Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess rootkit giving IE is not your default browser popups


  • This topic is locked This topic is locked
12 replies to this topic

#1 Nerph

Nerph

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 26 March 2012 - 05:17 PM

Hi,

A helper has requested I post my issue in this forum.

The symptoms I I have are:

Internet Explorer will open up sometimes of it's own accord and display an advertisement
I get a message box saying Internet Explorer is not currently my default browser. This will appear at any time, even when no browsers are running.
I'm getting these odd processes that start up called 7J13CI.com or 7J13CI~1.com, there are usually two or three of these processes running. I end the processes but they start back up again after a while.

Tried various scans (Symantec, MBAM, Spybot Search & Destroy), nothing has been able to remove it.

I was unable to run DDS as I am using Windows Server 2003 and it says my OS is unsupported. I have attached the ark.txt file from the GMER scan though.

Thanks

Attached Files

  • Attached File  ark.txt   2.21KB   20 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 01 April 2012 - 05:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/447708 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 02 April 2012 - 09:17 AM

Hi,

Apologies for the delay in responding to you. Windows Server 2003 is an unusual OS for us to see around here and may explain why your topic wasn't picked up earlier.

Although there are hints of ZeroAccess in your other topic, it isn't showing up in your GMER log, so let's see if we can find it another way.

:step1: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2: We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Nerph

Nerph
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 03 April 2012 - 03:57 AM

Hi, no problem, thanks for getting back to me. Here are the requested logs:

