U\80000004.@
c:\windows\$NtUninstallKB6185$\4262782525\U\80000032.@
c:\windows\$NtUninstallKB6185$\43256779
c:\windows\CSC\d6
c:\windows\EventSystem.log
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 21:42 . 2011-12-16 21:42 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCD6597-3AC0-49CC-AB98-91D50A1E25A4}\offreg.dll
2011-12-16 21:20 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-16 21:20 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-16 21:20 . 2008-04-13 20:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 21:20 . 2008-04-13 20:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-12-16 18:30 . 2011-12-16 18:30 -------- d-----w- C:\_OTL
2011-12-12 23:17 . 2011-12-12 23:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-10 17:35 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFCD6597-3AC0-49CC-AB98-91D50A1E25A4}\mpengine.dll
2011-12-08 00:08 . 2011-12-08 00:08 -------- d-----w- c:\documents and settings\ranit_banerjee\Local Settings\Application Data\ESET
2011-12-08 00:08 . 2011-12-08 00:08 -------- d-----w- c:\documents and settings\ranit_banerjee\Application Data\ESET
2011-12-07 16:25 . 2011-12-07 16:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-12-07 16:24 . 2011-12-07 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-12-04 21:43 . 2011-12-04 21:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-12-04 21:24 . 2011-12-04 21:26 -------- d-----w- c:\documents and settings\ranitbkup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-08-18 15:28 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 22:29 . 2011-08-17 05:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-09-24 20:42 . 2011-06-08 14:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-02-19 21:04 . 2009-02-19 21:04 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-02-19 21:04 . 2009-02-19 21:04 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-08-17 01:42 . 2008-08-17 01:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 01:42 . 2008-08-17 01:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 01:42 . 2008-08-17 01:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 01:42 . 2008-08-17 01:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 01:43 . 2008-08-17 01:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 01:42 . 2008-08-17 01:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 01:42 . 2008-08-17 01:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-02-19 21:04 . 2009-02-19 21:04 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-05-21 16:41 . 2008-05-21 16:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 16:41 . 2008-05-21 16:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 16:41 . 2008-05-21 16:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 21:58 . 2008-06-05 21:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 01:42 . 2008-08-17 01:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-11-09 06:08 . 2011-04-12 03:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_15.32.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-16 21:47 . 2010-06-04 11:23 46320 c:\windows\Temp\sophos_autoupdate1.dir\xmltok.dll
+ 2011-12-16 21:47 . 2010-06-04 11:23 46320 c:\windows\Temp\sophos_autoupdate1.dir\xmlparse.dll
+ 2011-12-16 21:47 . 2010-06-04 11:23 25328 c:\windows\Temp\sophos_autoupdate1.dir\SharedRes.dll
+ 2011-12-16 21:47 . 2010-06-04 11:23 28912 c:\windows\Temp\sophos_autoupdate1.dir\crypto.dll
+ 2011-12-16 21:47 . 2010-06-04 11:23 50416 c:\windows\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll
+ 2011-12-16 21:49 . 2011-10-13 17:18 64752 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_IA64\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 34816 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_IA64\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 68608 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_IA64\SAVONACCESSFILTER.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 80896 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_IA64\native.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 35568 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_AMD64\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 18944 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_AMD64\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 28672 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_AMD64\SAVONACCESSFILTER.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 42496 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_AMD64\native.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 64752 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_IA64\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 41464 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_IA64\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 80896 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_IA64\native.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 28912 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_i386\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 22536 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_i386\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 35568 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_AMD64\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 25608 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_AMD64\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 42496 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_AMD64\native.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 28912 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Win2K\SophosBootTasks.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 14976 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Win2K\SophosBootDriver.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 25472 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Win2K\SAVONACCESSFILTER.sys
