Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDDS and google keeps redirecting


  • This topic is locked This topic is locked
24 replies to this topic

#1 stipeysocks

stipeysocks

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 27 March 2012 - 09:27 AM


Trojan:Win32/sirefef.AC This is the bug. I have run the Gmer scan. This in accordance with the instructions on the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".

I will back up with DriveImage today and do the run Deffogger.exe. Thank you.




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-26 21:10:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHY2080BH rev.0000000B
Running: gmer.exe; Driver: C:\DOCUME~1\DOUGLA~1\LOCALS~1\Temp\uwriiaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text netbt.sys!?SetListItemNew@@YGDJ~U AA33F000 37 Bytes [89, 01, 81, 7D, 10, 16, 00, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U AA33F026 37 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U AA33F04C 61 Bytes [00, 8B, 47, 18, 8B, 70, 0C, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U AA33F08A 16 Bytes [15, 90, 90, 35, AA, 33, D2, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U AA33F09B 11 Bytes [8D, 4F, 5C, FF, 15, 80, 90, ...]
.text ...
.text netbt.sys!?RtlAppNameExA@@YG_NKPAFPAK~U + 21 AA345A8C 18 Bytes [00, 33, C0, 5F, 5E, 5B, 5D, ...]
.text netbt.sys!?RtlAppNameExA@@YG_NKPAFPAK~U + 34 AA345A9F 26 Bytes [00, FF, 75, 10, FF, 35, 54, ...]
.text netbt.sys!?RtlAppNameExA@@YG_NKPAFPAK~U + 4F AA345ABA 78 Bytes [F6, 40, 39, 08, 0F, 85, 97, ...]
.text netbt.sys!?RtlAppNameExA@@YG_NKPAFPAK~U + 9E AA345B09 214 Bytes [60, 10, 00, FF, 15, 60, 92, ...]
.text netbt.sys!?CancelDateTime@@YGI_NH~U AA345BE0 139 Bytes [89, 45, F0, 0F, 85, 14, BD, ...]
.text netbt.sys!?CrtThreadEx@@YGDGKHF~U AA345C6C 9 Bytes [00, 3B, 4D, C4, 0F, 85, B2, ...]
.text netbt.sys!?OnSectionExA@@YGEFK~U AA345C76 39 Bytes [80, BF, 94, 00, 00, 00, 00, ...]
.text netbt.sys!?KillProcessOriginal@@YGPAIK_N~U AA345C9E 21 Bytes [00, C7, 45, D8, 2C, 00, 00, ...]
.text netbt.sys!?DeleteFunctionEx@@YGIPAI_N~U + C AA345CB4 7 Bytes [4D, EC, FF, 15, 80, 90, 35]
.text netbt.sys!?DeleteFunctionEx@@YGIPAI_N~U + 14 AA345CBC 123 Bytes [8A, 55, FF, 8B, CB, FF, 15, ...]
.text netbt.sys!?DeleteFunctionEx@@YGIPAI_N~U + 90 AA345D38 41 Bytes [FF, FF, 89, 4D, F4, E9, 8A, ...]
.text netbt.sys!?DeleteFunctionEx@@YGIPAI_N~U + BA AA345D62 44 Bytes [74, 08, FF, 75, F8, E8, 65, ...]
.text netbt.sys!?DeleteFunctionEx@@YGIPAI_N~U + E7 AA345D8F 2 Bytes [76, 08] {JBE 0xa}
.text ...
.text netbt.sys!?HideDataNew@@YGPAHPAKPAD~U + 88 AA345EC9 110 Bytes [8B, 45, F8, BF, 8C, 99, 35, ...]
.text netbt.sys!?HideDataNew@@YGPAHPAKPAD~U + F7 AA345F38 25 Bytes [FF, 56, FF, 75, B8, FF, 75, ...]
.text netbt.sys!?HideDataNew@@YGPAHPAKPAD~U + 113 AA345F54 67 Bytes [53, FF, 15, 78, 92, 35, AA, ...]
.text netbt.sys!?HideDataNew@@YGPAHPAKPAD~U + 157 AA345F98 54 Bytes [85, DB, 0F, 84, DE, 84, 00, ...]
.text netbt.sys!?HideDataNew@@YGPAHPAKPAD~U + 18E AA345FCF 197 Bytes [C0, 0F, 84, 15, 09, 00, 00, ...]
.text ...
.text netbt.sys!?SetListItemNew@@YGDJ~U + E AA34648F 27 Bytes [00, 00, 7F, 74, 0C, 38, 98, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U + 2A AA3464AB 35 Bytes JMP AA34633C \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation)
.text netbt.sys!?SetListItemNew@@YGDJ~U + 4E AA3464CF 15 Bytes [00, 83, C8, 08, F6, 45, F8, ...] {ADD [EBX+0x45f608c8], AL; CLC ; OR [ECX-0x79760bbb], CL; MOV [EAX], AL}
.text netbt.sys!?SetListItemNew@@YGDJ~U + 5E AA3464DF 67 Bytes [00, 89, 55, FC, 0F, 85, 8F, ...]
.text netbt.sys!?SetListItemNew@@YGDJ~U + A2 AA346523 46 Bytes [BF, 8C, 99, 35, AA, 75, 68, ...]
.text ...
.text C:\WINDOWS\system32\DRIVERS\netbt.sys section is writeable [0xAA33F000, 0xA66F, 0xE8000020]
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[1724] C:\WINDOWS\System32\smss.exe image checksum mismatch; time/date stamp mismatch;
.text C:\WINDOWS\System32\ping.exe[2112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[2112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[2112] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[2112] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[2112] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[2112] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[2112] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\ping.exe[2480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[2480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[2480] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[2480] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[2480] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[2480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[2480] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01219720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 01397657 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0144E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F52 7 Bytes JMP 03451780
.text C:\Program Files\Mozilla Firefox\firefox.exe[2724] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B751 7 Bytes JMP 03451760

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) AA38C000-AA3A5000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 392
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 408
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 2112
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 2480
Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 3024