TDSSKiller:
17:33:43.0953 2664 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
17:33:44.0640 2664 ============================================================
17:33:44.0640 2664 Current date / time: 2012/04/03 17:33:44.0640
17:33:44.0640 2664 SystemInfo:
17:33:44.0640 2664
17:33:44.0640 2664 OS Version: 5.2.3790 ServicePack: 2.0
17:33:44.0640 2664 Product type: Server
17:33:44.0640 2664 ComputerName: ADMINISTRATOR
17:33:44.0640 2664 UserName: Administrator
17:33:44.0640 2664 Windows directory: C:\WINDOWS
17:33:44.0640 2664 System windows directory: C:\WINDOWS
17:33:44.0640 2664 Processor architecture: Intel x86
17:33:44.0640 2664 Number of processors: 4
17:33:44.0640 2664 Page size: 0x1000
17:33:44.0640 2664 Boot type: Normal boot
17:33:44.0640 2664 ============================================================
17:33:45.0937 2664 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:33:45.0953 2664 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:33:45.0953 2664 \Device\Harddisk1\DR1:
17:33:45.0953 2664 MBR used
17:33:45.0953 2664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
17:33:45.0953 2664 \Device\Harddisk0\DR0:
17:33:45.0953 2664 MBR used
17:33:45.0953 2664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
17:33:45.0968 2664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x4E1EDEC
17:33:45.0968 2664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x88B8F9D
17:33:45.0984 2664 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14C082E7, BlocksNum 0x35C4AD19
17:33:46.0171 2664 Initialize success
17:33:46.0171 2664 ============================================================
17:33:47.0406 1684 ============================================================
17:33:47.0406 1684 Scan started
17:33:47.0406 1684 Mode: Manual;
17:33:47.0406 1684 ============================================================
17:33:51.0203 1684 61883 (04d2bcd9c018711d89e1f02b2c49c2b1) C:\WINDOWS\system32\DRIVERS\61883.sys
17:33:51.0218 1684 61883 - ok
17:33:51.0359 1684 Abiosdsk - ok
17:33:51.0593 1684 ACPI (a0a850bac6f8a88ad0fc964c6bea170d) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:33:51.0640 1684 ACPI - ok
17:33:51.0796 1684 ACPIEC (043c89cc533ff546d835cb998b95b198) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:33:51.0812 1684 ACPIEC - ok
17:33:51.0953 1684 adpu160m - ok
17:33:52.0109 1684 adpu320 - ok
17:33:52.0328 1684 aec (53847f4df76170ac87bb441c39edb5f1) C:\WINDOWS\system32\drivers\aec.sys
17:33:52.0359 1684 aec - ok
17:33:52.0531 1684 AeLookupSvc (d01968edebf1dc11e4c93517c98cdf7c) C:\WINDOWS\System32\aelupsvc.dll
17:33:52.0531 1684 AeLookupSvc - ok
17:33:52.0687 1684 afcnt - ok
17:33:52.0906 1684 AFD (05a0f6bf0fa5f9b8a3a4d09a86c0086f) C:\WINDOWS\System32\drivers\afd.sys
17:33:52.0937 1684 AFD - ok
17:33:53.0093 1684 aic78u2 - ok
17:33:53.0250 1684 aic78xx - ok
17:33:53.0406 1684 Alerter (055318e373b45ad6c3f518732809ef4e) C:\WINDOWS\system32\alrsvc.dll
17:33:53.0406 1684 Alerter - ok
17:33:53.0562 1684 ALG (8e89cb0283d7ded092d76ae53d123c40) C:\WINDOWS\System32\alg.exe
17:33:53.0578 1684 ALG - ok
17:33:53.0734 1684 AliIde - ok
17:33:53.0890 1684 AmdIde - ok
17:33:54.0093 1684 AppMgmt (8a5ad4cfe2d84371abadfcf9e21954f6) C:\WINDOWS\System32\appmgmts.dll
17:33:54.0093 1684 AppMgmt - ok
17:33:54.0250 1684 arc - ok
17:33:54.0437 1684 Arp1394 (eaa97a5c698a30a67b3f2d355c0628c7) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:33:54.0453 1684 Arp1394 - ok
17:33:54.0578 1684 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:33:54.0578 1684 aspnet_state - ok
17:33:54.0734 1684 AsyncMac (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:33:54.0750 1684 AsyncMac - ok
17:33:54.0937 1684 atapi (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:33:54.0937 1684 atapi - ok
17:33:55.0078 1684 Atdisk - ok
17:33:55.0390 1684 Ati HotKey Poller (42e4e2cf0406394bbce7eb358ae4e208) C:\WINDOWS\system32\Ati2evxx.exe
17:33:55.0546 1684 Ati HotKey Poller - ok
17:33:55.0843 1684 ATI Smart (460741befbfc91c88934620bc546d172) C:\WINDOWS\system32\ati2sgag.exe
17:33:55.0984 1684 ATI Smart - ok
17:33:57.0015 1684 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:33:57.0921 1684 ati2mtag - ok
17:33:58.0125 1684 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
17:33:58.0140 1684 AtiHdmiService - ok
17:33:58.0312 1684 Atmarpc (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:33:58.0328 1684 Atmarpc - ok
17:33:58.0500 1684 AudioSrv (754a448d5b87cbede41a0f0e0b237b03) C:\WINDOWS\System32\audiosrv.dll
17:33:58.0515 1684 AudioSrv - ok
17:33:58.0687 1684 audstub (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:33:58.0687 1684 audstub - ok
17:33:58.0859 1684 Avc (3e60027bc47e6c240bc3060dd5723b85) C:\WINDOWS\system32\DRIVERS\avc.sys
17:33:58.0875 1684 Avc - ok
17:33:59.0062 1684 awecho (c7dfd42d1906bb6f3ab7368a638c706a) C:\WINDOWS\system32\drivers\awechomd.sys
17:33:59.0062 1684 awecho - ok
17:33:59.0171 1684 awhost32 (64ae9c807b93ba08d63118d01d6fdf2f) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
17:33:59.0234 1684 awhost32 - ok
17:33:59.0406 1684 AW_HOST (be23b51d1af7ab948f883f864454393d) C:\WINDOWS\system32\drivers\aw_host5.sys
17:33:59.0406 1684 AW_HOST - ok
17:33:59.0593 1684 Beep (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys
17:33:59.0593 1684 Beep - ok
17:33:59.0843 1684 BITS (9d7a318b2c7ae51e9d5374f8eede856c) C:\WINDOWS\system32\qmgr.dll
17:33:59.0937 1684 BITS - ok
17:34:00.0031 1684 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
17:34:00.0093 1684 Bonjour Service - ok
17:34:00.0281 1684 Browser (f750a96d7478d435f5ac9ece6698f81e) C:\WINDOWS\System32\browser.dll
17:34:00.0296 1684 Browser - ok
17:34:00.0468 1684 cbidf2k (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:34:00.0468 1684 cbidf2k - ok
17:34:00.0640 1684 CCDECODE (9db6306ead8a885d9f8285eb1cba9d49) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:34:00.0640 1684 CCDECODE - ok
17:34:00.0750 1684 ccEvtMgr (0a6786c95a6f8715aa4285e3c27f201f) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
17:34:00.0796 1684 ccEvtMgr - ok
17:34:00.0875 1684 ccSetMgr (3b4898cf051bb04fb76e94361e336a83) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
17:34:00.0921 1684 ccSetMgr - ok
17:34:01.0078 1684 cd20xrnt - ok
17:34:01.0250 1684 Cdfs (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys
17:34:01.0265 1684 Cdfs - ok
17:34:01.0453 1684 Cdrom (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:34:01.0453 1684 Cdrom - ok
17:34:01.0625 1684 Changer - ok
17:34:01.0781 1684 CiSvc (934ee973e9ee6ac414e9a0f07ab73d6e) C:\WINDOWS\system32\cisvc.exe
17:34:01.0781 1684 CiSvc - ok
17:34:02.0000 1684 ClipSrv (e53196ba56081f154e2d7a9e50a1d33f) C:\WINDOWS\system32\clipsrv.exe
17:34:02.0000 1684 ClipSrv - ok
17:34:02.0140 1684 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:34:02.0140 1684 clr_optimization_v2.0.50727_32 - ok
17:34:02.0265 1684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:34:02.0265 1684 clr_optimization_v4.0.30319_32 - ok
17:34:02.0437 1684 ClusDisk (54308cdf97622fae1620bb1ec39ef014) C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
17:34:02.0468 1684 ClusDisk - ok
17:34:02.0625 1684 CmdIde - ok
17:34:02.0687 1684 CompleteFTP (e0638f1a21cbcbbfb9c7713576e04ed1) C:\Program Files\Complete FTP\Server\CompleteFTPService.exe
17:34:02.0703 1684 CompleteFTP - ok
17:34:02.0843 1684 COMSysApp - ok
17:34:03.0000 1684 Cpqarray - ok
17:34:03.0156 1684 cpqarry2 - ok
17:34:03.0312 1684 cpqcissm - ok
17:34:03.0453 1684 cpqfcalm - ok
17:34:03.0640 1684 crcdisk (0ee27d9dbb208c13314f3c60f66aed26) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
17:34:03.0640 1684 crcdisk - ok
17:34:03.0828 1684 CryptSvc (feb85da744dd3f41a427cf6d2bc04fe4) C:\WINDOWS\System32\cryptsvc.dll
17:34:03.0843 1684 CryptSvc - ok
17:34:04.0015 1684 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:34:04.0015 1684 CVirtA - ok
17:34:04.0484 1684 CVPND (30443eef52f5fb043654859eaa8e5247) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:34:04.0890 1684 CVPND - ok
17:34:05.0156 1684 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:34:05.0234 1684 CVPNDRVA - ok
17:34:05.0390 1684 dac2w2k - ok
17:34:05.0546 1684 dac960nt - ok
17:34:05.0828 1684 DcomLaunch (1b4b6236792b936136d0016e6b788733) C:\WINDOWS\system32\rpcss.dll
17:34:05.0953 1684 DcomLaunch - ok
17:34:06.0031 1684 DefWatch (1f709c66d8aadff35530c56ee261c462) C:\Program Files\Symantec AntiVirus\DefWatch.exe
17:34:06.0046 1684 DefWatch - ok
17:34:06.0203 1684 dellcerc - ok
17:34:06.0390 1684 Dfs (6217aa084ef7e052f3b5d7c3f67f68af) C:\WINDOWS\system32\Dfssvc.exe
17:34:06.0437 1684 Dfs - ok
17:34:06.0625 1684 DfsDriver (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys
17:34:06.0640 1684 DfsDriver - ok
17:34:06.0828 1684 Dhcp (1201df9a11fbb0f69ebd22e503d3bc87) C:\WINDOWS\System32\dhcpcsvc.dll
17:34:06.0859 1684 Dhcp - ok
17:34:07.0031 1684 Disk (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys
17:34:07.0046 1684 Disk - ok
17:34:07.0187 1684 dmadmin - ok
17:34:07.0406 1684 dmboot (89fa376d83042f6f1aed505106a5719d) C:\WINDOWS\system32\drivers\dmboot.sys
17:34:07.0484 1684 dmboot - ok
17:34:07.0671 1684 dmio (15081421ee62dc1c95abb387d9081571) C:\WINDOWS\system32\drivers\dmio.sys
17:34:07.0718 1684 dmio - ok
17:34:07.0875 1684 dmload (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys
17:34:07.0875 1684 dmload - ok
17:34:08.0031 1684 dmserver (78a11666307820af94b5712d53decc55) C:\WINDOWS\System32\dmserver.dll
17:34:08.0046 1684 dmserver - ok
17:34:08.0218 1684 DMusic (f22e49c8681116e2fd74d7021aa32f13) C:\WINDOWS\system32\drivers\DMusic.sys
17:34:08.0234 1684 DMusic - ok
17:34:08.0453 1684 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:34:08.0484 1684 DNE - ok
17:34:08.0656 1684 Dnscache (e927f3b46f85d934c8f420fe08593d1b) C:\WINDOWS\System32\dnsrslvr.dll
17:34:08.0671 1684 Dnscache - ok
17:34:08.0828 1684 dpti2o - ok
17:34:09.0000 1684 drmkaud (3f31fa82741d2b1c53e4144ef817444e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:34:09.0000 1684 drmkaud - ok
17:34:09.0078 1684 DTSAPIConnector (12995e572f9fbcbd3d47417b97c9e51e) C:\Program Files\IPPayments\DTSAPIConnector\DTSAPIConnector.exe
17:34:09.0109 1684 DTSAPIConnector - ok
17:34:09.0265 1684 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:34:09.0437 1684 eeCtrl - ok
17:34:09.0593 1684 elxstor - ok
17:34:09.0656 1684 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:34:09.0687 1684 EraserUtilRebootDrv - ok
17:34:09.0859 1684 ERSvc (6f09ae902663735b6bd24198d25f453a) C:\WINDOWS\System32\ersvc.dll