+ 2011-12-16 21:48 . 2011-10-13 17:18 57072 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\SDCDevConx64.exe
+ 2011-12-16 21:48 . 2011-10-13 17:18 55024 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\SDCDevCon.exe
+ 2011-12-16 21:48 . 2011-10-13 17:18 22768 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\SavProxy.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 53752 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\ClassFilterDrivers\iA64\sdcfilter.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 23928 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\ClassFilterDrivers\i386\sdcfilter.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 25592 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\ClassFilterDrivers\AMD64\sdcfilter.sys
+ 2011-12-16 21:42 . 2011-12-16 21:42 16384 c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2011-12-16 21:42 . 2011-12-16 21:42 16384 c:\windows\Temp\Perflib_Perfdata_388.dat
+ 2011-12-16 21:18 . 2011-12-16 21:18 16384 c:\windows\Temp\Perflib_Perfdata_26c.dat
+ 2006-04-30 07:28 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe
+ 2011-11-08 06:50 . 2008-09-29 22:09 73728 c:\windows\system32\spool\drivers\Print2PDF\wcs.dll
+ 2011-11-08 06:50 . 2010-04-21 00:33 94272 c:\windows\system32\spool\drivers\Print2PDF\w6_url.dll
+ 2011-11-08 06:50 . 2010-11-16 22:06 74240 c:\windows\system32\spool\drivers\Print2PDF\RunProcess64.dll
+ 2011-11-08 06:50 . 2010-11-16 22:05 72192 c:\windows\system32\spool\drivers\Print2PDF\RunProcess.dll
+ 2011-11-08 06:50 . 2009-01-22 12:16 88904 c:\windows\system32\spool\drivers\Print2PDF\msxml4r.dll
+ 2011-11-08 06:50 . 2009-03-25 19:43 44544 c:\windows\system32\spool\drivers\Print2PDF\msxml4a.dll
+ 2011-11-08 06:50 . 2004-08-18 22:00 61440 c:\windows\system32\spool\drivers\Print2PDF\msvcrt40.dll
+ 2011-11-08 06:50 . 2010-08-24 19:34 49152 c:\windows\system32\spool\drivers\Print2PDF\Install.exe
+ 2011-11-08 06:50 . 2005-11-11 23:42 24576 c:\windows\system32\spool\drivers\Print2PDF\geartest.exe
+ 2011-11-08 06:50 . 2010-04-14 19:28 73728 c:\windows\system32\spool\drivers\Print2PDF\602updsvc.exe
+ 2007-08-12 08:02 . 2009-01-08 01:20 16928 c:\windows\system32\spmsg.dll
+ 2006-04-30 06:55 . 2009-03-08 11:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-04-30 06:55 . 2011-11-27 12:03 72306 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2011-08-22 14:54 72306 c:\windows\system32\perfc009.dat
+ 2006-06-29 15:05 . 2009-01-08 01:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 15:05 . 2006-06-29 15:05 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 00:59 . 2006-06-29 00:59 24576 c:\windows\system32\nlsdl.dll
+ 2006-06-29 00:59 . 2009-01-08 01:20 24576 c:\windows\system32\nlsdl.dll
+ 2006-11-04 21:10 . 2009-01-22 12:16 88904 c:\windows\system32\msxml4r.dll
- 2007-08-12 08:27 . 2002-02-03 21:13 44544 c:\windows\system32\msxml4a.dll
+ 2007-08-12 08:27 . 2009-03-25 19:43 44544 c:\windows\system32\msxml4a.dll
+ 2006-04-30 06:55 . 2009-03-08 11:31 48128 c:\windows\system32\mshtmler.dll
- 2006-04-30 06:55 . 2006-10-17 18:28 48128 c:\windows\system32\mshtmler.dll
+ 2006-04-30 06:55 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
- 2006-04-30 06:55 . 2006-10-17 18:56 45568 c:\windows\system32\mshta.exe
+ 2006-04-30 06:55 . 2009-03-08 11:31 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 18:58 . 2009-03-08 11:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 04:03 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-09-12 18:08 . 2011-09-12 18:08 56532 c:\windows\system32\mlfcache.dat
+ 2006-04-30 06:55 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2006-04-30 06:55 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2011-04-06 23:20 . 2011-04-06 23:20 75040 c:\windows\system32\jdns_sd.dll
+ 2006-04-30 06:55 . 2009-03-08 11:32 94720 c:\windows\system32\inseng.dll
+ 2006-04-30 06:55 . 2009-03-08 11:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 36864 c:\windows\system32\ieudinit.exe
+ 2006-04-30 06:55 . 2009-03-08 11:32 71680 c:\windows\system32\iesetup.dll
+ 2006-04-30 06:55 . 2009-03-08 11:32 55808 c:\windows\system32\iernonce.dll
- 2006-06-29 15:05 . 2006-06-29 15:05 26112 c:\windows\system32\idndl.dll
+ 2006-06-29 15:05 . 2009-01-08 01:20 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 18:58 . 2009-03-08 11:31 59904 c:\windows\system32\icardie.dll
+ 2009-01-28 17:52 . 2011-09-01 01:00 22216 c:\windows\system32\drivers\mbam.sys
+ 2011-08-04 17:20 . 2011-08-04 17:20 61936 c:\windows\system32\drivers\epfwtdi.sys
+ 2011-08-09 17:37 . 2011-08-09 17:37 39824 c:\windows\system32\drivers\epfwndis.sys
+ 2011-04-06 23:20 . 2011-04-06 23:20 91424 c:\windows\system32\dnssd.dll
+ 2011-09-24 20:20 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-10-17 18:58 . 2009-03-08 11:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-17 18:28 . 2009-03-08 11:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2006-10-17 18:28 . 2006-10-17 18:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-17 18:56 . 2006-10-17 18:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2006-10-17 18:56 . 2009-03-08 11:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2008-08-26 07:24 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 19:05 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2006-10-17 18:57 . 2009-03-08 11:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24 . 2009-03-08 11:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2006-10-17 18:44 . 2009-03-08 11:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2006-10-17 19:03 . 2009-03-08 11:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2006-04-30 06:55 . 2009-03-08 11:33 18944 c:\windows\system32\corpol.dll