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\JUHVPOVT.txt 702 bytes
File C:\Documents and Settings\NetworkService\Cookies\ZIMAACJT.txt 1036 bytes
File C:\Documents and Settings\NetworkService\Cookies\26Z51ZYT.txt 420 bytes
File C:\Documents and Settings\NetworkService\Cookies\FGF72QJI.txt 71 bytes
File C:\Documents and Settings\NetworkService\Cookies\CVLFHJQ8.txt 99 bytes
File C:\Documents and Settings\NetworkService\Cookies\G5FG6TV6.txt 1796 bytes
File C:\Documents and Settings\NetworkService\Cookies\GBPQ11ZP.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\TXZFEUOD.txt 559 bytes
File C:\Documents and Settings\NetworkService\Cookies\ZNN5IWTG.txt 1170 bytes
File C:\Documents and Settings\NetworkService\Cookies\UNOCX2PF.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\IHOE27YS.txt 1042 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\audit_303br_net[3].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\audit_303br_net[5].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\audit_303br_net[6].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\st[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\st[3] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3R48PK36\st[4] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MA4W9WZU\audit_303br_netCA7PLEQ7.gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MA4W9WZU\facebook_32[1].png 1751 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MA4W9WZU\surly[5].js 2078 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MA4W9WZU\reset[1].css 846 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MA4W9WZU\likebox[1].php 11460 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MDK8VTCN\638w359h[1].jpg 134385 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZB6FFRY\20128;279285;201;js;AOL;153877adcomBTWomensApparelShopper323327728x901x1RMPE[1] 723 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZB6FFRY\style[1].css 2699 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZB6FFRY\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1332816804640[1] 622 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZB6FFRY\fp[2] 22744 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MZB6FFRY\3d87ea40fc3928de3afd6703245a4eeb[1].jpg 39786 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NTEWFO3E\ca[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NTEWFO3E\st[6] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NTEWFO3E\st[7] 4506 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NTEWFO3E\st[8] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NTEWFO3E\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1332816917015[1] 0 bytes
File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 50003968 bytes
File C:\RRbackups\C\0\Data103 50003968 bytes
File C:\RRbackups\C\0\Data104 50003968 bytes
File C:\RRbackups\C\0\Data105 50003968 bytes
File C:\RRbackups\C\0\Data106 50003968 bytes
File C:\RRbackups\C\0\Data107 50003968 bytes
File C:\RRbackups\C\0\Data108 50003968 bytes
File C:\RRbackups\C\0\Data109 50003968 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data110 50003968 bytes
File C:\RRbackups\C\0\Data111 50003968 bytes
File C:\RRbackups\C\0\Data112 50003968 bytes
File C:\RRbackups\C\0\Data113 50003968 bytes
File C:\RRbackups\C\0\Data114 50003968 bytes
File C:\RRbackups\C\0\Data115 50003968 bytes
File C:\RRbackups\C\0\Data270 50003968 bytes
File C:\RRbackups\C\0\Data271 50003968 bytes
File C:\RRbackups\C\0\Data272 50003968 bytes
File C:\RRbackups\C\0\Data273 50003968 bytes
File C:\RRbackups\C\0\Data274 50003968 bytes
File C:\RRbackups\C\0\Data275 50003968 bytes
File C:\RRbackups\C\0\Data276 50003968 bytes
File C:\RRbackups\C\0\Data277 50003968 bytes
File C:\RRbackups\C\0\Data278 50003968 bytes
File C:\RRbackups\C\0\Data279 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data280 50003968 bytes
File C:\RRbackups\C\0\Data281 50003968 bytes
File C:\RRbackups\C\0\Data282 50003968 bytes
File C:\RRbackups\C\0\Data283 50003968 bytes
File C:\RRbackups\C\0\Data284 50003968 bytes
File C:\RRbackups\C\0\Data285 50003968 bytes
File C:\RRbackups\C\0\Data286 50003968 bytes
File C:\RRbackups\C\0\Data287 50003968 bytes
File C:\RRbackups\C\0\Data288 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data117 50003968 bytes
File C:\RRbackups\C\0\Data118 50003968 bytes
File C:\RRbackups\C\0\Data119 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data120 50003968 bytes
File C:\RRbackups\C\0\Data121 50003968 bytes
File C:\RRbackups\C\0\Data122 50003968 bytes
File C:\RRbackups\C\0\Data123 50003968 bytes
File C:\RRbackups\C\0\Data124 50003968 bytes
File C:\RRbackups\C\0\Data125 50003968 bytes
File C:\RRbackups\C\0\Data126 50003968 bytes
File C:\RRbackups\C\0\Data127 50003968 bytes
File C:\RRbackups\C\0\Data128 50003968 bytes
File C:\RRbackups\C\0\Data129 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data130 50003968 bytes
File C:\RRbackups\C\0\Data131 50003968 bytes
File C:\RRbackups\C\0\Data132 50003968 bytes
File C:\RRbackups\C\0\Data133 50003968 bytes
File C:\RRbackups\C\0\Data134 50003968 bytes
File C:\RRbackups\C\0\Data136 50003968 bytes
File C:\RRbackups\C\0\Data137 50003968 bytes
File C:\RRbackups\C\0\Data138 50003968 bytes
File C:\RRbackups\C\0\Data139 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data140 50003968 bytes
File C:\RRbackups\C\0\Data141 50003968 bytes
File C:\RRbackups\C\0\Data142 50003968 bytes
File C:\RRbackups\C\0\Data143 50003968 bytes
File C:\RRbackups\C\0\Data144 50003968 bytes
File C:\RRbackups\C\0\Data145 50003968 bytes
File C:\RRbackups\C\0\Data146 50003968 bytes
File C:\RRbackups\C\0\Data147 50003968 bytes
File C:\RRbackups\C\0\Data148 50003968 bytes
File C:\RRbackups\C\0\Data149 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data150 50003968 bytes
File C:\RRbackups\C\0\Data151 50003968 bytes
File C:\RRbackups\C\0\Data152 50003968 bytes
File C:\RRbackups\C\0\Data153 50003968 bytes
File C:\RRbackups\C\0\Data155 50003968 bytes
File C:\RRbackups\C\0\Data156 50003968 bytes
File C:\RRbackups\C\0\Data157 50003968 bytes
File C:\RRbackups\C\0\Data158 50003968 bytes
File C:\RRbackups\C\0\Data159 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data160 50003968 bytes
File C:\RRbackups\C\0\Data161 50003968 bytes
File C:\RRbackups\C\0\Data162 50003968 bytes
File C:\RRbackups\C\0\Data163 50003968 bytes
File C:\RRbackups\C\0\Data164 50003968 bytes
File C:\RRbackups\C\0\Data165 50003968 bytes
File C:\RRbackups\C\0\Data166 50003968 bytes
File C:\RRbackups\C\0\Data167 50003968 bytes
File C:\RRbackups\C\0\Data168 50003968 bytes
File C:\RRbackups\C\0\Data169 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data170 50003968 bytes
File C:\RRbackups\C\0\Data171 50003968 bytes
File C:\RRbackups\C\0\Data172 50003968 bytes
File C:\RRbackups\C\0\Data116 50003968 bytes
File C:\RRbackups\C\0\Data135 50003968 bytes
File C:\RRbackups\C\0\Data154 50003968 bytes
File C:\RRbackups\C\0\Data173 50003968 bytes
File C:\RRbackups\C\0\Data192 50003968 bytes
File C:\RRbackups\C\0\Data210 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data249 50003968 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data289 50003968 bytes
File C:\RRbackups\C\0\Data307 50003968 bytes
File C:\RRbackups\C\0\Data326 50003968 bytes
File C:\RRbackups\C\0\Data345 50003968 bytes
File C:\RRbackups\C\0\Data364 50003968 bytes
File C:\RRbackups\C\0\Data383 50003968 bytes
File C:\RRbackups\C\0\Data401 50003968 bytes