17:34:09.0859 1684 ERSvc - ok
17:34:10.0046 1684 Eventlog (7990fb9b9a7f37f4413d7b13a1259037) C:\WINDOWS\system32\services.exe
17:34:10.0078 1684 Eventlog - ok
17:34:10.0296 1684 EventSystem (c17c56e91045e14df45d62dd89aed50c) C:\WINDOWS\system32\es.dll
17:34:10.0359 1684 EventSystem - ok
17:34:10.0562 1684 Fastfat (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys
17:34:10.0609 1684 Fastfat - ok
17:34:10.0765 1684 Fdc (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\drivers\Fdc.sys
17:34:10.0781 1684 Fdc - ok
17:34:10.0953 1684 Fips (b485ac2edc466c538bdff32bc3f2e506) C:\WINDOWS\system32\drivers\Fips.sys
17:34:10.0968 1684 Fips - ok
17:34:11.0156 1684 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:34:11.0343 1684 FLEXnet Licensing Service - ok
17:34:11.0500 1684 Flpydisk (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:34:11.0515 1684 Flpydisk - ok
17:34:11.0718 1684 FltMgr (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:34:11.0750 1684 FltMgr - ok
17:34:11.0843 1684 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:34:11.0843 1684 FontCache3.0.0.0 - ok
17:34:12.0015 1684 Fs_Rec (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:34:12.0015 1684 Fs_Rec - ok
17:34:12.0218 1684 Ftdisk (4c533b70afa917416aec57fcbeecb57d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:34:12.0250 1684 Ftdisk - ok
17:34:12.0281 1684 gdrv - ok
17:34:12.0453 1684 Gernuwa (b390bc5aa09f333c5d95be651c073564) C:\WINDOWS\system32\drivers\Gernuwa.sys
17:34:12.0468 1684 Gernuwa - ok
17:34:12.0640 1684 Gpc (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:34:12.0640 1684 Gpc - ok
17:34:12.0734 1684 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:12.0781 1684 gupdate - ok
17:34:12.0812 1684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:34:12.0812 1684 gupdatem - ok
17:34:13.0015 1684 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:34:13.0046 1684 HDAudBus - ok
17:34:13.0125 1684 helpsvc (40ca39dba80372ed8ec34c4bece68495) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:34:13.0125 1684 helpsvc - ok
17:34:13.0281 1684 HidServ (4828c4244081eb4132868ea3e93456bb) C:\WINDOWS\System32\hidserv.dll
17:34:13.0281 1684 HidServ - ok
17:34:13.0468 1684 hidusb (90a325e14f9b95f17712707b1a7181b5) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:34:13.0468 1684 hidusb - ok
17:34:13.0640 1684 hpcisss - ok
17:34:13.0796 1684 hpn - ok
17:34:13.0953 1684 hpt3xx - ok
17:34:14.0187 1684 HTTP (7a5d176c4b43f0a47da4051c96c56439) C:\WINDOWS\system32\Drivers\HTTP.sys
17:34:14.0265 1684 HTTP - ok
17:34:14.0421 1684 HTTPFilter (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:14.0437 1684 HTTPFilter - ok
17:34:14.0593 1684 i2omgmt - ok
17:34:14.0734 1684 i2omp - ok
17:34:15.0046 1684 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:34:15.0062 1684 idsvc - ok
17:34:15.0218 1684 iirsp - ok
17:34:15.0390 1684 IISADMIN (58ac18bc908a78fba5430d23066d183a) C:\WINDOWS\system32\inetsrv\inetinfo.exe
17:34:15.0390 1684 IISADMIN - ok
17:34:15.0515 1684 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
17:34:15.0546 1684 IJPLMSVC - ok
17:34:15.0750 1684 imapi (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:34:15.0765 1684 imapi - ok
17:34:15.0953 1684 ImapiService (5da3013244229422c9cbd91a16a477c4) C:\WINDOWS\system32\imapi.exe
17:34:16.0000 1684 ImapiService - ok
17:34:16.0156 1684 IntelIde - ok
17:34:16.0328 1684 intelppm (7d7575b971b3a0fe26fac6f5d58f5180) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:34:16.0343 1684 intelppm - ok
17:34:16.0515 1684 Ip6Fw (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:34:16.0515 1684 Ip6Fw - ok
17:34:16.0687 1684 IpFilterDriver (5a41f207b7c39ee4918f7496a4f19b14) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:34:16.0687 1684 IpFilterDriver - ok
17:34:16.0843 1684 IpInIp - ok
17:34:17.0031 1684 IpNat (890e7a14a63aec2ea9257a79a88be784) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:34:17.0062 1684 IpNat - ok
17:34:17.0250 1684 IPPAPM (50058562cbe1f29ea699b8c112b86f39) C:\Program Files\IPPayments\APM\IPPAPM.exe
17:34:17.0375 1684 IPPAPM - ok
17:34:17.0453 1684 IPPBankProcesses (e8ce27fb2b6c85cda2dd81420e67f91e) C:\Program Files\IPPayments\IPPBankProcesses\IPPBankProcesses.exe
17:34:17.0484 1684 IPPBankProcesses - ok
17:34:17.0531 1684 IPPRemoteBatchUpload (578c1311c859cbf4237066028059c668) C:\Program Files\IPPayments\IPPRemoteBatchUpload\IPPRemoteBatchUpload.exe
17:34:17.0546 1684 IPPRemoteBatchUpload - ok
17:34:17.0593 1684 IPPRemoteReportDownload (6a784d95ca415942ce6f0bbf7b58c6ce) C:\Program Files\IPPayments\IPPRemoteReportDownload\IPPRemoteReportDownload.exe
17:34:17.0609 1684 IPPRemoteReportDownload - ok
17:34:17.0671 1684 IPPRemoteSIPPUpload (5e5d6664a3c518ae0e2d8ba0514722b6) C:\Program Files\IPPayments\IPPRemoteSIPPUpload\IPPRemoteSIPPUpload.exe
17:34:17.0687 1684 IPPRemoteSIPPUpload - ok
17:34:17.0734 1684 IPPSFTPSIPPUpload (6316de32c89963ce3d91fbaa9fbddabf) C:\Program Files\IPPayments\IPPSFTPSIPPUpload\IPPSFTPSIPPUpload.exe
17:34:17.0765 1684 IPPSFTPSIPPUpload - ok
17:34:17.0828 1684 IPPSIAClient (3c47f5fd6161f0407a6b350282e971fd) C:\Program Files\IPPayments\IPPSIAClient\IPPSIAClient.exe
17:34:17.0859 1684 IPPSIAClient - ok
17:34:17.0906 1684 IPPSnortMonitor (d1f5aba34494610c1a6ce0775d2211cb) C:\Program Files\IPPayments\SnortMonitor\SnortMonitor.exe
17:34:17.0921 1684 IPPSnortMonitor - ok
17:34:18.0171 1684 IPSec (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:34:18.0203 1684 IPSec - ok
17:34:18.0343 1684 ipsraidn - ok
17:34:18.0531 1684 IRENUM (11407ee682a2d5b0248de8af0f1a6996) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:34:18.0531 1684 IRENUM - ok
17:34:18.0734 1684 isapnp (b71ba04a3b5d4404225ccdbf1969078f) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:34:18.0750 1684 isapnp - ok
17:34:18.0937 1684 IsmServ (1b1a2084540cc1f2e9a297a263d69d23) C:\WINDOWS\System32\ismserv.exe
17:34:18.0937 1684 IsmServ - ok
17:34:19.0046 1684 JavaQuickStarterService (126a16f569122ae00ad3d12ef831d651) C:\Program Files\Java\jre6\bin\jqs.exe
17:34:19.0093 1684 JavaQuickStarterService - ok
17:34:19.0265 1684 Kbdclass (e5097a07e14f36abc21fa18d88f93655) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:34:19.0281 1684 Kbdclass - ok
17:34:19.0437 1684 kbdhid (665f2ae9286dbb05b045ccc02f7bc2f8) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:34:19.0453 1684 kbdhid - ok
17:34:19.0640 1684 kdc (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\System32\lsass.exe
17:34:19.0640 1684 kdc - ok
17:34:19.0859 1684 kmixer (80e7673fda20c7baca5749bbb2797866) C:\WINDOWS\system32\drivers\kmixer.sys
17:34:19.0890 1684 kmixer - ok
17:34:20.0109 1684 KSecDD (9ab496f1d113a85f3feb707a5525dfac) C:\WINDOWS\system32\drivers\KSecDD.sys
17:34:20.0140 1684 KSecDD - ok
17:34:20.0328 1684 lanmanserver (dfc5b13f931461acc025d76d39afec0d) C:\WINDOWS\System32\srvsvc.dll
17:34:20.0359 1684 lanmanserver - ok
17:34:20.0546 1684 lanmanworkstation (5e8a9c4673b194dd1181b3f003d4f996) C:\WINDOWS\System32\wkssvc.dll
17:34:20.0578 1684 lanmanworkstation - ok
17:34:20.0781 1684 LicenseService (647945b72994e7b4a07f6da10f1dcd79) C:\WINDOWS\System32\llssrv.exe
17:34:20.0796 1684 LicenseService - ok
17:34:21.0656 1684 LiveUpdate (e553c4b4b7b4b86cd71a2dfee1b58131) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:34:22.0437 1684 LiveUpdate - ok
17:34:22.0625 1684 LmHosts (1916d44188853a53db93aecc6e6197d0) C:\WINDOWS\System32\lmhsvc.dll
17:34:22.0625 1684 LmHosts - ok
17:34:22.0781 1684 lp6nds35 - ok
17:34:22.0937 1684 Messenger (7ce5ba9dd4beafa48dd099564046c6de) C:\WINDOWS\System32\msgsvc.dll
17:34:22.0953 1684 Messenger - ok
17:34:23.0000 1684 MMODgway (cff9ecffba305924a2dcb2fa085db476) C:\Program Files\MESSAGEmanager Solutions\MESSAGEmanager\Apps\MMODgway.exe
17:34:23.0000 1684 MMODgway - ok
17:34:23.0171 1684 mnmdd (c35bb38904d843c0465858195b30dab7) C:\WINDOWS\system32\drivers\mnmdd.sys
17:34:23.0171 1684 mnmdd - ok
17:34:23.0343 1684 mnmsrvc (e2d859fa2e90fd1f12ca0806df8a4b3e) C:\WINDOWS\system32\mnmsrvc.exe
17:34:23.0343 1684 mnmsrvc - ok
17:34:23.0515 1684 Modem (81ec1c6d3798b36a92a6d7a355ba2c62) C:\WINDOWS\system32\drivers\Modem.sys
17:34:23.0515 1684 Modem - ok
17:34:23.0703 1684 Mouclass (aa50da5ab638ce0bab5f7d5d633110c2) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:34:23.0703 1684 Mouclass - ok
17:34:23.0875 1684 mouhid (6824b20127716121b53a2ec2bd6739b7) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:34:23.0890 1684 mouhid - ok
17:34:24.0062 1684 MountMgr (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys
17:34:24.0078 1684 MountMgr - ok
17:34:24.0218 1684 mraid35x - ok
17:34:24.0453 1684 MRxDAV (ab6db63a1791f8e86b085291686464fd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:34:24.0500 1684 MRxDAV - ok
17:34:24.0796 1684 MRxSmb (16936142fa1d989cf63fd22c8b9d4a6d) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:34:24.0906 1684 MRxSmb - ok
17:34:25.0062 1684 MSDTC (2eaa1763a77be385b9a71a843c7f159e) C:\WINDOWS\system32\msdtc.exe
17:34:25.0062 1684 MSDTC - ok
17:34:25.0218 1684 MsDtsServer (8b6be9a0c37a741f8a7ec604d6dce9a7) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
17:34:25.0265 1684 MsDtsServer - ok
17:34:25.0437 1684 Msfs (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys
17:34:25.0437 1684 Msfs - ok
17:34:25.0515 1684 msftesql (64149160ccbae488d61abe3f46e8a95f) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
17:34:25.0546 1684 msftesql - ok
17:34:25.0703 1684 MSIServer - ok
17:34:25.0875 1684 MSKSSRV (baa279ecaaff6564ba289d38be2e1e83) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:34:25.0890 1684 MSKSSRV - ok
17:34:26.0046 1684 MSPCLOCK (5d3de11af7f2adf006fb723b0f6b2afa) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:34:26.0046 1684 MSPCLOCK - ok
17:34:26.0203 1684 MSPQM (ee4171d3f3ceaa7386561aad262f8bd3) C:\WINDOWS\system32\drivers\MSPQM.sys
17:34:26.0218 1684 MSPQM - ok
17:34:26.0390 1684 mssmbios (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:34:26.0390 1684 mssmbios - ok
17:34:26.0421 1684 MSSQL$SQLEXPRESS - ok
17:34:26.0468 1684 MSSQLSERVER - ok
17:34:26.0515 1684 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:34:26.0546 1684 MSSQLServerADHelper - ok
17:34:30.0218 1684 MSSQLServerOLAPService (0d85a542737cb25314caf92af896dd0d) C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
17:34:33.0968 1684 MSSQLServerOLAPService - ok
17:34:34.0765 1684 msvsmon80 (4c63cae8d026f5cfa96f8b21780d49ad) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