- 2007-09-06 11:47 . 2011-08-21 03:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-06 11:47 . 2011-12-15 23:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-06 11:47 . 2011-08-21 03:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-06 11:47 . 2011-12-15 23:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-06 11:47 . 2011-08-21 03:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-09-06 11:47 . 2011-12-15 23:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-04-30 06:55 . 2009-03-08 11:32 72704 c:\windows\system32\admparse.dll
+ 2011-12-07 16:25 . 2011-12-07 16:25 10134 c:\windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\callmsi.exe
+ 2011-09-04 21:00 . 2011-09-04 21:00 43302 c:\windows\Installer\{7B6DBA08-0DB3-4159-8944-F85FE79D4979}\KLPassRec.exe
+ 2011-09-04 21:00 . 2011-09-04 21:00 43302 c:\windows\Installer\{7B6DBA08-0DB3-4159-8944-F85FE79D4979}\ext_2.exe
+ 2011-09-04 21:00 . 2011-09-04 21:00 43302 c:\windows\Installer\{7B6DBA08-0DB3-4159-8944-F85FE79D4979}\ext_1.exe
+ 2011-09-04 21:00 . 2011-09-04 21:00 43302 c:\windows\Installer\{7B6DBA08-0DB3-4159-8944-F85FE79D4979}\ext.exe
+ 2011-11-25 06:51 . 2011-11-27 06:57 65536 c:\windows\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}\ARPPRODUCTICON.exe
+ 2011-09-24 20:31 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-09-24 20:31 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-09-24 20:31 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-09-24 20:32 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-09-24 20:32 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-24 20:28 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 44544 c:\windows\ie8\pngfilt.dll
+ 2011-09-24 20:26 . 2006-10-17 18:28 48128 c:\windows\ie8\mshtmler.dll
+ 2011-09-24 20:26 . 2006-10-17 18:56 45568 c:\windows\ie8\mshta.exe
+ 2011-09-24 20:26 . 2006-10-17 18:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-09-24 20:26 . 2011-06-21 18:45 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-09-24 20:26 . 2006-10-17 19:05 40960 c:\windows\ie8\licmgr10.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 27648 c:\windows\ie8\jsproxy.dll
+ 2011-09-24 20:26 . 2006-11-07 10:26 92672 c:\windows\ie8\inseng.dll
+ 2011-09-24 20:26 . 2006-10-17 18:57 36352 c:\windows\ie8\imgutil.dll
+ 2011-09-24 20:26 . 2006-11-07 10:26 55296 c:\windows\ie8\iesetup.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 44544 c:\windows\ie8\iernonce.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 78336 c:\windows\ie8\ieencode.dll
+ 2011-09-24 20:26 . 2011-06-21 11:46 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-09-24 20:26 . 2011-06-21 18:45 63488 c:\windows\ie8\icardie.dll
+ 2011-09-24 20:26 . 2006-10-17 18:44 60416 c:\windows\ie8\hmmapi.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 17408 c:\windows\ie8\corpol.dll
+ 2011-09-24 20:26 . 2006-11-07 10:26 71680 c:\windows\ie8\admparse.dll
+ 2011-09-24 20:31 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB982381-IE8\update\spcustom.dll
+ 2011-09-24 20:31 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB982381-IE8\spmsg.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 12800 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\xpshims.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 55296 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeedsbs.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 25600 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\jsproxy.dll
+ 2011-09-24 20:32 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-09-24 20:32 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-09-24 20:32 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2467659\update\spcustom.dll
+ 2011-09-24 20:32 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2467659\spmsg.dll
+ 2011-09-24 20:31 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2447568-IE8\update\spcustom.dll
+ 2011-09-24 20:31 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2447568-IE8\spmsg.dll
+ 2011-12-16 21:47 . 2010-09-21 16:16 3022 c:\windows\Temp\sophos_autoupdate1.dir\scf.dat
+ 2011-09-24 20:20 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll
+ 2011-09-24 20:31 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2011-09-24 20:20 . 2010-10-18 10:39 7680 c:\windows\$hf_mig$\KB2447568-IE8\SP3QFE\iecompat.dll
+ 2011-12-16 21:47 . 2010-06-04 11:23 124144 c:\windows\Temp\sophos_autoupdate1.dir\xmlcpp.dll
+ 2011-12-16 21:47 . 2010-07-13 12:08 230640 c:\windows\Temp\sophos_autoupdate1.dir\retailer.dll
+ 2011-12-16 21:47 . 2010-02-04 12:07 348160 c:\windows\Temp\sophos_autoupdate1.dir\MSVCR71.DLL
+ 2011-12-16 21:47 . 2010-02-04 12:07 503808 c:\windows\Temp\sophos_autoupdate1.dir\MSVCP71.DLL
+ 2011-12-16 21:47 . 2010-06-04 11:23 750832 c:\windows\Temp\sophos_autoupdate1.dir\libeay32.dll
+ 2011-12-16 21:47 . 2009-07-14 23:56 159744 c:\windows\Temp\sophos_autoupdate1.dir\libcurl.dll
+ 2011-12-16 21:47 . 2010-07-13 12:08 181488 c:\windows\Temp\sophos_autoupdate1.dir\CidSync.dll
+ 2011-12-16 21:47 . 2010-07-13 12:08 181488 c:\windows\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll
+ 2011-12-16 21:47 . 2010-09-21 16:16 644336 c:\windows\Temp\sophos_autoupdate1.dir\ALUpdate.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 305664 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_IA64\SAVONACCESSCONTROL.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 153344 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_i386\SAVONACCESSCONTROL.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 131584 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinXP_AMD64\SAVONACCESSCONTROL.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 321016 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_IA64\savonaccess.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 122360 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_i386\savonaccess.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 142328 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\WinLH_AMD64\savonaccess.sys
+ 2011-12-16 21:49 . 2011-10-13 17:18 157440 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Win2K\SAVONACCESSCONTROL.sys
+ 2011-12-16 21:48 . 2011-11-16 11:06 905737 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\vdl.dat
+ 2011-12-16 21:48 . 2011-10-13 17:18 241136 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sophos_detoured_x64.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 424312 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sophos_detoured_ia64.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 234408 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sophos_detoured.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 550640 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\SDCService.exe
+ 2011-12-16 21:48 . 2011-10-13 17:18 111856 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\SDCDevConIA64.exe
+ 2011-12-16 21:48 . 2011-10-13 17:18 183024 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sdccoinstallerx64.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 359152 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sdccoinstallerIA64.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 131824 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\sdccoinstaller.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 105512 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\rkdisk.dll
+ 2011-12-16 21:48 . 2011-11-16 11:06 174104 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\osdp.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 143360 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\ConfigureSAV.exe
+ 2011-12-16 21:49 . 2011-10-13 17:18 125168 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Common\Cisco Systems\CiscoTrustAgent\Plugins\Install\SAVPosturePlugin.dll
- 2007-08-12 08:03 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2007-08-12 08:03 . 2009-01-08 01:21 121856 c:\windows\system32\xmllite.dll
+ 2011-08-31 06:51 . 2005-01-12 18:19 456536 c:\windows\system32\XCEEDZIP.DLL
+ 2011-08-31 06:51 . 2004-09-28 18:13 526184 c:\windows\system32\XceedCry.dll
+ 2011-08-31 06:51 . 2004-08-11 22:55 110602 c:\windows\system32\xcdsfx32.bin
+ 2006-04-30 06:56 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
+ 2006-10-17 19:05 . 2009-03-08 11:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2006-04-30 06:56 . 2009-03-08 11:34 236544 c:\windows\system32\webcheck.dll
+ 2006-04-30 06:56 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll
+ 2006-04-30 06:56 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2011-11-08 06:51 . 2011-04-15 13:57 223232 c:\windows\system32\spool\drivers\x64\3\InstDrv.dll
+ 2011-11-08 06:51 . 2011-04-15 13:57 223232 c:\windows\system32\spool\drivers\w32x86\3\InstDrv.dll
+ 2011-11-08 06:50 . 2010-10-21 23:39 121856 c:\windows\system32\spool\drivers\Print2PDF\xmllite.dll
+ 2011-11-08 06:50 . 2008-09-29 22:09 532480 c:\windows\system32\spool\drivers\Print2PDF\wc.dll
+ 2011-11-08 06:50 . 2010-12-02 10:13 216576 c:\windows\system32\spool\drivers\Print2PDF\Software602_x64.dll
+ 2011-11-08 06:50 . 2010-12-02 10:13 214528 c:\windows\system32\spool\drivers\Print2PDF\Software602.dll
+ 2011-11-08 06:50 . 2010-11-16 22:06 119808 c:\windows\system32\spool\drivers\Print2PDF\RunPrintMonitor64.exe
+ 2011-11-08 06:50 . 2010-11-16 22:05 117248 c:\windows\system32\spool\drivers\Print2PDF\RunPrintMonitor.exe
+ 2011-11-08 06:50 . 2011-04-12 18:58 222776 c:\windows\system32\spool\drivers\Print2PDF\Print2PDF.exe
+ 2011-11-08 06:50 . 2011-04-14 19:26 131584 c:\windows\system32\spool\drivers\Print2PDF\Pdf602.dll
+ 2011-11-08 06:50 . 2003-02-21 23:42 348160 c:\windows\system32\spool\drivers\Print2PDF\msvcr71.dll
+ 2011-11-08 06:50 . 2011-04-15 13:57 223232 c:\windows\system32\spool\drivers\Print2PDF\InstDrv.dll
+ 2011-11-08 06:50 . 2011-04-21 17:37 707624 c:\windows\system32\spool\drivers\Print2PDF\Installer.exe
+ 2011-11-08 06:50 . 2010-10-11 19:16 110592 c:\windows\system32\spool\drivers\Print2PDF\Gear602.dll
+ 2011-11-08 06:50 . 2011-04-15 21:13 145920 c:\windows\system32\spool\drivers\Print2PDF\CtxMenu64.dll
+ 2011-11-08 06:50 . 2011-04-15 12:03 135168 c:\windows\system32\spool\drivers\Print2PDF\CtxMenu.dll
+ 2011-11-08 06:50 . 2011-03-31 04:00 508928 c:\windows\system32\spool\drivers\Print2PDF\acfpdfuiamd64.dll
+ 2011-11-08 06:50 . 2011-03-31 04:00 491008 c:\windows\system32\spool\drivers\Print2PDF\acfpdfui.dll
+ 2011-11-08 06:50 . 2011-03-31 04:00 967168 c:\windows\system32\spool\drivers\Print2PDF\acfpdfuamd64.dll
+ 2011-11-08 06:50 . 2011-03-31 04:00 747520 c:\windows\system32\spool\drivers\Print2PDF\acfpdfu.dll
+ 2011-11-08 06:50 . 2010-04-21 00:33 143424 c:\windows\system32\spool\drivers\Print2PDF\602zip.dll
+ 2006-04-30 06:55 . 2011-11-27 12:03 444596 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2011-08-22 14:54 444596 c:\windows\system32\perfh009.dat