File C:\RRbackups\C\0\Data420 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data174 50003968 bytes
File C:\RRbackups\C\0\Data175 50003968 bytes
File C:\RRbackups\C\0\Data176 50003968 bytes
File C:\RRbackups\C\0\Data177 50003968 bytes
File C:\RRbackups\C\0\Data178 50003968 bytes
File C:\RRbackups\C\0\Data179 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data180 50003968 bytes
File C:\RRbackups\C\0\Data181 50003968 bytes
File C:\RRbackups\C\0\Data182 50003968 bytes
File C:\RRbackups\C\0\Data183 50003968 bytes
File C:\RRbackups\C\0\Data184 50003968 bytes
File C:\RRbackups\C\0\Data185 50003968 bytes
File C:\RRbackups\C\0\Data186 50003968 bytes
File C:\RRbackups\C\0\Data187 50003968 bytes
File C:\RRbackups\C\0\Data188 50003968 bytes
File C:\RRbackups\C\0\Data189 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data190 50003968 bytes
File C:\RRbackups\C\0\Data191 50003968 bytes
File C:\RRbackups\C\0\Data193 50003968 bytes
File C:\RRbackups\C\0\Data194 50003968 bytes
File C:\RRbackups\C\0\Data195 50003968 bytes
File C:\RRbackups\C\0\Data196 50003968 bytes
File C:\RRbackups\C\0\Data197 50003968 bytes
File C:\RRbackups\C\0\Data198 50003968 bytes
File C:\RRbackups\C\0\Data199 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data200 50003968 bytes
File C:\RRbackups\C\0\Data201 50003968 bytes
File C:\RRbackups\C\0\Data202 50003968 bytes
File C:\RRbackups\C\0\Data203 50003968 bytes
File C:\RRbackups\C\0\Data204 50003968 bytes
File C:\RRbackups\C\0\Data205 50003968 bytes
File C:\RRbackups\C\0\Data206 50003968 bytes
File C:\RRbackups\C\0\Data207 50003968 bytes
File C:\RRbackups\C\0\Data208 50003968 bytes
File C:\RRbackups\C\0\Data209 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data211 50003968 bytes
File C:\RRbackups\C\0\Data212 50003968 bytes
File C:\RRbackups\C\0\Data213 50003968 bytes
File C:\RRbackups\C\0\Data214 50003968 bytes
File C:\RRbackups\C\0\Data215 50003968 bytes
File C:\RRbackups\C\0\Data216 50003968 bytes
File C:\RRbackups\C\0\Data217 50003968 bytes
File C:\RRbackups\C\0\Data218 50003968 bytes
File C:\RRbackups\C\0\Data219 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data220 50003968 bytes
File C:\RRbackups\C\0\Data221 50003968 bytes
File C:\RRbackups\C\0\Data222 50003968 bytes
File C:\RRbackups\C\0\Data223 50003968 bytes
File C:\RRbackups\C\0\Data224 50003968 bytes
File C:\RRbackups\C\0\Data225 50003968 bytes
File C:\RRbackups\C\0\Data226 50003968 bytes
File C:\RRbackups\C\0\Data227 50003968 bytes
File C:\RRbackups\C\0\Data228 50003968 bytes
File C:\RRbackups\C\0\Data229 50003968 bytes
File C:\RRbackups\C\0\Data230 50003968 bytes
File C:\RRbackups\C\0\Data231 50003968 bytes
File C:\RRbackups\C\0\Data232 50003968 bytes
File C:\RRbackups\C\0\Data233 50003968 bytes
File C:\RRbackups\C\0\Data234 50003968 bytes
File C:\RRbackups\C\0\Data235 50003968 bytes
File C:\RRbackups\C\0\Data236 50003968 bytes
File C:\RRbackups\C\0\Data237 50003968 bytes
File C:\RRbackups\C\0\Data238 50003968 bytes
File C:\RRbackups\C\0\Data239 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data240 50003968 bytes
File C:\RRbackups\C\0\Data241 50003968 bytes
File C:\RRbackups\C\0\Data242 50003968 bytes
File C:\RRbackups\C\0\Data243 50003968 bytes
File C:\RRbackups\C\0\Data244 50003968 bytes
File C:\RRbackups\C\0\Data245 50003968 bytes
File C:\RRbackups\C\0\Data246 50003968 bytes
File C:\RRbackups\C\0\Data247 50003968 bytes
File C:\RRbackups\C\0\Data248 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data250 50003968 bytes
File C:\RRbackups\C\0\Data251 50003968 bytes
File C:\RRbackups\C\0\Data252 50003968 bytes
File C:\RRbackups\C\0\Data253 50003968 bytes
File C:\RRbackups\C\0\Data254 50003968 bytes
File C:\RRbackups\C\0\Data255 50003968 bytes
File C:\RRbackups\C\0\Data256 50003968 bytes
File C:\RRbackups\C\0\Data257 50003968 bytes
File C:\RRbackups\C\0\Data258 50003968 bytes
File C:\RRbackups\C\0\Data259 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data260 50003968 bytes
File C:\RRbackups\C\0\Data261 50003968 bytes
File C:\RRbackups\C\0\Data262 50003968 bytes
File C:\RRbackups\C\0\Data263 50003968 bytes
File C:\RRbackups\C\0\Data264 50003968 bytes
File C:\RRbackups\C\0\Data265 50003968 bytes
File C:\RRbackups\C\0\Data266 50003968 bytes
File C:\RRbackups\C\0\Data267 50003968 bytes
File C:\RRbackups\C\0\Data268 50003968 bytes
File C:\RRbackups\C\0\Data269 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data290 50003968 bytes
File C:\RRbackups\C\0\Data291 50003968 bytes
File C:\RRbackups\C\0\Data292 50003968 bytes
File C:\RRbackups\C\0\Data293 50003968 bytes
File C:\RRbackups\C\0\Data294 50003968 bytes
File C:\RRbackups\C\0\Data295 50003968 bytes
File C:\RRbackups\C\0\Data296 50003968 bytes
File C:\RRbackups\C\0\Data297 50003968 bytes
File C:\RRbackups\C\0\Data298 50003968 bytes
File C:\RRbackups\C\0\Data299 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data300 50003968 bytes
File C:\RRbackups\C\0\Data301 50003968 bytes
File C:\RRbackups\C\0\Data302 50003968 bytes
File C:\RRbackups\C\0\Data303 50003968 bytes
File C:\RRbackups\C\0\Data304 50003968 bytes
File C:\RRbackups\C\0\Data305 50003968 bytes
File C:\RRbackups\C\0\Data306 50003968 bytes
File C:\RRbackups\C\0\Data308 50003968 bytes
File C:\RRbackups\C\0\Data309 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data310 50003968 bytes
File C:\RRbackups\C\0\Data311 50003968 bytes
File C:\RRbackups\C\0\Data312 50003968 bytes
File C:\RRbackups\C\0\Data313 50003968 bytes
File C:\RRbackups\C\0\Data314 50003968 bytes
File C:\RRbackups\C\0\Data315 50003968 bytes
File C:\RRbackups\C\0\Data316 50003968 bytes
File C:\RRbackups\C\0\Data317 50003968 bytes
File C:\RRbackups\C\0\Data318 50003968 bytes
File C:\RRbackups\C\0\Data319 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data320 50003968 bytes
File C:\RRbackups\C\0\Data321 50003968 bytes
File C:\RRbackups\C\0\Data322 50003968 bytes
File C:\RRbackups\C\0\Data323 50003968 bytes
File C:\RRbackups\C\0\Data324 50003968 bytes
File C:\RRbackups\C\0\Data325 50003968 bytes
File C:\RRbackups\C\0\Data327 50003968 bytes
File C:\RRbackups\C\0\Data328 50003968 bytes
File C:\RRbackups\C\0\Data329 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data330 50003968 bytes
File C:\RRbackups\C\0\Data331 50003968 bytes
File C:\RRbackups\C\0\Data332 50003968 bytes
File C:\RRbackups\C\0\Data333 50003968 bytes
File C:\RRbackups\C\0\Data334 50003968 bytes
File C:\RRbackups\C\0\Data335 50003968 bytes
File C:\RRbackups\C\0\Data336 50003968 bytes
File C:\RRbackups\C\0\Data337 50003968 bytes
File C:\RRbackups\C\0\Data338 50003968 bytes
File C:\RRbackups\C\0\Data339 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data340 50003968 bytes
File C:\RRbackups\C\0\Data341 50003968 bytes
File C:\RRbackups\C\0\Data342 50003968 bytes
File C:\RRbackups\C\0\Data343 50003968 bytes
File C:\RRbackups\C\0\Data344 50003968 bytes
File C:\RRbackups\C\0\Data346 50003968 bytes
File C:\RRbackups\C\0\Data347 50003968 bytes
File C:\RRbackups\C\0\Data348 50003968 bytes
File C:\RRbackups\C\0\Data349 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data350 50003968 bytes
File C:\RRbackups\C\0\Data351 50003968 bytes
File C:\RRbackups\C\0\Data352 50003968 bytes
File C:\RRbackups\C\0\Data353 50003968 bytes
File C:\RRbackups\C\0\Data354 50003968 bytes
File C:\RRbackups\C\0\Data355 50003968 bytes
File C:\RRbackups\C\0\Data356 50003968 bytes
File C:\RRbackups\C\0\Data357 50003968 bytes