17:34:35.0468 1684 msvsmon80 - ok
17:34:35.0750 1684 Mup (834560abee4eae62620f4026263aa051) C:\WINDOWS\system32\drivers\Mup.sys
17:34:35.0781 1684 Mup - ok
17:34:35.0968 1684 NABTSFEC (eea65047a31944e4db6c81c5eb616b70) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:34:35.0984 1684 NABTSFEC - ok
17:34:36.0109 1684 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120329.002\naveng.sys
17:34:36.0140 1684 NAVENG - ok
17:34:36.0562 1684 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120329.002\navex15.sys
17:34:36.0953 1684 NAVEX15 - ok
17:34:37.0046 1684 ncpclcfg (6971cc6997011c4019b54c99c8fdb4d7) C:\Program Files\NCP\SecureClient\ncpclcfg.exe
17:34:37.0093 1684 ncpclcfg - ok
17:34:37.0281 1684 NcpFilt (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
17:34:37.0296 1684 NcpFilt - ok
17:34:37.0312 1684 NcpFiltMP (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
17:34:37.0312 1684 NcpFiltMP - ok
17:34:37.0625 1684 ncprwsnt (916e3be394a9cf251ac3a36954f18d40) C:\Program Files\NCP\SecureClient\ncprwsnt.exe
17:34:37.0953 1684 ncprwsnt - ok
17:34:38.0015 1684 NcpSec (fd66bd82f19f1c28b3dbac4c069267ba) C:\Program Files\NCP\SecureClient\NCPSEC.EXE
17:34:38.0046 1684 NcpSec - ok
17:34:38.0218 1684 ncpvaxp (705a36c5be8e4d3eb42a4bbd63fa2986) C:\WINDOWS\system32\DRIVERS\ncpvaxp.sys
17:34:38.0218 1684 ncpvaxp - ok
17:34:38.0437 1684 NDIS (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys
17:34:38.0500 1684 NDIS - ok
17:34:38.0671 1684 NdisIP (4663329da2727e517872d8ac1d19a2e0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:34:38.0671 1684 NdisIP - ok
17:34:38.0859 1684 NdisTapi (888b08f81b7d8428a37439d15c27f419) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:34:38.0859 1684 NdisTapi - ok
17:34:39.0046 1684 Ndisuio (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:34:39.0062 1684 Ndisuio - ok
17:34:39.0250 1684 NdisWan (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:34:39.0265 1684 NdisWan - ok
17:34:39.0453 1684 NDProxy (5298ed90bbe5c5eeedc363eed2888a25) C:\WINDOWS\system32\drivers\NDProxy.sys
17:34:39.0453 1684 NDProxy - ok
17:34:39.0640 1684 NetBIOS (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:34:39.0640 1684 NetBIOS - ok
17:34:39.0843 1684 NetBT (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:34:39.0890 1684 NetBT - ok
17:34:40.0078 1684 NetDDE (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
17:34:40.0109 1684 NetDDE - ok
17:34:40.0125 1684 NetDDEdsdm (13d9a8b63a2a99a88339c0e00b702c92) C:\WINDOWS\system32\netdde.exe
17:34:40.0140 1684 NetDDEdsdm - ok
17:34:40.0281 1684 Netlogon (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:40.0281 1684 Netlogon - ok
17:34:40.0500 1684 Netman (12bcfb57162ad17cea545e362cd886a8) C:\WINDOWS\System32\netman.dll
17:34:40.0562 1684 Netman - ok
17:34:40.0703 1684 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:34:40.0703 1684 NetTcpPortSharing - ok
17:34:40.0843 1684 nfrd960 - ok
17:34:41.0031 1684 NIC1394 (f790ba35e4761e59c7830bc9b18d2552) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:34:41.0046 1684 NIC1394 - ok
17:34:41.0281 1684 Nla (9c0bf64484e9d297cb3e96dc22765a82) C:\WINDOWS\System32\mswsock.dll
17:34:41.0328 1684 Nla - ok
17:34:41.0500 1684 Npfs (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys
17:34:41.0515 1684 Npfs - ok
17:34:41.0875 1684 NtFrs (981756f0532439aa3a1a4ae9da9f930e) C:\WINDOWS\system32\ntfrs.exe
17:34:42.0062 1684 NtFrs - ok
17:34:42.0375 1684 Ntfs (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys
17:34:42.0531 1684 Ntfs - ok
17:34:42.0687 1684 NtLmSsp (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:42.0687 1684 NtLmSsp - ok
17:34:42.0968 1684 NtmsSvc (fea5225ef80d5930b86d7a6570bcbbdf) C:\WINDOWS\system32\ntmssvc.dll
17:34:43.0078 1684 NtmsSvc - ok
17:34:43.0250 1684 Null (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys
17:34:43.0250 1684 Null - ok
17:34:43.0437 1684 ohci1394 (14f70106891053e1083ef2dcef7cfca7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:34:43.0453 1684 ohci1394 - ok
17:34:43.0531 1684 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:34:43.0562 1684 ose - ok
17:34:43.0750 1684 Parport (ee3333b36deb86a0d472f037172da10a) C:\WINDOWS\system32\DRIVERS\parport.sys
17:34:43.0781 1684 Parport - ok
17:34:43.0953 1684 PartMgr (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys
17:34:43.0953 1684 PartMgr - ok
17:34:44.0125 1684 Parvdm (a9d29f3d7ae71b7ea721b53a0c436c66) C:\WINDOWS\system32\DRIVERS\parvdm.sys
17:34:44.0125 1684 Parvdm - ok
17:34:44.0312 1684 PCI (8217000e5c53ce823b3111f339e47c41) C:\WINDOWS\system32\DRIVERS\pci.sys
17:34:44.0328 1684 PCI - ok
17:34:44.0484 1684 PCIIde (7e3fb50aa22d4ed883c6abdd40e9c60b) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:34:44.0500 1684 PCIIde - ok
17:34:44.0703 1684 Pcmcia (fc9f4c9c73e9698357c836be4628a299) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:34:44.0734 1684 Pcmcia - ok
17:34:44.0875 1684 Pctspk - ok
17:34:45.0031 1684 PDCOMP - ok
17:34:45.0187 1684 PDFRAME - ok
17:34:45.0343 1684 PDRELI - ok
17:34:45.0500 1684 PDRFRAME - ok
17:34:45.0703 1684 perc2 - ok
17:34:45.0875 1684 perc2hib - ok
17:34:46.0062 1684 PlugPlay (7990fb9b9a7f37f4413d7b13a1259037) C:\WINDOWS\system32\services.exe
17:34:46.0062 1684 PlugPlay - ok
17:34:46.0234 1684 PolicyAgent (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:46.0234 1684 PolicyAgent - ok
17:34:46.0406 1684 PptpMiniport (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:34:46.0421 1684 PptpMiniport - ok
17:34:46.0562 1684 ProtectedStorage (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:46.0562 1684 ProtectedStorage - ok
17:34:46.0734 1684 Ptilink (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:34:46.0734 1684 Ptilink - ok
17:34:46.0890 1684 ql1080 - ok
17:34:47.0046 1684 Ql10wnt - ok
17:34:47.0187 1684 ql12160 - ok
17:34:47.0343 1684 ql1240 - ok
17:34:47.0500 1684 ql1280 - ok
17:34:47.0656 1684 ql2100 - ok
17:34:47.0812 1684 ql2200 - ok
17:34:47.0968 1684 ql2300 - ok
17:34:48.0125 1684 RasAcd (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:34:48.0125 1684 RasAcd - ok
17:34:48.0312 1684 RasAuto (ed67fa5dc9ce0bfc5ccce4296c684a57) C:\WINDOWS\System32\rasauto.dll
17:34:48.0328 1684 RasAuto - ok
17:34:48.0515 1684 Rasl2tp (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:34:48.0531 1684 Rasl2tp - ok
17:34:48.0718 1684 RasMan (02bc610cc90ca5415eb2c9409e77d583) C:\WINDOWS\System32\rasmans.dll
17:34:48.0765 1684 RasMan - ok
17:34:48.0921 1684 RasPppoe (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:34:48.0937 1684 RasPppoe - ok
17:34:49.0109 1684 Raspti (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:34:49.0109 1684 Raspti - ok
17:34:49.0328 1684 Rdbss (4496b15c44ccb703fbc54f2cf5b67f15) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:34:49.0375 1684 Rdbss - ok
17:34:49.0531 1684 RDPCDD (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:34:49.0531 1684 RDPCDD - ok
17:34:49.0750 1684 rdpdr (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:34:49.0812 1684 rdpdr - ok
17:34:50.0015 1684 RDPWD (319ea134a11fb4b78285475b7f9147e9) C:\WINDOWS\system32\drivers\RDPWD.sys
17:34:50.0046 1684 RDPWD - ok
17:34:50.0234 1684 RDSessMgr (81f1cf0ed96e58a391ff83f792c87f3e) C:\WINDOWS\system32\sessmgr.exe
17:34:50.0265 1684 RDSessMgr - ok
17:34:50.0453 1684 redbook (c6f8751f3263603935866e71629cfae4) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:34:50.0468 1684 redbook - ok
17:34:50.0640 1684 RemoteAccess (d8f172c1ca72666d8193e226da7225f4) C:\WINDOWS\System32\mprdim.dll
17:34:50.0656 1684 RemoteAccess - ok
17:34:50.0828 1684 RemoteRegistry (55efa91d1c0de44c22d2d83413b06510) C:\WINDOWS\system32\regsvc.dll
17:34:50.0843 1684 RemoteRegistry - ok
17:34:50.0953 1684 ReportServer (abccdc47fe31ffc6ff18ce6656a8bbb4) C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
17:34:50.0953 1684 ReportServer - ok
17:34:51.0140 1684 RpcLocator (a83414d7a45555274e99793aa22d54ab) C:\WINDOWS\system32\locator.exe
17:34:51.0156 1684 RpcLocator - ok
17:34:51.0437 1684 RpcSs (1b4b6236792b936136d0016e6b788733) C:\WINDOWS\system32\rpcss.dll
17:34:51.0453 1684 RpcSs - ok
17:34:51.0640 1684 RSoPProv (3357c6edd71e73110c83f54e35ecde4d) C:\WINDOWS\system32\RSoPProv.exe
17:34:51.0656 1684 RSoPProv - ok
17:34:51.0859 1684 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:34:51.0875 1684 RTLE8023xp - ok
17:34:52.0140 1684 rwsrsu (feefd7ee22101b506531f0091d793186) C:\Program Files\NCP\SecureClient\rwsrsu.exe
17:34:52.0375 1684 rwsrsu - ok
17:34:52.0546 1684 sacdrv (34d79729d6e4d1289e08322405045085) C:\WINDOWS\system32\drivers\sacdrv.sys
17:34:52.0562 1684 sacdrv - ok
17:34:52.0718 1684 sacsvr (77919394900dec12c8e65cb35d6272fe) C:\WINDOWS\system32\sacsvr.dll
17:34:52.0718 1684 sacsvr - ok
17:34:52.0890 1684 SamSs (d4b61a935670c57a0dea81b4f4a12169) C:\WINDOWS\system32\lsass.exe
17:34:52.0890 1684 SamSs - ok
17:34:52.0968 1684 SavRoam (3525fdcfc567e807a337c61aff366be8) C:\Program Files\Symantec AntiVirus\SavRoam.exe
17:34:53.0000 1684 SavRoam - ok
17:34:53.0109 1684 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
17:34:53.0203 1684 SAVRT - ok
17:34:53.0234 1684 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
17:34:53.0250 1684 SAVRTPEL - ok
17:34:53.0453 1684 SCardSvr (edf6b1852a55581ecc6ba18b4e2c6e8e) C:\WINDOWS\System32\SCardSvr.exe
17:34:53.0484 1684 SCardSvr - ok
17:34:53.0875 1684 Schedule (7e60f04ae424401a14d153ca6e851a85) C:\WINDOWS\system32\schedsvc.dll
17:34:53.0937 1684 Schedule - ok
17:34:54.0156 1684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:34:54.0156 1684 Secdrv - ok
17:34:54.0312 1684 seclogon (03911d9a5d15a80301e767f787c0b015) C:\WINDOWS\System32\seclogon.dll
17:34:54.0328 1684 seclogon - ok
17:34:54.0484 1684 SENS (97b6172283112af7451e4abe83dd6f24) C:\WINDOWS\system32\sens.dll
17:34:54.0500 1684 SENS - ok
17:34:54.0687 1684 serenum (b261d4597bf9a2723b7020207260c72a) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:34:54.0703 1684 serenum - ok
17:34:54.0875 1684 Serial (95768fde08dd34089aa90dccb5537704) C:\WINDOWS\system32\DRIVERS\serial.sys
17:34:54.0890 1684 Serial - ok
17:34:55.0062 1684 Sfloppy (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:34:55.0062 1684 Sfloppy - ok
17:34:55.0296 1684 SharedAccess (27c6b8c2afed21c10429a56db95735f6) C:\WINDOWS\system32\ipnathlp.dll
17:34:55.0390 1684 SharedAccess - ok
17:34:55.0578 1684 ShellHWDetection (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
17:34:55.0609 1684 ShellHWDetection - ok
17:34:55.0765 1684 Simbad - ok