+ 2006-04-30 06:55 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2006-04-30 06:55 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2006-04-30 06:55 . 2009-03-08 11:34 193536 c:\windows\system32\msrating.dll
- 2006-04-30 06:55 . 2006-11-08 04:03 156160 c:\windows\system32\msls31.dll
+ 2006-04-30 06:55 . 2009-03-08 11:22 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 265720 c:\windows\system32\msdbg2.dll
+ 2011-09-24 20:42 . 2011-09-24 20:42 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-09-11 17:04 . 2011-09-11 17:04 243360 c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
+ 2011-09-11 17:04 . 2011-09-11 17:04 328864 c:\windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.dll
+ 2006-04-30 06:55 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll
+ 2011-11-14 20:14 . 2011-11-14 20:14 100702 c:\windows\system32\itusbcore.dat
+ 2006-11-08 04:03 . 2009-03-08 11:22 164352 c:\windows\system32\ieui.dll
+ 2006-04-30 06:55 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2006-04-30 06:55 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 18:27 . 2009-03-08 11:11 445952 c:\windows\system32\ieapfltr.dll
+ 2006-04-30 06:55 . 2009-03-08 11:32 163840 c:\windows\system32\ieakui.dll
+ 2006-04-30 06:55 . 2009-03-08 11:33 229376 c:\windows\system32\ieaksie.dll
+ 2006-04-30 06:55 . 2009-03-08 11:33 125952 c:\windows\system32\ieakeng.dll
+ 2006-04-30 06:55 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2006-04-30 06:55 . 2009-03-08 11:31 216064 c:\windows\system32\dxtrans.dll
+ 2006-04-30 06:55 . 2009-03-08 11:31 348160 c:\windows\system32\dxtmsft.dll
+ 2011-08-04 17:20 . 2011-08-04 17:20 147480 c:\windows\system32\drivers\epfw.sys
+ 2011-08-04 17:20 . 2011-08-04 17:20 118104 c:\windows\system32\drivers\ehdrv.sys
+ 2011-08-09 22:24 . 2011-08-09 22:24 154136 c:\windows\system32\drivers\eamon.sys
+ 2011-04-06 23:20 . 2011-04-06 23:20 197920 c:\windows\system32\dnssdX.dll
+ 2011-04-06 23:20 . 2011-04-06 23:20 107808 c:\windows\system32\dns-sd.exe
+ 2006-11-08 04:03 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 04:03 . 2009-03-08 11:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 04:03 . 2009-03-08 11:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2006-11-08 04:03 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2006-10-17 19:05 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2006-10-17 19:04 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-10-17 19:05 . 2009-03-08 11:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2006-11-08 04:03 . 2009-03-08 11:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2006-11-08 04:03 . 2006-11-08 04:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-08-26 07:24 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-17 19:00 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 19:04 . 2009-03-08 21:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2011-09-24 20:20 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-09-24 20:20 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 10:27 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24 . 2009-03-08 11:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 10:25 . 2009-03-08 11:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 10:27 . 2009-03-08 11:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 10:26 . 2009-03-08 11:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 10:26 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-10-17 18:57 . 2009-03-08 11:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-10-17 18:58 . 2009-03-08 11:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 10:26 . 2009-03-08 11:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2006-04-30 06:55 . 2009-03-08 11:32 128512 c:\windows\system32\advpack.dll
+ 2011-08-22 16:24 . 2010-09-07 22:39 150392 c:\windows\junction.exe
+ 2011-11-23 21:41 . 2011-11-23 21:41 333824 c:\windows\Installer\e7fd5c2.msi
+ 2011-09-04 21:00 . 2011-09-04 21:00 564736 c:\windows\Installer\65cf9c.msi
+ 2011-11-16 17:15 . 2011-11-16 17:15 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2011-12-07 16:25 . 2011-12-07 16:25 105624 c:\windows\Installer\{83E3F4E4-CEA1-452B-9180-A40813CD111C}\egui.exe
+ 2011-09-24 20:31 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-09-24 20:31 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-09-24 20:31 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-09-24 20:31 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-09-24 20:31 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-09-24 20:31 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-09-24 20:31 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-09-24 20:31 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-09-24 20:31 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-09-24 20:31 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-09-24 20:31 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-09-24 20:32 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-09-24 20:32 . 2009-03-08 11:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-09-24 20:32 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-09-24 20:32 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-09-24 20:32 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-09-24 20:32 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-09-24 20:31 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-09-24 20:31 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-09-24 20:26 . 2011-06-21 18:45 832512 c:\windows\ie8\wininet.dll
+ 2011-09-24 20:26 . 2006-10-17 19:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-09-24 20:26 . 2011-06-21 18:45 233472 c:\windows\ie8\webcheck.dll