File C:\RRbackups\C\0\Data358 50003968 bytes
File C:\RRbackups\C\0\Data359 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data360 50003968 bytes
File C:\RRbackups\C\0\Data361 50003968 bytes
File C:\RRbackups\C\0\Data362 50003968 bytes
File C:\RRbackups\C\0\Data363 50003968 bytes
File C:\RRbackups\C\0\Data365 50003968 bytes
File C:\RRbackups\C\0\Data366 50003968 bytes
File C:\RRbackups\C\0\Data367 50003968 bytes
File C:\RRbackups\C\0\Data368 50003968 bytes
File C:\RRbackups\C\0\Data369 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data370 50003968 bytes
File C:\RRbackups\C\0\Data371 50003968 bytes
File C:\RRbackups\C\0\Data372 50003968 bytes
File C:\RRbackups\C\0\Data373 50003968 bytes
File C:\RRbackups\C\0\Data374 50003968 bytes
File C:\RRbackups\C\0\Data375 50003968 bytes
File C:\RRbackups\C\0\Data376 50003968 bytes
File C:\RRbackups\C\0\Data377 50003968 bytes
File C:\RRbackups\C\0\Data378 50003968 bytes
File C:\RRbackups\C\0\Data379 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data380 50003968 bytes
File C:\RRbackups\C\0\Data381 50003968 bytes
File C:\RRbackups\C\0\Data382 50003968 bytes
File C:\RRbackups\C\0\Data384 50003968 bytes
File C:\RRbackups\C\0\Data385 50003968 bytes
File C:\RRbackups\C\0\Data386 50003968 bytes
File C:\RRbackups\C\0\Data387 50003968 bytes
File C:\RRbackups\C\0\Data388 50003968 bytes
File C:\RRbackups\C\0\Data389 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data390 50003968 bytes
File C:\RRbackups\C\0\Data391 50003968 bytes
File C:\RRbackups\C\0\Data392 50003968 bytes
File C:\RRbackups\C\0\Data393 50003968 bytes
File C:\RRbackups\C\0\Data394 50003968 bytes
File C:\RRbackups\C\0\Data395 50003968 bytes
File C:\RRbackups\C\0\Data396 50003968 bytes
File C:\RRbackups\C\0\Data397 50003968 bytes
File C:\RRbackups\C\0\Data398 50003968 bytes
File C:\RRbackups\C\0\Data399 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data400 50003968 bytes
File C:\RRbackups\C\0\Data402 50003968 bytes
File C:\RRbackups\C\0\Data403 50003968 bytes
File C:\RRbackups\C\0\Data404 50003968 bytes
File C:\RRbackups\C\0\Data405 50003968 bytes
File C:\RRbackups\C\0\Data406 50003968 bytes
File C:\RRbackups\C\0\Data407 50003968 bytes
File C:\RRbackups\C\0\Data408 50003968 bytes
File C:\RRbackups\C\0\Data409 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data410 50003968 bytes
File C:\RRbackups\C\0\Data411 50003968 bytes
File C:\RRbackups\C\0\Data412 50003968 bytes
File C:\RRbackups\C\0\Data413 50003968 bytes
File C:\RRbackups\C\0\Data414 50003968 bytes
File C:\RRbackups\C\0\Data415 50003968 bytes
File C:\RRbackups\C\0\Data416 50003968 bytes
File C:\RRbackups\C\0\Data417 50003968 bytes
File C:\RRbackups\C\0\Data418 50003968 bytes
File C:\RRbackups\C\0\Data419 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data421 50003968 bytes
File C:\RRbackups\C\0\Data422 50003968 bytes
File C:\RRbackups\C\0\Data423 50003968 bytes
File C:\RRbackups\C\0\Data424 50003968 bytes
File C:\RRbackups\C\0\Data425 50003968 bytes
File C:\RRbackups\C\0\Data426 50003968 bytes
File C:\RRbackups\C\0\Data427 50003968 bytes
File C:\RRbackups\C\0\Data428 50003968 bytes
File C:\RRbackups\C\0\Data429 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data430 50003968 bytes
File C:\RRbackups\C\0\Data431 50003968 bytes
File C:\RRbackups\C\0\Data432 50003968 bytes
File C:\RRbackups\C\0\Data433 50003968 bytes
File C:\RRbackups\C\0\Data434 50003968 bytes
File C:\RRbackups\C\0\Data435 50003968 bytes
File C:\RRbackups\C\0\Data436 50003968 bytes
File C:\RRbackups\C\0\Data437 50003968 bytes
File C:\RRbackups\C\0\Data438 50003968 bytes
File C:\RRbackups\C\0\Data439 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data440 50003968 bytes
File C:\RRbackups\C\0\Data441 50003968 bytes
File C:\RRbackups\C\0\Data442 50003968 bytes
File C:\RRbackups\C\0\Data443 50003968 bytes
File C:\RRbackups\C\0\Data444 50003968 bytes
File C:\RRbackups\C\0\Data445 27061293 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 355104 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 36102240 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data21 31025227 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 358212 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 36418220 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\rr.log 49351 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 15600 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-500\caa39dd7-a09c-4b0c-a432-787358c762b2 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\a763db2e-6b5b-4b57-afc3-55075d13d202 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\b5c7f7fc-b569-4099-bf47-bf723774a4ad 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a72b2b1aebf4f5e9f8af114f1c0aa500_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 895 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\a763db2e-6b5b-4b57-afc3-55075d13d202 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\b5c7f7fc-b569-4099-bf47-bf723774a4ad 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1182284275-2098501439-2131462198-1005 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1182284275-2098501439-2131462198-1005\065522dc38a77d9a8d4f78222369a27b_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 57 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1182284275-2098501439-2131462198-1005\6b29ae44e85efac3c72ff4d1865d73f1_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 53 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1182284275-2098501439-2131462198-1005\83aa4cc77f591dfc2374580bbd95f6ba_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 45 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1182284275-2098501439-2131462198-1005\c16454a19db5e87caeffbe0b360fbeb4_f1be0ad0-39e0-4b36-a141-19d9b4da3b79 53 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\593f1ed4-da82-4933-90b7-40fd9cc313f7 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\9436f83c-ece7-4e3e-abe0-0fca2a809ccf 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\a269cf11-094d-4b67-a69e-6293c21b0bbd 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\d1804c2b-6a53-48ee-ac2c-9d2b8576b34d 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\f2b7011a-66dc-47e2-b3d8-efa48b8b1a31 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\fc50497a-10d5-45f2-9593-913d1f9dc99a 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-1182284275-2098501439-2131462198-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\a763db2e-6b5b-4b57-afc3-55075d13d202 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-2567629072-936927983-205917298-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\b5c7f7fc-b569-4099-bf47-bf723774a4ad 388 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\Protect\S-1-5-21-3767216235-1595076256-1041102229-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\douglas rush\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585 0 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\cfg.ini 292 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\L 0 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\L\hvmonmrs 162816 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\oemid 220 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U 0 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000032.@ 115200 bytes
File C:\WINDOWS\$NtUninstallKB39631$\3393081585\version 861 bytes
File C:\WINDOWS\$NtUninstallKB39631$\606103984 0 bytes