17:34:55.0875 1684 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
17:34:56.0031 1684 SkypeUpdate - ok
17:34:56.0203 1684 SLIP (0abbfad14c4de228bcc0260f7182d830) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:34:56.0218 1684 SLIP - ok
17:34:56.0375 1684 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:34:56.0484 1684 SPBBCDrv - ok
17:34:56.0796 1684 SPBBCSvc (c830007369e18a54aed23b5bb3afa2ba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
17:34:57.0109 1684 SPBBCSvc - ok
17:34:57.0281 1684 splitter (b49a94bf901af449c25f41a3cfaaae6b) C:\WINDOWS\system32\drivers\splitter.sys
17:34:57.0281 1684 splitter - ok
17:34:57.0453 1684 Spooler (30b32e3127d9bbaa1e32394134718070) C:\WINDOWS\system32\spoolsv.exe
17:34:57.0468 1684 Spooler - ok
17:34:57.0593 1684 SQLBrowser (3612108d36ea74f6f9fc5005e88e353b) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:34:57.0687 1684 SQLBrowser - ok
17:34:57.0812 1684 SQLSERVERAGENT (7847ef1db2e289be82cbc70cf4d98ff8) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
17:34:57.0921 1684 SQLSERVERAGENT - ok
17:34:57.0984 1684 SQLWriter (d37b8ce340b71d9e0ab2440addb2fdbf) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:34:58.0015 1684 SQLWriter - ok
17:34:58.0265 1684 Srv (e8b1a07774a9e4fec3105cbad49bf289) C:\WINDOWS\system32\DRIVERS\srv.sys
17:34:58.0359 1684 Srv - ok
17:34:58.0578 1684 SSCollect (237726e935ea11a2e2aa935f3700672c) C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe
17:34:58.0734 1684 SSCollect - ok
17:34:58.0781 1684 SSWebSvr (0f3d8d3785d6daafb72651392b7f83db) C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe
17:34:58.0812 1684 SSWebSvr - ok
17:34:59.0062 1684 stisvc (0df3c24094f68a5e5fa77a681e438a46) C:\WINDOWS\system32\wiaservc.dll
17:34:59.0156 1684 stisvc - ok
17:34:59.0328 1684 streamip (490f6fa24633bd351c1664040f12daee) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:34:59.0328 1684 streamip - ok
17:34:59.0500 1684 swenum (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:34:59.0515 1684 swenum - ok
17:34:59.0703 1684 swmidi (e28a71b057f89abe9e3133548d3fbc1d) C:\WINDOWS\system32\drivers\swmidi.sys
17:34:59.0718 1684 swmidi - ok
17:34:59.0937 1684 swprv (0ba2f4d23d62f7475a70d1988142d6bd) C:\WINDOWS\System32\swprv.dll
17:35:00.0000 1684 swprv - ok
17:35:00.0500 1684 Symantec AntiVirus (8fdaadf204a4f29214da1b03342e2735) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
17:35:00.0953 1684 Symantec AntiVirus - ok
17:35:01.0093 1684 symc810 - ok
17:35:01.0250 1684 symc8xx - ok
17:35:01.0328 1684 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
17:35:01.0359 1684 SymEvent - ok
17:35:01.0500 1684 symmpi - ok
17:35:01.0671 1684 sym_hi - ok
17:35:01.0828 1684 sym_u3 - ok
17:35:02.0062 1684 sysaudio (e69064b5e7e85201db55fad909912fd0) C:\WINDOWS\system32\drivers\sysaudio.sys
17:35:02.0078 1684 sysaudio - ok
17:35:02.0250 1684 SysmonLog (cc8610d2ffaff19d5c9cf8ce9ffad71a) C:\WINDOWS\system32\smlogsvc.exe
17:35:02.0281 1684 SysmonLog - ok
17:35:02.0500 1684 TapiSrv (ce1fcaf92f06bb8549c9e1b8605b90cc) C:\WINDOWS\System32\tapisrv.dll
17:35:02.0562 1684 TapiSrv - ok
17:35:02.0843 1684 Tcpip (238dc2b879d1b37b91f8d5d44f3815d3) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:35:02.0937 1684 Tcpip - ok
17:35:03.0109 1684 TDPIPE (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:35:03.0109 1684 TDPIPE - ok
17:35:03.0265 1684 TDTCP (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys
17:35:03.0281 1684 TDTCP - ok
17:35:04.0109 1684 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
17:35:04.0812 1684 TeamViewer7 - ok
17:35:05.0062 1684 TermDD (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:35:05.0078 1684 TermDD - ok
17:35:05.0281 1684 TermService (5f0bd29cbd95465a3aa3ca319bc591a9) C:\WINDOWS\System32\termsrv.dll
17:35:05.0281 1684 TermService - ok
17:35:05.0484 1684 Themes (0af6401bdbd41a8b7aed5c923b8fdf4d) C:\WINDOWS\System32\shsvcs.dll
17:35:05.0484 1684 Themes - ok
17:35:05.0687 1684 TlntSvr (fe7ff05a90c1a24855b1cdc066b959e0) C:\WINDOWS\system32\tlntsvr.exe
17:35:05.0703 1684 TlntSvr - ok
17:35:05.0859 1684 TosIde - ok
17:35:06.0015 1684 TrkSvr (2ee42aced5fd4e1988116edeced90e93) C:\WINDOWS\system32\trksvr.dll
17:35:06.0031 1684 TrkSvr - ok
17:35:06.0218 1684 TrkWks (671fc35e995ffdbced00202771c6d169) C:\WINDOWS\system32\trkwks.dll
17:35:06.0234 1684 TrkWks - ok
17:35:06.0312 1684 TrustedNet Connect 2 (30cbb2ddb03c892826301c0fc73d60d1) C:\Program Files\TrustedNet Connect 2.0\tncservice.exe
17:35:06.0328 1684 TrustedNet Connect 2 - ok
17:35:06.0500 1684 Tssdis (43992245309838eacd05506b474985e5) C:\WINDOWS\System32\tssdis.exe
17:35:06.0531 1684 Tssdis - ok
17:35:06.0765 1684 Udfs (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys
17:35:06.0781 1684 Udfs - ok
17:35:06.0937 1684 ultra - ok
17:35:07.0109 1684 UMWdf (997fe835c85d0fb0501df6664d6fd072) C:\WINDOWS\system32\wdfmgr.exe
17:35:07.0125 1684 UMWdf - ok
17:35:07.0375 1684 Update (b0e133858e63940755b496761834f334) C:\WINDOWS\system32\DRIVERS\update.sys
17:35:07.0468 1684 Update - ok
17:35:07.0640 1684 UPS (92c3a632e963a8224fe62aa37c9508f6) C:\WINDOWS\System32\ups.exe
17:35:07.0640 1684 UPS - ok
17:35:07.0828 1684 usbaudio (576ae71f43bd33327804fadc9a3035af) C:\WINDOWS\system32\drivers\usbaudio.sys
17:35:07.0828 1684 usbaudio - ok
17:35:08.0000 1684 usbccgp (185959a7fccfd38aa71a274ae6252b88) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:35:08.0015 1684 usbccgp - ok
17:35:08.0187 1684 usbehci (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:35:08.0187 1684 usbehci - ok
17:35:08.0375 1684 usbhub (17859937740bc0d422fe71a588d6ddf7) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:35:08.0375 1684 usbhub - ok
17:35:08.0562 1684 usbprint (0e08d118964cb2727c84ad7441cfa7a2) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:35:08.0562 1684 usbprint - ok
17:35:08.0734 1684 usbscan (ff0464bab0572888111f22da5b9a5fe7) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:35:08.0734 1684 usbscan - ok
17:35:08.0906 1684 usbuhci (cbd3053337bb475f442a892edf671312) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:35:08.0906 1684 usbuhci - ok
17:35:09.0109 1684 usbvideo (38b2a6ad8207e3187b8159209a2fa587) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:35:09.0156 1684 usbvideo - ok
17:35:09.0390 1684 vds (5ce9331dc4c9e3b1fa4aaef1b212701f) C:\WINDOWS\System32\vds.exe
17:35:09.0484 1684 vds - ok
17:35:09.0687 1684 vga (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
17:35:09.0687 1684 vga - ok
17:35:09.0859 1684 VgaSave (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys
17:35:09.0859 1684 VgaSave - ok
17:35:10.0015 1684 ViaIde - ok
17:35:10.0187 1684 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
17:35:10.0203 1684 vncmirror - ok
17:35:10.0390 1684 VolSnap (45ae67c387a640ec6e228f30d421f088) C:\WINDOWS\system32\DRIVERS\volsnap.sys
17:35:10.0437 1684 VolSnap - ok
17:35:10.0796 1684 VSS (74a6820792e5bca5ee4d0cc4595c6916) C:\WINDOWS\System32\vssvc.exe
17:35:11.0015 1684 VSS - ok
17:35:11.0218 1684 W32Time (42cdae64da5beabb51c0c0f613658545) C:\WINDOWS\system32\w32time.dll
17:35:11.0265 1684 W32Time - ok
17:35:11.0500 1684 W3SVC (db0e023ee673896ad1780acad3bab393) C:\WINDOWS\system32\inetsrv\iisw3adm.dll
17:35:11.0546 1684 W3SVC - ok
17:35:11.0734 1684 Wanarp (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:35:11.0734 1684 Wanarp - ok
17:35:11.0890 1684 WDICA - ok
17:35:12.0093 1684 wdmaud (fd5a720d7997ab69122c96cdd014d43a) C:\WINDOWS\system32\drivers\wdmaud.sys
17:35:12.0109 1684 wdmaud - ok
17:35:12.0281 1684 WebClient (6f66e66ab1c25c0bd363f2252db04360) C:\WINDOWS\System32\webclnt.dll
17:35:12.0312 1684 WebClient - ok
17:35:12.0312 1684 WinHttpAutoProxySvc - ok
17:35:12.0515 1684 winmgmt (f8d5b9c1a26c933b9ea7740bab35bcf5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:35:12.0546 1684 winmgmt - ok
17:35:13.0046 1684 WinVNC4 (661bf289e4f73da6334017b0c968e8b3) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
17:35:13.0468 1684 WinVNC4 - ok
17:35:13.0734 1684 WLBS (d346e2f289f23e557ddfb9132d1dab35) C:\WINDOWS\system32\DRIVERS\wlbs.sys
17:35:13.0781 1684 WLBS - ok
17:35:13.0984 1684 WmdmPmSN (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\system32\mspmsnsv.dll
17:35:13.0984 1684 WmdmPmSN - ok
17:35:14.0312 1684 Wmi (ced3b9fdc2067016c70db72d79cc6301) C:\WINDOWS\System32\advapi32.dll
17:35:14.0468 1684 Wmi - ok
17:35:14.0656 1684 WmiApSrv (796d30c693f7b8a717499a9abeb3af39) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:35:14.0703 1684 WmiApSrv - ok
17:35:15.0000 1684 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:35:15.0015 1684 WPFFontCache_v0400 - ok
17:35:15.0187 1684 WSTCODEC (eb61bb73bb5a318f3df5d73ad1ba2e03) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:35:15.0203 1684 WSTCODEC - ok
17:35:15.0359 1684 wuauserv (996cec79b1662044e8462e130a65739e) C:\WINDOWS\system32\wuauserv.dll
17:35:15.0359 1684 wuauserv - ok
17:35:15.0640 1684 WZCSVC (e21b2d0a0d4ab1d2441fe9fcc961c392) C:\WINDOWS\System32\wzcsvc.dll
17:35:15.0765 1684 WZCSVC - ok
17:35:15.0953 1684 xmlprov (c5b83f9a09a3ebfe8a931472f6da4e38) C:\WINDOWS\System32\xmlprov.dll
17:35:15.0953 1684 xmlprov - ok
17:35:15.0984 1684 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
17:35:15.0984 1684 \Device\Harddisk1\DR1 - ok
17:35:16.0000 1684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:35:16.0234 1684 \Device\Harddisk0\DR0 - ok
17:35:16.0234 1684 Boot (0x1200) (b35216a6ec70018e483eb9efd25ec0b1) \Device\Harddisk1\DR1\Partition0
17:35:16.0234 1684 \Device\Harddisk1\DR1\Partition0 - ok
17:35:16.0234 1684 Boot (0x1200) (2f8c89fc351656dacee0b883970df1f9) \Device\Harddisk0\DR0\Partition0
17:35:16.0234 1684 \Device\Harddisk0\DR0\Partition0 - ok
17:35:16.0250 1684 Boot (0x1200) (68876566ecea73eb40bd3ea42b67ab48) \Device\Harddisk0\DR0\Partition1
17:35:16.0250 1684 \Device\Harddisk0\DR0\Partition1 - ok
17:35:16.0265 1684 Boot (0x1200) (ae5a6b5ad9a89e75d0255c6b0a90b423) \Device\Harddisk0\DR0\Partition2
17:35:16.0265 1684 \Device\Harddisk0\DR0\Partition2 - ok
17:35:16.0281 1684 Boot (0x1200) (36bf530b64f0c84382571feb6c4fb820) \Device\Harddisk0\DR0\Partition3
17:35:16.0281 1684 \Device\Harddisk0\DR0\Partition3 - ok
17:35:16.0281 1684 ============================================================
17:35:16.0281 1684 Scan finished
17:35:16.0281 1684 ============================================================
17:35:16.0281 4692 Detected object count: 0
17:35:16.0281 4692 Actual detected object count: 0
17:35:21.0359 1740 Deinitialize success