+ 2011-09-24 20:26 . 2011-04-30 08:50 766464 c:\windows\ie8\vgx.dll
+ 2011-09-24 20:26 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 106496 c:\windows\ie8\url.dll
+ 2011-09-24 20:28 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-09-24 20:28 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-09-24 20:26 . 2006-09-06 23:43 213216 c:\windows\ie8\spuninst.exe
+ 2011-09-24 20:26 . 2011-06-21 18:45 102912 c:\windows\ie8\occache.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 671232 c:\windows\ie8\mstime.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 193024 c:\windows\ie8\msrating.dll
+ 2011-09-24 20:26 . 2006-11-08 04:03 156160 c:\windows\ie8\msls31.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 478720 c:\windows\ie8\mshtmled.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 468480 c:\windows\ie8\msfeeds.dll
+ 2011-09-24 20:26 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-09-24 20:26 . 2011-06-20 11:29 634648 c:\windows\ie8\iexplore.exe
+ 2011-09-24 20:26 . 2006-11-08 04:03 180736 c:\windows\ie8\ieui.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 268288 c:\windows\ie8\iertutil.dll
+ 2011-09-24 20:26 . 2006-11-08 04:03 287744 c:\windows\ie8\ieproxy.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 192512 c:\windows\ie8\iepeers.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 384512 c:\windows\ie8\iedkcs32.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-09-24 20:26 . 2011-06-20 11:27 161792 c:\windows\ie8\ieakui.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 230400 c:\windows\ie8\ieaksie.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 153088 c:\windows\ie8\ieakeng.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 214528 c:\windows\ie8\dxtrans.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 124928 c:\windows\ie8\advpack.dll
+ 2011-09-24 20:32 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2467659$\spuninst\updspapi.dll
+ 2011-09-24 20:32 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2467659$\spuninst\spuninst.exe
+ 2011-09-24 20:31 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982381-IE8\update\updspapi.dll
+ 2011-09-24 20:31 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB982381-IE8\update\update.exe
+ 2011-09-24 20:31 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB982381-IE8\spuninst.exe
+ 2011-09-24 20:20 . 2010-05-06 10:36 919040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 206848 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\occache.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 611840 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mstime.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 599040 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\msfeeds.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 247808 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieproxy.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 184320 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iepeers.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 743424 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedvtool.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 387584 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iedkcs32.dll
+ 2011-09-24 20:20 . 2010-05-05 13:55 173056 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-24 20:32 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-09-24 20:32 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-09-24 20:32 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-09-24 20:20 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-09-24 20:20 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-09-24 20:32 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2467659\update\updspapi.dll
+ 2011-09-24 20:32 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2467659\update\update.exe
+ 2011-09-24 20:32 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2467659\spuninst.exe
+ 2011-09-24 20:31 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2447568-IE8\update\updspapi.dll
+ 2011-09-24 20:31 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2447568-IE8\update\update.exe
+ 2011-09-24 20:31 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2447568-IE8\spuninst.exe
+ 2011-12-16 21:48 . 2011-11-16 11:06 2466840 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\veex.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 2959360 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Sophos Anti-Virus.msi
+ 2011-12-16 21:48 . 2011-10-13 17:18 1002496 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\Setup.dll
+ 2011-12-16 21:48 . 2011-11-16 11:06 1564184 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\savi.dll
+ 2011-12-16 21:48 . 2011-10-13 17:18 2434048 c:\windows\Temp\sophos_autoupdate1.dir\1324072068\msxml.msi
+ 2006-04-30 06:56 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2011-11-08 06:50 . 2011-04-22 01:08 3971584 c:\windows\system32\spool\drivers\Print2PDF\Print602.dll
+ 2011-11-08 06:50 . 2009-01-22 12:14 1328968 c:\windows\system32\spool\drivers\Print2PDF\msxml4.dll
+ 2011-11-08 06:50 . 2009-07-14 11:15 1386496 c:\windows\system32\spool\drivers\Print2PDF\msvbvm60.dll
+ 2011-11-08 06:50 . 2011-04-21 21:29 1462272 c:\windows\system32\spool\drivers\Print2PDF\Menu_client.exe
+ 2011-11-08 06:50 . 1997-11-02 03:40 1062912 c:\windows\system32\spool\drivers\Print2PDF\gear32sd.dll
+ 2011-11-08 06:50 . 2010-09-21 00:55 2335880 c:\windows\system32\spool\drivers\Print2PDF\gdpdfplug.dll
+ 2011-11-08 06:50 . 2011-03-31 03:58 6536192 c:\windows\system32\spool\drivers\Print2PDF\cdintf450_x64.dll