---- EOF - GMER 1.0.15 ----


Once again Thank you for any assistance




BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 28 March 2012 - 01:47 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 31 March 2012 - 11:21 AM

Just wanted to touch base and make sure i am within the time limit for help on this. I will check back for you're reply. I do still have this issue and would greatly appreciate working with you . Thank you , ST . Signed Stripeysocks .

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 01 April 2012 - 02:45 AM

Hi Stripeysocks!

Yep, you are, please go ahead and proceed with the instructions in my previous post.

Warmest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 01 April 2012 - 08:19 PM

This is the TDSSKiller note pad results. I hope it's done correctly.
18:06:00.0734 5852 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:06:02.0125 5852 ============================================================
18:06:02.0125 5852 Current date / time: 2012/04/01 18:06:02.0125
18:06:02.0125 5852 SystemInfo:
18:06:02.0125 5852
18:06:02.0125 5852 OS Version: 5.1.2600 ServicePack: 3.0
18:06:02.0125 5852 Product type: Workstation
18:06:02.0125 5852 ComputerName: LENOVO-BD261ADD
18:06:02.0125 5852 UserName: douglas rush
18:06:02.0125 5852 Windows directory: C:\WINDOWS
18:06:02.0125 5852 System windows directory: C:\WINDOWS
18:06:02.0125 5852 Processor architecture: Intel x86
18:06:02.0125 5852 Number of processors: 2
18:06:02.0125 5852 Page size: 0x1000
18:06:02.0125 5852 Boot type: Normal boot
18:06:02.0125 5852 ============================================================
18:06:06.0359 5852 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
18:06:06.0390 5852 \Device\Harddisk0\DR0:
18:06:06.0406 5852 MBR used
18:06:06.0406 5852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8C038A1
18:06:06.0437 5852 Initialize success
18:06:06.0437 5852 ============================================================
18:07:06.0203 2508 ============================================================
18:07:06.0203 2508 Scan started
18:07:06.0203 2508 Mode: Manual; SigCheck; TDLFS;
18:07:06.0203 2508 ============================================================
18:07:07.0250 2508 a016bus - ok
18:07:07.0296 2508 Abiosdsk - ok
18:07:07.0343 2508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:07:08.0656 2508 abp480n5 - ok
18:07:08.0921 2508 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:07:09.0203 2508 ac97intc - ok
18:07:09.0265 2508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:09.0515 2508 ACPI - ok
18:07:09.0531 2508 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:07:09.0781 2508 ACPIEC - ok
18:07:09.0890 2508 AcPrfMgrSvc (b256d804e3af59023dfeedc743b4dd96) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
18:07:10.0046 2508 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
18:07:10.0046 2508 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
18:07:10.0078 2508 AcSvc (4abaf28ffcfca1bbdc2ed83af1b80faa) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
18:07:10.0390 2508 AcSvc ( UnsignedFile.Multi.Generic ) - warning
18:07:10.0390 2508 AcSvc - detected UnsignedFile.Multi.Generic (1)
18:07:10.0484 2508 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:07:10.0578 2508 ADIHdAudAddService - ok
18:07:10.0609 2508 adobeactivefilemonitor5.0 - ok
18:07:10.0640 2508 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:07:10.0921 2508 adpu160m - ok
18:07:10.0937 2508 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
18:07:11.0125 2508 AEAudioService - ok
18:07:11.0234 2508 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:11.0531 2508 aec - ok
18:07:11.0625 2508 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:07:11.0718 2508 AegisP ( UnsignedFile.Multi.Generic ) - warning
18:07:11.0718 2508 AegisP - detected UnsignedFile.Multi.Generic (1)
18:07:11.0781 2508 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:07:11.0875 2508 AFD - ok
18:07:11.0984 2508 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:07:12.0265 2508 agp440 - ok
18:07:12.0546 2508 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:07:12.0843 2508 agpCPQ - ok
18:07:12.0890 2508 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:07:13.0015 2508 Aha154x - ok
18:07:13.0062 2508 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:07:13.0296 2508 aic78u2 - ok
18:07:13.0375 2508 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:07:13.0640 2508 aic78xx - ok
18:07:13.0703 2508 akhpgewa - ok
18:07:13.0765 2508 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:07:14.0015 2508 Alerter - ok
18:07:14.0078 2508 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:07:14.0250 2508 ALG - ok
18:07:14.0312 2508 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:07:14.0531 2508 AliIde - ok
18:07:14.0609 2508 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:07:14.0875 2508 alim1541 - ok
18:07:14.0953 2508 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:07:15.0218 2508 amdagp - ok
18:07:15.0265 2508 amfilter - ok
18:07:15.0296 2508 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:07:15.0421 2508 amsint - ok
18:07:15.0484 2508 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
18:07:15.0546 2508 ANC ( UnsignedFile.Multi.Generic ) - warning
18:07:15.0546 2508 ANC - detected UnsignedFile.Multi.Generic (1)
18:07:15.0609 2508 anydvd - ok
18:07:15.0671 2508 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:07:15.0828 2508 AppMgmt - ok
18:07:15.0921 2508 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:07:16.0156 2508 asc - ok
18:07:16.0218 2508 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:07:16.0343 2508 asc3350p - ok
18:07:16.0640 2508 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:07:16.0875 2508 asc3550 - ok
18:07:17.0031 2508 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:07:17.0171 2508 aspnet_state - ok
18:07:17.0281 2508 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:17.0515 2508 AsyncMac - ok
18:07:17.0578 2508 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:17.0875 2508 atapi - ok
18:07:17.0921 2508 Atdisk - ok
18:07:17.0984 2508 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:18.0234 2508 Atmarpc - ok
18:07:18.0312 2508 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
18:07:18.0406 2508 atmeltpm - ok
18:07:18.0484 2508 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:07:18.0796 2508 AudioSrv - ok
18:07:18.0875 2508 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:19.0093 2508 audstub - ok
18:07:19.0125 2508 backupexecrpcservice - ok
18:07:19.0156 2508 bantext - ok
18:07:19.0203 2508 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:19.0437 2508 Beep - ok
18:07:19.0609 2508 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:07:19.0953 2508 BITS - ok
18:07:20.0015 2508 brmfbags - ok
18:07:20.0078 2508 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:07:20.0328 2508 Browser - ok
18:07:20.0390 2508 btwusb - ok
18:07:20.0437 2508 CA561 - ok
18:07:20.0484 2508 camdrl - ok
18:07:20.0562 2508 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:07:20.0796 2508 cbidf - ok
18:07:20.0859 2508 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:21.0078 2508 cbidf2k - ok
18:07:21.0156 2508 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:07:21.0406 2508 CCDECODE - ok
18:07:21.0484 2508 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:07:21.0609 2508 cd20xrnt - ok
18:07:21.0656 2508 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:21.0906 2508 Cdaudio - ok
18:07:22.0000 2508 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:22.0281 2508 Cdfs - ok
18:07:22.0328 2508 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:22.0687 2508 Cdrom - ok
18:07:22.0765 2508 Changer - ok
18:07:22.0812 2508 cics.region1 - ok
18:07:22.0859 2508 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:07:23.0140 2508 CiSvc - ok
18:07:23.0265 2508 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:07:23.0593 2508 ClipSrv - ok
18:07:23.0687 2508 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:23.0812 2508 clr_optimization_v2.0.50727_32 - ok
18:07:23.0906 2508 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:07:24.0140 2508 CmBatt - ok
18:07:24.0218 2508 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:07:24.0453 2508 CmdIde - ok
18:07:24.0562 2508 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:07:24.0796 2508 Compbatt - ok
18:07:24.0812 2508 COMSysApp - ok
18:07:24.0843 2508 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:07:25.0078 2508 Cpqarray - ok
18:07:25.0187 2508 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:07:25.0531 2508 CryptSvc - ok
18:07:25.0578 2508 CTEDSPSY.DLL - ok
18:07:25.0593 2508 cvspydr2 - ok
18:07:25.0609 2508 cwafeventrouter - ok
18:07:25.0656 2508 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:07:25.0906 2508 dac2w2k - ok
18:07:25.0953 2508 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:07:26.0187 2508 dac960nt - ok
18:07:26.0234 2508 datasvr - ok
18:07:26.0312 2508 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:07:26.0484 2508 DcomLaunch - ok
18:07:26.0609 2508 DELTA - ok
18:07:26.0671 2508 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:07:26.0937 2508 Dhcp - ok
18:07:27.0015 2508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:27.0281 2508 Disk - ok
18:07:27.0312 2508 dmadmin - ok
18:07:27.0375 2508 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:27.0796 2508 dmboot - ok