OTL.txt:
OTL logfile created on: 3/04/2012 6:53:18 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.99% Memory free
5.83 Gb Paging File | 4.74 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 12.46 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 36.65 Gb Free Space | 93.84% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 12.58 Gb Free Space | 18.40% Space Free | Partition Type: NTFS
Drive F: | 430.15 Gb Total Space | 373.86 Gb Free Space | 86.92% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 54.22 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: ADMINISTRATOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 17:54:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/22 15:08:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/23 20:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/09/27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/06/30 09:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) -- C:\Program Files\NCP\SecureClient\ncprwsnt.exe
PRC - [2010/06/16 15:01:36 | 000,638,976 | ---- | M] (SmarterTools Inc.) -- C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe
PRC - [2010/05/21 10:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) -- C:\Program Files\NCP\SecureClient\ncpclcfg.exe
PRC - [2010/05/21 10:39:22 | 001,026,560 | ---- | M] (NCP engineering GmbH) -- C:\Program Files\NCP\SecureClient\NcpBudgetGui.exe
PRC - [2010/05/19 15:02:12 | 000,829,008 | ---- | M] (NCP engineering GmbH) -- C:\Program Files\NCP\SecureClient\rwsrsu.exe
PRC - [2010/05/07 11:08:38 | 000,093,184 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NCPSEC.EXE
PRC - [2010/04/06 05:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/26 11:38:04 | 000,086,016 | ---- | M] (SmarterTools Inc) -- C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe
PRC - [2007/02/18 22:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 18:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/02/07 17:01:16 | 000,077,736 | ---- | M] (SecureNet Limited) -- C:\Program Files\TrustedNet Connect 2.0\TNCService.exe
PRC - [2005/02/07 17:01:14 | 000,065,448 | ---- | M] (SecureNet Limited) -- C:\Program Files\TrustedNet Connect 2.0\TNCTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/22 15:08:18 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/13 12:54:58 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\17902fdb0e0d3bc8b49bce693415fe7e\System.WorkflowServices.ni.dll
MOD - [2011/12/13 12:54:38 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\9ec7da53380a754b4ad97709df0dd7e7\System.ServiceModel.Web.ni.dll
MOD - [2011/12/13 12:53:04 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll
MOD - [2011/12/13 12:53:00 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\ceadaf3b3d017c7a1ef10a06f8009f6f\System.ServiceModel.ni.dll
MOD - [2011/12/13 12:52:45 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
MOD - [2011/12/13 12:52:42 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\d14065ede44df8e9b5d6b60c5ddccc69\System.IdentityModel.ni.dll
MOD - [2011/12/13 11:58:02 | 002,982,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msmgdsrv\1d490f7e27474b6713586933eec01f55\msmgdsrv.ni.dll
MOD - [2011/12/13 11:57:54 | 001,393,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\6f089c7b09da78125c3d41293e5531f6\Microsoft.ReportingServices.Diagnostics.ni.dll
MOD - [2011/12/13 11:57:54 | 000,275,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\1efe715dd52cb9075d527abf0def8f06\ReportingServicesNativeClient.ni.dll
MOD - [2011/12/13 11:37:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/13 11:36:59 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/12/13 11:36:53 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/12/13 11:36:45 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/13 08:11:17 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/13 08:11:13 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/12/13 08:11:05 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/12/13 08:10:55 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/12/13 08:10:19 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/13 08:10:15 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/12/13 08:07:53 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/12/13 08:07:53 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/12/13 08:07:53 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/12/13 08:07:52 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/12/13 08:07:49 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/12/13 08:07:49 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/12/13 08:07:46 | 005,242,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011/08/25 07:54:12 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/02/04 22:22:30 | 000,026,112 | ---- | M] () -- C:\WINDOWS\system32\VNCpm.dll
MOD - [2010/11/22 00:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/09/27 11:03:08 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010/06/24 10:03:30 | 001,578,496 | ---- | M] () -- C:\Program Files\NCP\SecureClient\ncpgacc.dll
MOD - [2010/06/16 15:01:36 | 000,446,464 | ---- | M] () -- C:\Program Files\SmarterTools\SmarterStats\Service\SmarterTools.Common.dll
MOD - [2010/06/16 15:01:36 | 000,029,696 | ---- | M] () -- C:\Program Files\SmarterTools\SmarterStats\Service\SmarterTools.SEO.dll
MOD - [2010/06/09 11:45:54 | 000,097,792 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NCPMIF32.DLL
MOD - [2010/05/07 11:08:38 | 000,093,184 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NCPSEC.EXE
MOD - [2010/04/06 05:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2010/01/05 10:48:24 | 000,979,968 | ---- | M] () -- C:\Program Files\NCP\SecureClient\rsussl.dll
MOD - [2009/10/21 12:29:20 | 000,139,264 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NCPDLG.DLL
MOD - [2009/09/23 14:35:06 | 000,129,536 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NcpBudget2008.dll
MOD - [2009/06/02 15:00:00 | 000,093,696 | ---- | M] () -- C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2007/02/18 22:00:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/18 22:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/08/22 04:05:26 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2002/06/28 10:16:42 | 000,151,552 | ---- | M] () -- C:\Program Files\NCP\SecureClient\NCPCFG.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\quickhealfirewall.dll -- (Pctspk)
SRV - [2012/02/23 20:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/15 12:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/07 20:05:48 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\APM\IPPAPM.exe -- (IPPAPM)
SRV - [2012/02/02 22:11:41 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPSFTPSIPPUpload\IPPSFTPSIPPUpload.exe -- (IPPSFTPSIPPUpload)
SRV - [2011/08/26 10:08:02 | 000,110,592 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPBankProcesses\IPPBankProcesses.exe -- (IPPBankProcesses)
SRV - [2011/02/04 22:36:44 | 001,696,496 | ---- | M] (RealVNC Ltd) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2010/09/27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/06/30 09:56:22 | 001,118,288 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Program Files\NCP\SecureClient\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010/06/16 15:01:36 | 000,638,976 | ---- | M] (SmarterTools Inc.) [Auto | Running] -- C:\Program Files\SmarterTools\SmarterStats\Service\SSSvc.exe -- (SSCollect)
SRV - [2010/05/21 10:44:26 | 000,133,712 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files\NCP\SecureClient\ncpclcfg.exe -- (ncpclcfg)
SRV - [2010/05/19 15:02:12 | 000,829,008 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files\NCP\SecureClient\rwsrsu.exe -- (rwsrsu)
SRV - [2010/05/07 11:08:38 | 000,093,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NCP\SecureClient\NCPSEC.EXE -- (NcpSec)
SRV - [2010/04/06 05:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/10/26 21:19:38 | 000,010,240 | ---- | M] (Enterprise Distributed Technologies) [Auto | Stopped] -- C:\Program Files\Complete FTP\Server\CompleteFTPService.exe -- (CompleteFTP)
SRV - [2009/07/26 13:37:30 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\DTSAPIConnector\DTSAPIConnector.exe -- (DTSAPIConnector)
SRV - [2009/07/13 13:18:50 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPSIAClient\IPPSIAClient.exe -- (IPPSIAClient)
SRV - [2009/07/02 15:46:22 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\SnortMonitor\SnortMonitor.exe -- (IPPSnortMonitor)
SRV - [2009/06/13 23:27:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/06 14:02:04 | 000,024,576 | ---- | M] (MESSAGEmanager Solutions) [On_Demand | Stopped] -- C:\Program Files\MESSAGEmanager Solutions\MESSAGEmanager\Apps\MMODgway.exe -- (MMODgway)
SRV - [2009/02/10 11:10:00 | 000,136,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2008/06/30 15:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/06/20 09:04:34 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPRemoteReportDownload\IPPRemoteReportDownload.exe -- (IPPRemoteReportDownload)
SRV - [2008/06/20 08:39:46 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPRemoteBatchUpload\IPPRemoteBatchUpload.exe -- (IPPRemoteBatchUpload)
SRV - [2008/06/20 08:04:00 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IPPayments\IPPRemoteSIPPUpload\IPPRemoteSIPPUpload.exe -- (IPPRemoteSIPPUpload)
SRV - [2008/04/26 11:38:04 | 000,086,016 | ---- | M] (SmarterTools Inc) [Auto | Running] -- C:\Program Files\SmarterTools\SmarterStats\Web Server\SSWebSvr.exe -- (SSWebSvr)
SRV - [2007/02/18 22:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 22:00:00 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2007/02/18 22:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 22:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 22:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 22:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 22:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 22:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/18 22:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/02/07 17:01:16 | 000,077,736 | ---- | M] (SecureNet Limited) [On_Demand | Running] -- C:\Program Files\TrustedNet Connect 2.0\TNCService.exe -- (TrustedNet Connect 2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/09 19:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/09 19:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 05:50:50 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120329.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 05:50:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120329.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/02/04 22:22:30 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010/09/27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010/07/02 12:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (ncpvaxp)
DRV - [2010/07/02 12:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFiltMP)
DRV - [2010/07/02 12:19:14 | 000,081,392 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ncpvaxp.sys -- (NcpFilt)
DRV - [2009/02/04 17:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/11/01 04:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/10/30 23:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/30 19:48:02 | 000,018,232 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2007/03/30 19:46:50 | 000,013,368 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2007/03/30 19:44:22 | 000,020,536 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2007/02/18 22:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 22:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/18 22:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 22:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/18 16:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/04/11 16:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}: "URL" = http://www.live.com/?q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {B6EEED01-4E6E-4370-81BC-7F6CC51FFCCD}:1.9.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56323
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{B6EEED01-4E6E-4370-81BC-7F6CC51FFCCD}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B6EEED01-4E6E-4370-81BC-7F6CC51FFCCD} [2011/05/23 14:12:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F58174A5-312F-46C5-9466-C223865CC704}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F58174A5-312F-46C5-9466-C223865CC704} [2011/08/01 13:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/22 15:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/31 12:57:14 | 000,000,000 | ---D | M]