+ 2011-11-08 06:50 . 2011-03-31 03:54 4835328 c:\windows\system32\spool\drivers\Print2PDF\cdintf450.dll
+ 2009-07-20 18:35 . 2009-01-22 12:14 1328968 c:\windows\system32\msxml4.dll
+ 2006-04-30 06:55 . 2009-07-14 11:15 1386496 c:\windows\system32\msvbvm60.dll
+ 2006-04-30 06:55 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2011-09-24 20:42 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2006-10-17 18:57 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2006-09-06 06:01 . 2009-02-07 04:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2011-11-08 06:50 . 2010-09-21 00:55 2335880 c:\windows\system32\gdpdfplug.dll
+ 2006-11-08 04:03 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-08 01:20 . 2009-01-08 01:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-11-08 04:03 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-26 07:24 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2007-04-17 09:32 . 2009-02-07 04:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-08 01:20 . 2009-01-08 01:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-11-08 06:51 . 2011-03-31 03:58 6536192 c:\windows\system32\cdintf450_x64.dll
+ 2011-11-08 06:50 . 2011-03-31 03:54 4835328 c:\windows\system32\cdintf450.dll
+ 2011-01-14 20:09 . 2011-01-14 20:09 2959360 c:\windows\Installer\e2a8529.msi
+ 2011-01-14 20:09 . 2011-01-14 20:09 2959360 c:\windows\Installer\9f3ab00.msi
+ 2011-11-27 06:57 . 2011-11-27 06:57 1554944 c:\windows\Installer\7874033.msi
+ 2011-09-24 20:26 . 2011-09-24 20:26 1054720 c:\windows\Installer\6400ba6.msi
+ 2011-01-14 21:09 . 2011-01-14 21:09 2959360 c:\windows\Installer\51cc837.msi
+ 2011-11-16 17:16 . 2011-11-16 17:16 1252864 c:\windows\Installer\479b6de.msi
+ 2011-11-16 17:15 . 2011-11-16 17:15 1527808 c:\windows\Installer\479b6ce.msi
+ 2011-09-12 18:07 . 2011-09-12 18:07 1984000 c:\windows\Installer\2812b95.msi
+ 2011-12-07 16:25 . 2011-12-07 16:25 1037824 c:\windows\Installer\22b7319.msi
+ 2011-01-14 20:09 . 2011-01-14 20:09 2959360 c:\windows\Installer\1ae01506.msi
+ 2011-01-14 20:09 . 2011-01-14 20:09 2959360 c:\windows\Installer\18d6007.msi
+ 2011-01-14 20:09 . 2011-01-14 20:09 2959360 c:\windows\Installer\13e3fd31.msi
+ 2011-09-24 20:31 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-09-24 20:31 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-09-24 20:31 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 1168896 c:\windows\ie8\urlmon.dll
+ 2011-09-24 20:26 . 2011-07-22 16:35 3613696 c:\windows\ie8\mshtml.dll
+ 2011-09-24 20:26 . 2011-06-21 18:45 6076416 c:\windows\ie8\ieframe.dll
+ 2011-09-24 20:26 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2011-09-24 20:20 . 2010-05-06 10:36 1209856 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\urlmon.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 5953024 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
+ 2011-09-24 20:20 . 2010-05-06 10:36 1986048 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\iertutil.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-09-24 20:20 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-09-24 20:20 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2009-03-27 16:41 . 2011-09-06 20:58 46249416 c:\windows\system32\MRT.exe
+ 2006-11-08 04:03 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-24 20:31 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-09-24 20:32 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2010-05-06 23:06 . 2010-05-06 23:06 11078144 c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\ieframe.dll
+ 2011-06-25 08:03 . 2011-06-25 08:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2011-05-09 09:49 176936 ----a-w- c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F999A48B-1950-4D81-9971-79018F807B4B}"= "c:\program files\FreeOnlineRadioPlayerRecorder\prxtbFre2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"nwiz"="nwiz.exe" [2007-05-17 1626112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-08 202256]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 22:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 05:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix XenApp.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix XenApp.lnk
backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
2007-07-05 21:58 413696 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
2007-07-05 21:51 126976 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 06:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-06-17 16:16 208896 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-12-03 12:39 50592 ----a-w- c:\documents and settings\ranit_banerjee\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellNSCST_GRNCH]
2006-05-08 18:16 278528 ------w- c:\program files\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-18 23:24 196696 ----a-w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 12:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2007-03-28 17:32 243248 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-01-03 18:08 133104 ----atw- c:\documents and settings\ranit_banerjee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\program files\Common Files\Installshield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kopajevalu]
c:\windows\system32\lopibeki.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-03-22 17:02 120368 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-17 15:53 8433664 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-17 15:53 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-17 15:53 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
2007-06-17 16:16 200704 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicWALLNetExtender]