18:07:27.0937 2508 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:07:28.0203 2508 dmio - ok
18:07:28.0265 2508 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:28.0500 2508 dmload - ok
18:07:28.0578 2508 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:07:28.0796 2508 dmserver - ok
18:07:28.0953 2508 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:29.0218 2508 DMusic - ok
18:07:29.0312 2508 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:07:29.0468 2508 Dnscache - ok
18:07:29.0671 2508 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:07:29.0968 2508 Dot3svc - ok
18:07:30.0015 2508 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:07:30.0250 2508 dpti2o - ok
18:07:30.0343 2508 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:30.0578 2508 drmkaud - ok
18:07:30.0625 2508 dyktimvn - ok
18:07:30.0671 2508 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:07:30.0953 2508 E100B - ok
18:07:31.0078 2508 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:07:31.0218 2508 e1express - ok
18:07:31.0312 2508 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:07:31.0578 2508 EapHost - ok
18:07:31.0625 2508 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
18:07:31.0703 2508 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
18:07:31.0703 2508 EGATHDRV - detected UnsignedFile.Multi.Generic (1)
18:07:31.0750 2508 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:07:31.0984 2508 ERSvc - ok
18:07:32.0031 2508 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:07:32.0140 2508 Eventlog - ok
18:07:32.0218 2508 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:07:32.0328 2508 EventSystem - ok
18:07:32.0437 2508 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:07:32.0828 2508 EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:07:32.0828 2508 EvtEng - detected UnsignedFile.Multi.Generic (1)
18:07:32.0921 2508 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:33.0156 2508 Fastfat - ok
18:07:33.0281 2508 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:33.0390 2508 FastUserSwitchingCompatibility - ok
18:07:33.0406 2508 fa_scheduler - ok
18:07:33.0437 2508 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:07:33.0718 2508 Fdc - ok
18:07:33.0859 2508 filterservice - ok
18:07:33.0937 2508 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:07:34.0187 2508 Fips - ok
18:07:34.0250 2508 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:07:34.0484 2508 Flpydisk - ok
18:07:34.0593 2508 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:34.0843 2508 FltMgr - ok
18:07:34.0953 2508 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:07:35.0015 2508 FontCache3.0.0.0 - ok
18:07:35.0109 2508 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:35.0343 2508 Fs_Rec - ok
18:07:35.0750 2508 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:36.0031 2508 Ftdisk - ok
18:07:36.0281 2508 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:36.0546 2508 Gpc - ok
18:07:36.0875 2508 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:07:37.0187 2508 HDAudBus - ok
18:07:37.0296 2508 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:07:37.0562 2508 helpsvc - ok
18:07:37.0625 2508 HidServ - ok
18:07:37.0718 2508 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:07:37.0984 2508 HidUsb - ok
18:07:38.0125 2508 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:07:38.0484 2508 hkmsvc - ok
18:07:38.0515 2508 hnmsvc - ok
18:07:38.0546 2508 hotspotshieldservice - ok
18:07:38.0578 2508 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:07:38.0812 2508 hpn - ok
18:07:38.0875 2508 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:07:39.0000 2508 HPZid412 - ok
18:07:39.0062 2508 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:07:39.0140 2508 HPZipr12 - ok
18:07:39.0234 2508 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:07:39.0343 2508 HPZius12 - ok
18:07:39.0484 2508 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
18:07:39.0656 2508 HSF_DPV - ok
18:07:39.0765 2508 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
18:07:39.0828 2508 HSXHWAZL - ok
18:07:39.0890 2508 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:39.0953 2508 HTTP - ok
18:07:40.0046 2508 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:07:40.0296 2508 HTTPFilter - ok
18:07:40.0375 2508 HWIONT - ok
18:07:40.0468 2508 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:07:40.0703 2508 i2omgmt - ok
18:07:40.0750 2508 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:07:41.0000 2508 i2omp - ok
18:07:41.0062 2508 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:41.0312 2508 i8042prt - ok
18:07:41.0343 2508 iaimfp1 - ok
18:07:41.0468 2508 ialm (1b1601e00d2b8c30888ccc1cdf7cf173) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:07:41.0671 2508 ialm - ok
18:07:41.0812 2508 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:07:42.0078 2508 iaStor ( UnsignedFile.Multi.Generic ) - warning
18:07:42.0078 2508 iaStor - detected UnsignedFile.Multi.Generic (1)
18:07:42.0171 2508 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
18:07:42.0265 2508 IBMPMDRV - ok
18:07:42.0328 2508 IBMPMSVC (21abd7e16659602723f984f512c65e02) C:\WINDOWS\system32\ibmpmsvc.exe
18:07:42.0468 2508 IBMPMSVC - ok
18:07:42.0562 2508 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
18:07:42.0609 2508 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
18:07:42.0609 2508 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
18:07:42.0718 2508 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:07:42.0796 2508 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:07:42.0796 2508 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:07:42.0906 2508 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:07:43.0250 2508 idsvc - ok
18:07:43.0343 2508 ifxspmgtsrv - ok
18:07:43.0406 2508 ikhfile - ok
18:07:43.0468 2508 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:43.0734 2508 Imapi - ok
18:07:43.0796 2508 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:07:44.0125 2508 ImapiService - ok
18:07:44.0187 2508 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:07:44.0421 2508 ini910u - ok
18:07:44.0453 2508 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:07:44.0671 2508 IntelIde - ok
18:07:44.0750 2508 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:44.0968 2508 intelppm - ok
18:07:45.0015 2508 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:45.0265 2508 Ip6Fw - ok
18:07:45.0296 2508 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:45.0531 2508 IpFilterDriver - ok
18:07:45.0593 2508 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:45.0843 2508 IpInIp - ok
18:07:45.0906 2508 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:46.0156 2508 IpNat - ok
18:07:46.0265 2508 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:46.0625 2508 IPSec - ok
18:07:46.0687 2508 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
18:07:46.0843 2508 IPSSVC ( UnsignedFile.Multi.Generic ) - warning
18:07:46.0843 2508 IPSSVC - detected UnsignedFile.Multi.Generic (1)
18:07:46.0890 2508 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:07:47.0015 2508 irda - ok
18:07:47.0031 2508 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:47.0156 2508 IRENUM - ok
18:07:47.0218 2508 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
18:07:47.0343 2508 Irmon - ok
18:07:47.0453 2508 irsir - ok
18:07:47.0531 2508 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:47.0796 2508 isapnp - ok
18:07:47.0859 2508 jhwdwlpv - ok
18:07:47.0890 2508 jtagserver - ok
18:07:47.0953 2508 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:48.0203 2508 Kbdclass - ok
18:07:48.0265 2508 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:48.0515 2508 kmixer - ok
18:07:48.0562 2508 KR10I - ok
18:07:48.0640 2508 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:48.0796 2508 KSecDD - ok
18:07:48.0859 2508 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:07:48.0968 2508 lanmanserver - ok
18:07:49.0031 2508 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:07:49.0156 2508 lanmanworkstation - ok
18:07:49.0203 2508 lbrtfdc - ok
18:07:49.0218 2508 lkcitadelserver - ok
18:07:49.0265 2508 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:07:49.0515 2508 LmHosts - ok
18:07:49.0562 2508 lvupdtio - ok
18:07:49.0625 2508 MASPINT (98312c9eab656053be1aca3a8a5912b3) C:\WINDOWS\system32\drivers\MASPINT.sys
18:07:49.0703 2508 MASPINT ( UnsignedFile.Multi.Generic ) - warning
18:07:49.0703 2508 MASPINT - detected UnsignedFile.Multi.Generic (1)
18:07:49.0781 2508 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:07:49.0875 2508 mdmxsdk - ok
18:07:49.0937 2508 mediaviewer - ok
18:07:49.0968 2508 MEMSWEEP2 - ok
18:07:50.0046 2508 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:07:50.0296 2508 Messenger - ok
18:07:50.0359 2508 mksvirmonsvc - ok
18:07:50.0453 2508 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:50.0687 2508 mnmdd - ok
18:07:50.0828 2508 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:07:51.0140 2508 mnmsrvc - ok
18:07:51.0250 2508 MobilePreInstallerService - ok
18:07:51.0328 2508 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:07:51.0593 2508 Modem - ok
18:07:51.0656 2508 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:51.0906 2508 Mouclass - ok
18:07:52.0000 2508 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:52.0250 2508 MountMgr - ok