[2009/06/13 21:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/02/21 15:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\frg4ckpl.default\extensions
[2012/01/25 09:58:19 | 000,000,000 | ---D | M] (Selenium IDE) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\frg4ckpl.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2011/11/09 14:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FRG4CKPL.DEFAULT\EXTENSIONS\CSHARPFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FRG4CKPL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FRG4CKPL.DEFAULT\EXTENSIONS\JAVAFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FRG4CKPL.DEFAULT\EXTENSIONS\PYTHONFORMATTERS@SELENIUMHQ.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FRG4CKPL.DEFAULT\EXTENSIONS\RUBYFORMATTERS@SELENIUMHQ.ORG.XPI
[2012/03/22 15:08:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/18 16:28:57 | 000,289,592 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/18 16:28:39 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/31 09:20:48 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/31 09:20:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/31 09:20:48 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/31 09:20:48 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/31 09:20:48 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files\NCP\SecureClient\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpRsuGui] C:\Program Files\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500..\Run: [Registry Reviver] C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe File not found
O4 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500..\Run: [TrustedNet Connect 2.x] C:\Program Files\TrustedNet Connect 2.0\TNCTray.exe (SecureNet Limited)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EasyPost Mailroom.lnk = C:\WINDOWS\Installer\{2B6CCEA5-DF6D-4F94-844D-571FCD2589D0}\NewShortcut1_1.E1F4D373_5533_4AB6_A93B_0DC3A9BDA16E.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-1638718064-2899388015-2307549788-500\..Trusted Domains: //localhost/main.html ([]eoprv in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F355007-61B7-4E8F-B199-884952D8ED1D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2E7A700-1ECC-45AF-B470-B03F2F91A278}: Domain = ippayments.com.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2E7A700-1ECC-45AF-B470-B03F2F91A278}: NameServer = 210.87.32.122
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/13 12:43:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 17:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2012/04/03 15:57:49 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/04/03 13:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/04/03 13:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 13:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/03 13:31:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 13:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/03 13:21:38 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2012/04/03 13:14:52 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/03 11:36:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/04/03 10:38:16 | 002,068,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/04/03 10:24:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/02 20:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2012/03/26 15:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/03/24 11:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/24 10:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\FreeFixer
[2012/03/24 09:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FixZeroAccess
[2012/03/24 08:50:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/15 22:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2012/03/15 22:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2012/03/15 17:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2012/03/15 14:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterCrypto Shared
[2012/03/15 14:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Crypt4Free
[2012/03/15 14:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Crypt4Free
[2012/03/15 13:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Downloads
[2012/03/15 07:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/12 21:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nvu
[2012/03/06 08:51:22 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2012/03/06 08:51:22 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/03/06 08:51:22 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/03/06 08:51:21 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/03/06 08:51:19 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/03/06 08:51:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/03/06 08:51:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2012/03/06 08:51:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/03/06 08:51:17 | 010,100,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/03/06 08:51:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/03/06 08:51:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/03/06 08:51:15 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/03/06 08:51:15 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/03/06 08:51:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/03/06 08:51:13 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2012/03/06 08:51:13 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/03/06 08:51:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2012/03/06 08:51:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/03/06 08:51:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/03/06 08:51:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/03/06 08:51:04 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/03/06 08:51:04 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/03/06 08:50:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/03/06 08:50:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2012/03/06 08:50:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/03/06 08:50:57 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/03/06 08:50:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/03/06 08:50:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/03/06 08:50:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/03/06 08:50:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/03/06 08:50:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/03/06 08:50:51 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/03/06 08:50:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/03/06 08:50:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2012/03/06 08:50:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/03/06 08:50:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/03/06 08:50:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/03/06 08:50:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2012/03/06 08:50:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2012/03/06 08:50:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/03/06 08:50:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2012/03/06 08:50:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2012/03/06 08:50:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/03/06 08:50:50 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/03/06 08:50:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/03/06 08:50:48 | 011,091,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/03/06 08:50:47 | 000,815,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpgn.grm
[2012/03/06 08:50:46 | 009,206,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpzp.dic
[2012/03/06 08:50:46 | 000,854,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjptk.dic
[2012/03/06 08:50:44 | 014,694,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpst.dic
[2012/03/06 08:50:44 | 000,137,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpsb.dic
[2012/03/06 08:50:43 | 010,660,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpnm.dic
[2012/03/06 08:50:42 | 000,993,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpln.dic
[2012/03/06 08:50:42 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcd.dic
[2012/03/06 08:50:42 | 000,055,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpch.dic
[2012/03/06 08:50:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/03/06 08:50:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/03/06 08:50:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/03/06 08:50:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/03/06 08:50:36 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2012/03/06 08:50:35 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/03/06 08:50:35 | 000,841,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2012/03/06 08:50:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2012/03/06 08:50:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/03/06 08:50:35 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2012/03/06 08:50:35 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/03/06 08:50:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2012/03/06 08:50:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/03/06 08:50:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2012/03/06 08:50:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/03/06 08:50:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/03/06 08:50:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2012/03/06 08:50:34 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/03/06 08:50:34 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2012/03/06 08:50:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2012/03/06 08:50:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/03/06 08:50:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2012/03/06 08:50:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/03/06 08:50:34 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2012/03/06 08:50:34 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/03/06 08:50:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2012/03/06 08:50:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/03/06 08:50:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2012/03/06 08:50:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/03/06 08:50:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2012/03/06 08:50:33 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2012/03/06 08:50:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/03/06 08:50:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2012/03/06 08:50:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/03/06 08:50:32 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/03/06 08:50:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/03/06 08:50:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/03/06 08:50:32 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/03/06 08:50:32 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/03/06 08:50:31 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2012/03/06 08:50:31 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/03/06 08:50:31 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2012/03/06 08:50:31 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/03/06 08:50:31 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/03/06 08:50:31 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/03/06 08:50:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/03/06 08:50:30 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/03/06 08:50:30 | 000,234,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/03/06 08:50:30 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/03/06 08:50:30 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/03/06 08:50:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/03/06 08:50:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/03/06 08:50:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/03/06 08:50:29 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/03/06 08:50:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/03/06 08:50:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/03/06 08:50:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2012/03/06 08:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-br
[2012/03/06 08:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-cht
[2012/03/06 08:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-chs
[2012/03/06 08:34:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2012/03/06 08:34:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es
[2012/03/06 08:34:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2012/03/06 08:34:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2012/03/06 08:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it
[2012/03/06 08:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\hu
[2012/03/06 08:34:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ja
[2012/03/06 08:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
[2012/03/06 08:34:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko
[2012/03/06 08:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-pt
[2012/03/06 08:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl
[2012/03/06 08:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv
[2012/03/06 08:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ru
[2012/03/06 08:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/03 18:55:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 18:41:51 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/03 18:37:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1638718064-2899388015-2307549788-500UA.job
[2012/04/03 18:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/03 18:09:27 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/04/03 18:04:15 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2012/04/03 17:59:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/03 17:54:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/04/03 17:36:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/03 17:36:09 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/03 16:50:58 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/03 16:38:02 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/03 16:37:57 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/03 15:57:51 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
[2012/04/03 15:39:46 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/03 15:38:41 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/03 14:40:26 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/03 14:40:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/03 14:37:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1638718064-2899388015-2307549788-500Core.job
[2012/04/03 13:36:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/03 13:36:04 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/04/03 13:31:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/03 13:26:47 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 13:26:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/03 13:26:02 | 000,121,808 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/04/03 13:21:35 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam-clean.exe
[2012/04/03 13:15:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/03 12:38:12 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/03 12:38:11 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/03 11:44:14 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/03 11:44:11 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/03 11:40:03 | 000,683,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/03 11:40:02 | 000,149,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/03 11:00:03 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/03 11:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/03 10:59:24 | 002,068,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2012/04/03 10:53:43 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.com
[2012/04/03 09:48:59 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/03 09:48:56 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/03 08:37:34 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/03 08:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/03 08:04:13 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/04/03 08:04:12 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EasyPost Mailroom.lnk
[2012/04/03 07:36:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/03 07:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/03 06:36:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/03 06:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/03 05:36:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/03 05:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/03 04:36:18 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/03 04:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/03 03:36:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/03 03:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/04/03 02:37:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/03 02:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/04/03 01:36:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/03 01:36:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/02 23:36:51 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/02 23:36:36 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/02 22:38:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/02 22:38:03 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/02 21:43:56 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/02 21:43:50 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/02 20:43:18 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/02 20:43:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/02 19:37:22 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/02 19:37:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/02 00:42:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 23:37:11 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/03/31 23:37:06 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/03/26 20:04:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/03/26 15:12:09 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/24 08:32:35 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/23 18:10:48 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3knGG4VF.dat
[2012/03/23 17:16:33 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\7J13CI.com_
[2012/03/23 17:16:33 | 000,084,992 | ---- | M] () -- C:\WINDOWS\System32\7J13CI.com
[2012/03/17 10:01:28 | 001,483,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/16 11:21:54 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/03/16 11:21:54 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
[2012/03/15 23:29:12 | 000,003,417 | ---- | M] () -- C:\Documents and Settings\Administrator\reset.catalog
[2012/03/15 22:22:32 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2012/03/15 22:06:54 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2012/03/12 21:54:00 | 000,000,099 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2012/03/12 21:53:58 | 000,000,020 | ---- | M] () -- C:\WINDOWS\akebook.ini
[2012/03/12 21:53:58 | 000,000,004 | ---- | M] () -- C:\WINDOWS\a3kebook.ini
[2012/03/07 10:43:15 | 000,001,200 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2012/03/06 08:34:51 | 000,003,376 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/04 20:02:25 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/03 18:36:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\7J13CI.com
[2012/04/03 17:12:55 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2012/04/03 17:12:55 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/04/03 17:12:55 | 000,002,431 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EasyPost Mailroom.lnk
[2012/04/03 17:12:55 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2012/04/03 17:12:55 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/03 17:12:55 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/03 17:12:55 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/03 17:12:55 | 000,001,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Working.lnk
[2012/04/03 17:12:55 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to IPPUtilities.exe.lnk
[2012/04/03 17:12:55 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/03 17:12:55 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Any Password.lnk
[2012/04/03 17:12:55 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2012/04/03 17:12:55 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/03 17:12:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/03 17:12:54 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Pidgin.lnk
[2012/04/03 17:12:52 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 6.0 Professional.lnk
[2012/04/03 17:12:52 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/03 17:12:52 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/03 17:12:52 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012/04/03 17:12:52 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012/04/03 17:12:52 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012/04/03 17:12:52 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012/04/03 17:12:52 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012/04/03 17:12:51 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 6.0.lnk
[2012/04/03 17:12:51 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/04/03 13:31:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/03 10:53:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.com
[2012/03/29 01:36:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\7J13CI.com_
[2012/03/26 20:04:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/03/26 15:12:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/23 16:12:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3knGG4VF.dat
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/03/23 16:02:06 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/15 23:29:11 | 000,003,417 | ---- | C] () -- C:\Documents and Settings\Administrator\reset.catalog
[2012/03/15 22:05:15 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2012/03/15 17:54:37 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2012/03/12 21:53:58 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2012/03/12 21:53:58 | 000,000,020 | ---- | C] () -- C:\WINDOWS\akebook.ini
[2012/03/12 21:53:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\a3kebook.ini
[2012/03/06 08:51:22 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2012/03/06 08:51:22 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2012/03/06 08:51:21 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlguc.imd
[2012/03/06 08:51:20 | 000,427,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgie.imd
[2012/03/06 08:51:20 | 000,409,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgu.imd
[2012/03/06 08:51:20 | 000,279,894 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgd.imd
[2012/03/06 08:51:20 | 000,102,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgsi.imd
[2012/03/06 08:51:20 | 000,024,080 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgl.imd
[2012/03/06 08:51:20 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgs.imd
[2012/03/06 08:51:19 | 000,543,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cintlgb.imd
[2012/03/06 08:51:16 | 000,462,929 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskdic.dic
[2012/03/06 08:51:16 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/03/06 08:51:15 | 001,413,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgs.imd
[2012/03/06 08:51:14 | 000,455,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgl.imd
[2012/03/06 08:51:14 | 000,171,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tintlgc.imd
[2012/03/06 08:51:12 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2012/03/06 08:51:12 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2012/03/06 08:51:12 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2012/03/06 08:51:12 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2012/03/06 08:51:11 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2012/03/06 08:51:11 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2012/03/06 08:51:11 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2012/03/06 08:51:11 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2012/03/06 08:51:11 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2012/03/06 08:51:11 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2012/03/06 08:51:11 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2012/03/06 08:51:11 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2012/03/06 08:51:11 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2012/03/06 08:51:11 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2012/03/06 08:51:11 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2012/03/06 08:51:10 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/03/06 08:51:09 | 000,487,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsk.dic
[2012/03/06 08:51:09 | 000,174,803 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsd.dic
[2012/03/06 08:51:07 | 010,011,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgs.imd
[2012/03/06 08:51:07 | 000,733,292 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgr.imd
[2012/03/06 08:51:06 | 001,004,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgix.imd
[2012/03/06 08:51:06 | 000,948,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgi.imd
[2012/03/06 08:51:06 | 000,208,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgl.imd
[2012/03/06 08:51:05 | 000,867,242 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgdx.imd
[2012/03/06 08:51:05 | 000,825,038 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgd.imd
[2012/03/06 08:51:05 | 000,188,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlgc.imd
[2012/03/06 08:51:05 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/03/06 08:51:01 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2012/03/06 08:51:00 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2012/03/06 08:51:00 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2012/03/06 08:50:57 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/06 08:50:56 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/06 08:50:35 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2012/03/06 08:50:35 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/11/30 13:08:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/10/20 11:20:59 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2011/06/20 08:56:15 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\VNCpm.dll
[2011/05/23 14:12:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hyerewahatewisuc.dat
[2011/05/23 14:12:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mtubogicaben.bin
[2010/09/27 11:03:08 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/08/11 16:51:02 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