2008-04-08 22:40 562608 ----a-w- c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 03:55 839680 ------w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-04-10 00:23 1015808 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-12-04 21:50 1809648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-02-14 05:16 512000 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2006-02-14 05:17 110592 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-08 21:13 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2007-03-30 01:40 181808 ----a-w- c:\windows\system32\TpShocks.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-03-04 17:34 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\ranit_banerjee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\ranit_banerjee\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\tools\\eclipse\\eclipse.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\tools\\jdk1.5.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_21\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\ranit_banerjee\\Application Data\\mjusbsp\\magicJack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 4:47 PM 19760]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [11/7/2011 10:50 PM 73728]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 OracleJobSchedulerCALYPSO;OracleJobSchedulerCALYPSO;c:\tools\oracle\11gr1\Bin\extjob.exe CALYPSO --> c:\tools\oracle\11gr1\Bin\extjob.exe CALYPSO [?]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/14/2007 9:10 PM 11152]
R2 SYBSQL_LOCALHOST;Sybase SQLServer _ LOCALHOST;c:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe -sLOCALHOST -C --> c:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe -sLOCALHOST -C [?]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 12:11 PM 569344]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [8/28/2006 3:13 PM 20504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 11:42 AM 35264]
S2 OracleDBConsoleCALYPSO;OracleDBConsoleCALYPSO;c:\tools\oracle\11gR1\BIN\nmesrvc.exe [5/15/2008 1:21 PM 25600]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/16/2011 9:32 AM 191752]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8/11/2007 11:53 PM 81280]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\tools\oracle\11gR1\BIN\TNSLSNR --> c:\tools\oracle\11gR1\BIN\TNSLSNR [?]
S3 OracleServiceCALYPSO;OracleServiceCALYPSO;c:\tools\oracle\11gr1\bin\ORACLE.EXE CALYPSO --> c:\tools\oracle\11gr1\bin\ORACLE.EXE CALYPSO [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
S3 SybaseUAService;Sybase Unified Agent;c:\tools\sybase15\UAF-2_0\utility\ntautostart\release\uaservice.exe [9/5/2007 2:23 PM 49152]
S3 SYBBCK_LOCALHOST_BS;Sybase BCKServer _ LOCALHOST_BS;c:\tools\sybase15\ASE-15_0\bin\bcksrvr.exe -SLOCALHOST_BS -R --> c:\tools\sybase15\ASE-15_0\bin\bcksrvr.exe -SLOCALHOST_BS -R [?]
S3 SYBXPS_LOCALHOST_XP;Sybase XPServer _ LOCALHOST_XP;c:\tools\sybase15\ASE-15_0\bin\xpserver.exe -SLOCALHOST_XP -C --> c:\tools\sybase15\ASE-15_0\bin\xpserver.exe -SLOCALHOST_XP -C [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
necusb3 REG_MULTI_SZ necusb
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-257438896-4239395036-1050642295-1031Core.job
- c:\documents and settings\ranit_banerjee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-03 18:08]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-257438896-4239395036-1050642295-1031UA.job
- c:\documents and settings\ranit_banerjee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-03 18:08]
.
2011-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2009-02-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-08-12 16:16]
.
2011-12-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-257438896-4239395036-1050642295-1031.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
2011-12-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-257438896-4239395036-1050642295-1031.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: calypso.com
Trusted Zone: postoffice.net\calypso.sp
TCP: DhcpNameServer = 10.1.0.233
FF - ProfilePath - c:\documents and settings\ranit_banerjee\Application Data\Mozilla\Firefox\Profiles\6zmnk594.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Print2PDF Print Monitor - c:\giveaway of the day softwareeeeeeees\Print2PDF.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-16 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OracleOraDb11g_home1TNSListener]
"ImagePath"="c:\tools\oracle\11gR1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-257438896-4239395036-1050642295-1031\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1880)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
.
- - - - - - - > 'explorer.exe'(1680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\tools\oracle\11gr1\Bin\extjob.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\tools\sybase15\ASE-15_0\bin\sqlsrvr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-12-16 16:53:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-17 00:53
.
Pre-Run: 11,174,518,784 bytes free
Post-Run: 12,568,829,952 bytes free
.
- - End Of File - - 4CB4A5F4E28687F82E2F87AC98F618C2

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:51 AM

Posted 17 December 2011 - 07:25 PM

Please run the ESET online scan next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#15 rendezvou

rendezvou
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 17 December 2011 - 09:42 PM

I have eset installed on my machine.
Do you think if I scan with it that would do what you are looking for as well?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users