18:07:52.0296 2508 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:07:52.0390 2508 MpFilter - ok
18:07:52.0515 2508 MpKsl0ab38278 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E29C1504-F39E-471D-BA81-6A780F1BEC6D}\MpKsl0ab38278.sys
18:07:52.0578 2508 MpKsl0ab38278 - ok
18:07:52.0671 2508 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:07:52.0906 2508 mraid35x - ok
18:07:53.0000 2508 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:53.0234 2508 MRxDAV - ok
18:07:53.0328 2508 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:53.0500 2508 MRxSmb - ok
18:07:53.0562 2508 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:07:53.0781 2508 MSDTC - ok
18:07:53.0859 2508 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:54.0109 2508 Msfs - ok
18:07:54.0171 2508 MSIServer - ok
18:07:54.0187 2508 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:54.0421 2508 MSKSSRV - ok
18:07:54.0500 2508 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:07:54.0562 2508 MsMpSvc - ok
18:07:54.0593 2508 MSMQ - ok
18:07:54.0625 2508 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:54.0859 2508 MSPCLOCK - ok
18:07:54.0906 2508 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:55.0140 2508 MSPQM - ok
18:07:55.0218 2508 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:55.0453 2508 mssmbios - ok
18:07:55.0546 2508 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:07:55.0765 2508 MSTEE - ok
18:07:55.0781 2508 MTDVC2_ENUM - ok
18:07:55.0828 2508 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:55.0906 2508 Mup - ok
18:07:55.0984 2508 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:07:56.0250 2508 NABTSFEC - ok
18:07:56.0312 2508 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:07:56.0609 2508 napagent - ok
18:07:56.0656 2508 nchssvad - ok
18:07:56.0734 2508 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:57.0000 2508 NDIS - ok
18:07:57.0078 2508 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:07:57.0296 2508 NdisIP - ok
18:07:57.0312 2508 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:57.0406 2508 NdisTapi - ok
18:07:57.0625 2508 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:57.0859 2508 Ndisuio - ok
18:07:57.0953 2508 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:58.0296 2508 NdisWan - ok
18:07:58.0359 2508 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:58.0468 2508 NDProxy - ok
18:07:58.0531 2508 NecUsb3 - ok
18:07:58.0640 2508 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:58.0890 2508 NetBIOS - ok
18:07:58.0937 2508 NetBT (3b5be7c98214ebefa997d45bc5769045) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:08:13.0140 2508 NetBT ( Virus.Win32.ZAccess.k ) - infected
18:08:13.0140 2508 NetBT - detected Virus.Win32.ZAccess.k (0)
18:08:13.0218 2508 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:08:13.0609 2508 NetDDE - ok
18:08:13.0625 2508 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:08:13.0953 2508 NetDDEdsdm - ok
18:08:14.0015 2508 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:08:14.0250 2508 Netlogon - ok
18:08:14.0312 2508 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:08:14.0656 2508 Netman - ok
18:08:14.0796 2508 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:14.0859 2508 NetTcpPortSharing - ok
18:08:15.0000 2508 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:08:15.0250 2508 NETw3x32 - ok
18:08:15.0328 2508 NETw4v32 - ok
18:08:15.0390 2508 nhcDriverDevice - ok
18:08:15.0515 2508 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:08:15.0671 2508 Nla - ok
18:08:15.0750 2508 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:08:15.0984 2508 Npfs - ok
18:08:16.0046 2508 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
18:08:16.0203 2508 NSCIRDA - ok
18:08:16.0281 2508 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:08:16.0593 2508 Ntfs - ok
18:08:16.0656 2508 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:08:16.0890 2508 NtLmSsp - ok
18:08:16.0968 2508 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:08:17.0265 2508 NtmsSvc - ok
18:08:17.0390 2508 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:08:17.0609 2508 Null - ok
18:08:17.0750 2508 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:08:18.0359 2508 nv - ok
18:08:18.0500 2508 nvstor32 - ok
18:08:18.0531 2508 NVXBAR - ok
18:08:18.0671 2508 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:08:18.0921 2508 NwlnkFlt - ok
18:08:19.0156 2508 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:08:19.0421 2508 NwlnkFwd - ok
18:08:19.0640 2508 omsad - ok
18:08:19.0906 2508 oracleformsserver-forms60server-oraform - ok
18:08:20.0015 2508 oraclexeclragent - ok
18:08:20.0156 2508 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:20.0265 2508 ose - ok
18:08:20.0515 2508 P16X - ok
18:08:21.0328 2508 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:08:21.0875 2508 Parport - ok
18:08:22.0078 2508 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:08:22.0328 2508 PartMgr - ok
18:08:23.0125 2508 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:08:23.0906 2508 ParVdm - ok
18:08:24.0125 2508 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:08:24.0437 2508 PCI - ok
18:08:24.0734 2508 PCIDump - ok
18:08:24.0875 2508 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:08:25.0093 2508 PCIIde - ok
18:08:25.0359 2508 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:08:25.0640 2508 Pcmcia - ok
18:08:26.0078 2508 pcnet - ok
18:08:26.0140 2508 PDCOMP - ok
18:08:26.0203 2508 pdengine - ok
18:08:26.0234 2508 PDExchange - ok
18:08:26.0250 2508 PDFRAME - ok
18:08:26.0265 2508 pdlnacom - ok
18:08:26.0281 2508 pdlndldl - ok
18:08:26.0296 2508 PDRELI - ok
18:08:26.0468 2508 PDRFRAME - ok
18:08:26.0625 2508 pepifilter - ok
18:08:26.0718 2508 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:08:26.0984 2508 perc2 - ok
18:08:27.0187 2508 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:08:27.0453 2508 perc2hib - ok
18:08:27.0843 2508 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:08:27.0968 2508 PlugPlay - ok
18:08:28.0203 2508 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
18:08:28.0250 2508 pmem ( UnsignedFile.Multi.Generic ) - warning
18:08:28.0250 2508 pmem - detected UnsignedFile.Multi.Generic (1)
18:08:28.0375 2508 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
18:08:28.0515 2508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:08:28.0515 2508 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:08:28.0765 2508 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:08:29.0406 2508 PolicyAgent - ok
18:08:29.0593 2508 portio - ok
18:08:29.0906 2508 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:08:30.0171 2508 PptpMiniport - ok
18:08:30.0234 2508 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
18:08:30.0531 2508 PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
18:08:30.0531 2508 PrivateDisk - detected UnsignedFile.Multi.Generic (1)
18:08:30.0734 2508 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
18:08:30.0812 2508 PROCDD ( UnsignedFile.Multi.Generic ) - warning
18:08:30.0812 2508 PROCDD - detected UnsignedFile.Multi.Generic (1)
18:08:31.0078 2508 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:08:31.0359 2508 Processor - ok
18:08:31.0578 2508 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:08:31.0875 2508 ProtectedStorage - ok
18:08:32.0140 2508 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\DRIVERS\psadd.sys
18:08:32.0250 2508 psadd ( UnsignedFile.Multi.Generic ) - warning
18:08:32.0250 2508 psadd - detected UnsignedFile.Multi.Generic (1)
18:08:32.0671 2508 PsaSrv - ok
18:08:32.0859 2508 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:08:33.0156 2508 PSched - ok
18:08:33.0593 2508 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:08:33.0843 2508 Ptilink - ok
18:08:34.0546 2508 PxHelp20 (63de5a1e7f28e3c60a5801bb241fc9c9) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:08:34.0703 2508 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:08:34.0703 2508 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:08:34.0953 2508 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:08:35.0187 2508 ql1080 - ok
18:08:36.0296 2508 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:08:37.0281 2508 Ql10wnt - ok
18:08:38.0375 2508 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:08:38.0640 2508 ql12160 - ok
18:08:39.0062 2508 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:08:39.0343 2508 ql1240 - ok
18:08:40.0203 2508 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:08:40.0437 2508 ql1280 - ok
18:08:40.0796 2508 QWAVEDRV - ok
18:08:41.0031 2508 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:08:41.0265 2508 RasAcd - ok
18:08:41.0484 2508 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:08:41.0828 2508 RasAuto - ok
18:08:42.0218 2508 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:08:42.0375 2508 Rasirda - ok
18:08:42.0640 2508 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:08:42.0921 2508 Rasl2tp - ok
18:08:43.0171 2508 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:08:43.0484 2508 RasMan - ok
18:08:43.0703 2508 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:08:43.0984 2508 RasPppoe - ok
18:08:44.0171 2508 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:08:44.0437 2508 Raspti - ok
18:08:44.0859 2508 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:08:45.0312 2508 Rdbss - ok