< End of report >

Extras.txt:
OTL Extras logfile created on: 3/04/2012 6:53:18 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.99% Memory free
5.83 Gb Paging File | 4.74 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 12.46 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 36.65 Gb Free Space | 93.84% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 12.58 Gb Free Space | 18.40% Space Free | Partition Type: NTFS
Drive F: | 430.15 Gb Total Space | 373.86 Gb Free Space | 86.92% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 54.22 Gb Free Space | 5.82% Space Free | Partition Type: NTFS

Computer Name: ADMINISTRATOR | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-1638718064-2899388015-2307549788-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{0863885D-E64B-9E5A-9747-03321A2D2A49}" = CCC Help Korean
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0C40E716-2558-01E2-4797-484E4CCB2500}" = Catalyst Control Center Localization All
"{10FDD69C-2428-0FFB-12A2-2A6907D6282F}" = CCC Help Japanese
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{12518183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{12805069-9211-475E-92F6-DD2A40D458D0}" = Chilkat.NET-v2.0-v3.5-Frameworks
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{139DEC1F-D380-EB76-B0DF-88BC99B3B7BB}" = Catalyst Control Center Graphics Light
"{153C97FF-EE8B-40BB-9C8B-975F10EAB54D}" = Karamasoft UltimateCalendar 1.1 for ASP.NET 2.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2347E903-6299-A99F-C46C-05EB55912539}" = CCC Help Chinese Traditional
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B3A996D-CCBF-3D62-B0AD-EA05553D3CEE}" = CCC Help Chinese Standard
"{2B6CCEA5-DF6D-4F94-844D-571FCD2589D0}" = EasyPost Mailroom
"{300D2ECE-DA75-1623-871F-935A205FC450}" = CCC Help German
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F24CCF-BD42-4CB4-9160-466B62C504C4}" = SmarterStats
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{429D71EC-7DBD-40AC-ABCB-60D0091996D7}" = Crypt4Free
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF8A8A5-B3EA-6073-0457-669CC1E929C8}" = CCC Help Hungarian
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{501C0FDB-DCA5-E211-956C-26ADC4C54B66}" = Catalyst Control Center Core Implementation
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5318FF8A-4054-4079-BFD4-6854C248E732}" = IP Payments Remote SIPP File Upload
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F85CF9-B9EF-6C77-8095-A2CF95738099}" = CCC Help Danish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63A17691-ABC0-E86F-5D7A-A2F7EE36145E}" = CCC Help Dutch
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{6501E9B8-77C7-7D81-7F1A-4C2D7E36B403}" = CCC Help Italian
"{676A51E8-97BE-4F08-9F08-453FC25C5905}" = EO.Web Controls 7.0 (2009)
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72A5824D-08E9-9A96-2104-19E4FE86E5FA}" = CCC Help Spanish
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7907CAB0-6C4F-C554-34EA-93EAC98B42F9}" = CCC Help Turkish
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82982D26-D60E-27D8-361F-F14A8F6440E7}" = Catalyst Control Center HydraVision Full
"{8418FE6C-36B5-4023-8704-5DC2F21BB2E8}" = UltraEdit 15.00
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{87934EAD-CE6F-16C6-6004-73E092AA15A6}" = Catalyst Control Center Graphics Previews Common
"{89B80F72-CCD0-95C3-21CB-89BA03D98155}" = CCC Help Finnish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F47F269-C901-43EE-A709-E5FE6B91D627}" = TrustedNet Connect 2.0
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{906D95BA-4515-59A5-F2E4-072B1E73BB75}" = CCC Help English
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95D5732E-75E5-4DF5-84FF-2C9F6DBD0311}" = Karamasoft UltimateAjax 1.1 for ASP.NET 2.0
"{95F8095D-D6DB-4A91-81C3-035B29E846EA}" = Karamasoft UltimateMenu 3.2 for ASP.NET 2.0
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9AA15ABA-1826-4D62-ACAE-5C08EF835579}" = MESSAGEmanager On Demand Gateway Service
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8BE52A-2C9A-91F2-310E-560CCE4FD247}" = CCC Help Russian
"{A0D62771-4353-8D52-44B8-0FCFF07D5FF1}" = ccc-core-preinstall
"{A1558640-7E81-416A-95D3-3CFCD9F6B492}" = Karamasoft UltimateTabstrip 1.0 for ASP.NET 2.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3AE78AD-093F-57F1-280D-A31B0C1C1425}" = CCC Help Greek
"{A41A9C99-0029-783E-40C3-3AA0D1A6535D}" = CCC Help Polish
"{A680CE58-7B2C-9A45-D05F-5AC22DFA2F76}" = CCC Help Portuguese
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97B911E-8B1F-3B0F-F3D1-63B04084CC0F}" = Skins
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AD3AE2EE-E0DB-7818-3F05-7E8B2FB22C49}" = CCC Help Norwegian
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B414174C-97E4-9E8B-018E-AC77055D0107}" = CCC Help Thai
"{B6D0AACC-1F01-A901-5348-FF3599EFE70D}" = CCC Help French
"{B98604A2-5229-CBE6-98A4-A6D7C63B7458}" = ccc-utility
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA72B723-0F86-445E-A5C3-E0F35E8D3F19}" = IP Payments Remote Batch File Upload
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C40ECA0A-90C4-4B11-A28D-0F81A99C5A74}" = Data Dynamics ActiveReports for .NET 3.0
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBD1A47D-691E-56C2-AC6A-1B3F80E3EC14}" = CCC Help Swedish
"{CC046588-5F56-4974-81D0-BA59DB248255}" = IP Payments CRM
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03EEA39-30F9-4169-BE79-D511E9D6E22F}" = Karamasoft UltimatePanel 3.2 for ASP.NET 2.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D34313F7-B5E2-D3AF-FBB1-EF3ED1DEF5AB}" = CCC Help Czech
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E2022C3D-A718-4C7C-938E-724FD6240BC5}" = IP Payments Remote Report Download
"{E3A6437F-DE5B-6F3E-7BB3-39185D0BBDCE}" = ccc-core-static
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB1446FB-A3EF-D04D-C224-EEC74F11805F}" = Catalyst Control Center Graphics Full New
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE931AAE-B6D9-8A02-60C7-EF4862306F58}" = Catalyst Control Center Graphics Full Existing
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"Any Password_is1" = Any Password 1.44
"ATI Display Driver" = ATI Display Driver
"Byki Express" = Byki Express
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Complete FTP" = Complete FTP
"Credit Card Number Validator" = Credit Card Number Validator
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"E-Payment Integrator V5 .NET Edition" = E-Payment Integrator V5 .NET Edition
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"FreeFixer0.61" = FreeFixer
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ie8" = Windows Internet Explorer 8
"InstallShield_{39F24CCF-BD42-4CB4-9160-466B62C504C4}" = SmarterStats
"JAIELangPack" = Japanese Language Support
"KOIELangPack" = Korean Language Support
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"NCP RWS/GA" = NCP Secure Entry Client
"Pidgin" = Pidgin
"PuTTY_is1" = PuTTY development snapshot 2010-08-03:r8975
"RealAlt_is1" = Real Alternative 2.0.2
"RealVNC_is1" = VNC Enterprise Edition E4.6.1
"Regular Expression Designer" = Regular Expression Designer 1.4
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"SecureBlackbox.NET" = SecureBlackbox.NET
"SugarOutlook" = SugarCRM Outlook Plug-in
"SWiX_is1" = SWiX 1.3.0.1927
"Tax Withheld Calculator" = Tax Withheld Calculator
"TeamViewer 7" = TeamViewer 7
"TXTcollector_is1" = TXTcollector
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.7.0
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winscp3_is1" = WinSCP 4.3.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1638718064-2899388015-2307549788-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f7fcb5ffaa187e19" = SnortMonitor
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/04/2012 12:36:14 PM | Computer Name = ADMINISTRATOR | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 2/04/2012 1:36:07 PM | Computer Name = ADMINISTRATOR | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.

Error - 2/04/2012 11:26:32 PM | Computer Name = ADMINISTRATOR | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\nt\com\complus\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x80070005

Error - 2/04/2012 11:32:56 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3013
Description = Unable to update the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 2/04/2012 11:32:56 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 2/04/2012 11:32:59 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3013
Description = Unable to update the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 2/04/2012 11:32:59 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 2/04/2012 11:37:29 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3013
Description = Unable to update the performance counter strings of the 009 language
ID. The Win32 status returned by the call is the first DWORD in Data section.

Error - 2/04/2012 11:37:29 PM | Computer Name = ADMINISTRATOR | Source = LoadPerf | ID = 3009
Description = Installing the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 3/04/2012 3:39:04 AM | Computer Name = ADMINISTRATOR | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/04/2012 6:00:28 PM | Computer Name = ADMINISTRATOR | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:29:19 AM on 3/04/2012 was unexpected.

Error - 2/04/2012 6:03:24 PM | Computer Name = ADMINISTRATOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/04/2012 6:04:00 PM | Computer Name = ADMINISTRATOR | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 2/04/2012 6:36:00 PM | Computer Name = ADMINISTRATOR | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 2/04/2012 6:45:57 PM | Computer Name = ADMINISTRATOR | Source = EventLog | ID = 6000
Description = The ACEEventLog log file is full.

Error - 2/04/2012 9:34:57 PM | Computer Name = ADMINISTRATOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/04/2012 11:27:37 PM | Computer Name = ADMINISTRATOR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/04/2012 11:29:19 PM | Computer Name = ADMINISTRATOR | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Complete FTP Server service
to connect.

Error - 2/04/2012 11:29:19 PM | Computer Name = ADMINISTRATOR | Source = Service Control Manager | ID = 7000
Description = The Complete FTP Server service failed to start due to the following
error: %%1053

Error - 3/04/2012 4:36:00 AM | Computer Name = ADMINISTRATOR | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error: %%2147942402


< End of report >

Thanks again for your assistance.
Shane

#5 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 05 April 2012 - 12:59 PM

Hi there,

Apologies for the delay (I was out of town for a couple of days). The TDSSKiller log seems to show no ZeroAccess present on your PC (at least not any more).

Let's try this OTL fix and see how we get on:

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes
    killallprocesses
    
    :otl
    [2012/04/03 18:36:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\7J13CI.com
    [2012/04/03 10:53:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iExplore.com
    [2012/03/29 01:36:02 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\7J13CI.com_
    [2012/03/23 16:12:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3knGG4VF.dat
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2012/03/23 16:12:10 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2012/03/23 16:12:10 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2012/03/23 16:02:06 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2011/05/23 14:12:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hyerewahatewisuc.dat
    [2011/05/23 14:12:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mtubogicaben.bin
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#6 Nerph

Nerph
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 06 April 2012 - 01:49 AM

Hi Casey,

I've run the OTL Fix, these are the logs produced:

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\WINDOWS\system32\7J13CI.com moved successfully.
File C:\Documents and Settings\Administrator\Desktop\iExplore.com not found.
C:\WINDOWS\system32\7J13CI.com_ moved successfully.
C:\Documents and Settings\All Users\Application Data\3knGG4VF.dat moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\WINDOWS\Hyerewahatewisuc.dat moved successfully.
C:\WINDOWS\Mtubogicaben.bin moved successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04062012_163907

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thanks,
Shane

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 06 April 2012 - 06:16 AM

Looks good - how is your server running now?

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Nerph

Nerph
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 06 April 2012 - 06:20 AM

It seems to have fixed whatever was happening actually. The IE popups have not returned since I ran the fix, nor have the processes been starting up that I had to kill every 30 minutes or so.

Thats just awesome, thanks so much for the help, really appreciate it.

Shane

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 06 April 2012 - 10:05 AM

No problem :)

Let's just get a few more scans to check for left overs.

:step1: Please update and then run a full scan with MalwareByte's AntiMalware. Post me the resultant log.

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 Nerph

Nerph
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 07 April 2012 - 05:21 AM

ok, I've run these two scans. MalwareBytes didn't find anything, however ESET's scan did find some things and sucessfully removed them. Here are the logs:

MalwareBytes
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.06.06

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ADMINISTRATOR [administrator]

7/04/2012 2:45:11 AM
mbam-log-2012-04-07 (02-45-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429577
Time elapsed: 2 hour(s), 27 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\34\414cf8a2-3d211963 multiple threats deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\4\27c43884-138e83c2 Java/Agent.EI trojan deleted - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-2164691c a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-5c10006f a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-74897bd5 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-78bc42d8 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-7bbc92c7 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\44\1e8e536c-7cf7009c a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-3322049b a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-349b4314 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-3fa6625f a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-5b0beb1f a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-7585d791 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\358a07ad-7c257ddc a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-39dd80b5 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-556c31ed probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-6ae55368 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-78de3b9f probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-7c44ec53 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\5\48c812c5-7f27b4bf probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\58\207b04fa-71b2aee6 Java/TrojanDownloader.OpenStream.NBV trojan deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSirefef.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062012_163907\C_WINDOWS\system32\7J13CI.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062012_163907\C_WINDOWS\system32\7J13CI.com_ Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined

Shane

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 07 April 2012 - 12:30 PM

Hi,

Most of the problems found were in your Java cache and aren't really too much of an issue. The other four files had already been dealt with :)

So unless there are any other issues, it looks like you're all clean :)

:step1: We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

:step2: Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Use an Anti-Malware program
You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 Nerph

Nerph
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 08 April 2012 - 08:54 PM

Hi Casey, I've done the OTL Cleanup now - I'll go through the list you provided to help prevent future infection.

Thanks so much for your help, much appreciated.

Shane

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:01 AM

Posted 09 April 2012 - 04:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users