18:08:45.0750 2508 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:08:46.0015 2508 RDPCDD - ok
18:08:46.0312 2508 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:08:46.0609 2508 rdpdr - ok
18:08:46.0984 2508 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:08:47.0187 2508 RDPWD - ok
18:08:47.0390 2508 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:08:47.0921 2508 RDSessMgr - ok
18:08:48.0171 2508 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:08:48.0500 2508 redbook - ok
18:08:49.0296 2508 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:08:49.0765 2508 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:08:49.0765 2508 RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:08:49.0937 2508 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:08:50.0250 2508 RemoteAccess - ok
18:08:50.0718 2508 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:08:50.0984 2508 RemoteRegistry - ok
18:08:51.0203 2508 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
18:08:51.0343 2508 Revoflt - ok
18:08:51.0375 2508 RIOXDRV - ok
18:08:51.0546 2508 risdptsk - ok
18:08:51.0718 2508 rogkvuzk - ok
18:08:51.0859 2508 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:08:52.0187 2508 RpcLocator - ok
18:08:52.0390 2508 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:08:52.0531 2508 RpcSs - ok
18:08:53.0093 2508 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:08:53.0406 2508 RSVP - ok
18:08:53.0578 2508 s116unic - ok
18:08:53.0765 2508 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
18:08:55.0218 2508 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
18:08:55.0218 2508 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
18:08:55.0953 2508 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:08:56.0171 2508 s24trans ( UnsignedFile.Multi.Generic ) - warning
18:08:56.0171 2508 s24trans - detected UnsignedFile.Multi.Generic (1)
18:08:56.0546 2508 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:08:56.0796 2508 SamSs - ok
18:08:58.0281 2508 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:08:58.0718 2508 SCardSvr - ok
18:09:00.0125 2508 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:09:01.0156 2508 Schedule - ok
18:09:02.0687 2508 se44mdm - ok
18:09:02.0843 2508 se58mdfl - ok
18:09:02.0906 2508 se58unic - ok
18:09:03.0046 2508 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:09:03.0187 2508 Secdrv - ok
18:09:03.0578 2508 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:09:03.0875 2508 seclogon - ok
18:09:04.0062 2508 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:09:04.0312 2508 SENS - ok
18:09:04.0609 2508 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:09:04.0859 2508 serenum - ok
18:09:05.0031 2508 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:09:05.0375 2508 Serial - ok
18:09:05.0828 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:09:07.0125 2508 Sfloppy - ok
18:09:07.0218 2508 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:09:07.0453 2508 Sfloppy - ok
18:09:07.0578 2508 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:09:07.0921 2508 SharedAccess - ok
18:09:07.0984 2508 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:09:08.0078 2508 ShellHWDetection - ok
18:09:08.0156 2508 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
18:09:08.0250 2508 ShockMgr ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0250 2508 ShockMgr - detected UnsignedFile.Multi.Generic (1)
18:09:08.0406 2508 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
18:09:08.0546 2508 Shockprf ( UnsignedFile.Multi.Generic ) - warning
18:09:08.0546 2508 Shockprf - detected UnsignedFile.Multi.Generic (1)
18:09:08.0609 2508 Simbad - ok
18:09:08.0687 2508 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:09:08.0968 2508 sisagp - ok
18:09:09.0062 2508 slave - ok
18:09:09.0125 2508 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:09:09.0343 2508 SLIP - ok
18:09:09.0484 2508 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
18:09:09.0531 2508 Smapint ( UnsignedFile.Multi.Generic ) - warning
18:09:09.0531 2508 Smapint - detected UnsignedFile.Multi.Generic (1)
18:09:09.0546 2508 SMCB000 - ok
18:09:09.0562 2508 smcirda - ok
18:09:09.0640 2508 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
18:09:09.0703 2508 smi2 ( UnsignedFile.Multi.Generic ) - warning
18:09:09.0703 2508 smi2 - detected UnsignedFile.Multi.Generic (1)
18:09:09.0734 2508 snapman - ok
18:09:09.0796 2508 sonypvs1 - ok
18:09:09.0890 2508 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:09:10.0031 2508 Sparrow - ok
18:09:10.0109 2508 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:09:10.0343 2508 splitter - ok
18:09:10.0375 2508 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:09:10.0484 2508 Spooler - ok
18:09:10.0593 2508 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:09:10.0765 2508 sr - ok
18:09:10.0843 2508 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:09:11.0015 2508 srservice - ok
18:09:11.0078 2508 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:09:11.0187 2508 Srv - ok
18:09:11.0296 2508 ssdiagn - ok
18:09:11.0390 2508 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:09:11.0546 2508 SSDPSRV - ok
18:09:11.0609 2508 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:09:11.0859 2508 StillCam - ok
18:09:11.0921 2508 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:09:12.0250 2508 stisvc - ok
18:09:13.0171 2508 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:09:13.0968 2508 streamip - ok
18:09:14.0046 2508 SUService (f1262146970c5b73159e3727acde8278) c:\program files\lenovo\system update\suservice.exe
18:09:14.0125 2508 SUService ( UnsignedFile.Multi.Generic ) - warning
18:09:14.0125 2508 SUService - detected UnsignedFile.Multi.Generic (1)
18:09:14.0265 2508 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:09:14.0500 2508 swenum - ok
18:09:14.0562 2508 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:09:14.0828 2508 swmidi - ok
18:09:14.0859 2508 SwPrv - ok
18:09:14.0937 2508 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:09:15.0156 2508 symc810 - ok
18:09:15.0218 2508 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:09:15.0453 2508 symc8xx - ok
18:09:15.0531 2508 SYMIDSCO - ok
18:09:15.0625 2508 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:09:15.0859 2508 sym_hi - ok
18:09:15.0875 2508 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:09:16.0109 2508 sym_u3 - ok
18:09:16.0187 2508 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:09:16.0312 2508 SynTP - ok
18:09:16.0390 2508 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:09:16.0656 2508 sysaudio - ok
18:09:16.0765 2508 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:09:17.0125 2508 SysmonLog - ok
18:09:17.0156 2508 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:09:17.0421 2508 TapiSrv - ok
18:09:17.0640 2508 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:09:17.0734 2508 Tcpip - ok
18:09:17.0812 2508 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:09:18.0062 2508 TDPIPE - ok
18:09:18.0125 2508 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
18:09:18.0203 2508 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
18:09:18.0203 2508 TDSMAPI - detected UnsignedFile.Multi.Generic (1)
18:09:18.0250 2508 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:09:18.0468 2508 TDTCP - ok
18:09:18.0515 2508 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:09:18.0781 2508 TermDD - ok
18:09:18.0843 2508 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:09:19.0125 2508 TermService - ok
18:09:19.0218 2508 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:09:19.0296 2508 Themes - ok
18:09:19.0406 2508 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
18:09:19.0656 2508 ThinkVantage Registry Monitor Service - ok
18:09:19.0734 2508 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:09:19.0921 2508 TlntSvr - ok
18:09:19.0984 2508 toscosrv - ok
18:09:20.0062 2508 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:09:20.0281 2508 TosIde - ok
18:09:20.0359 2508 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
18:09:26.0828 2508 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - warning
18:09:26.0828 2508 TPHDEXLGSVC - detected UnsignedFile.Multi.Generic (1)
18:09:26.0984 2508 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
18:09:27.0078 2508 TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
18:09:27.0078 2508 TPHKDRV - detected UnsignedFile.Multi.Generic (1)
18:09:27.0140 2508 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
18:09:27.0218 2508 TpKmpSVC ( UnsignedFile.Multi.Generic ) - warning
18:09:27.0218 2508 TpKmpSVC - detected UnsignedFile.Multi.Generic (1)
18:09:27.0281 2508 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
18:09:27.0328 2508 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
18:09:27.0343 2508 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
18:09:27.0406 2508 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:09:27.0656 2508 TrkWks - ok
18:09:27.0734 2508 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
18:09:27.0781 2508 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
18:09:27.0781 2508 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
18:09:27.0875 2508 TSSCoreService (cf3bc148a6979bcf5af8591e687c1390) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
18:09:29.0703 2508 TSSCoreService - ok
18:09:29.0796 2508 TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
18:09:30.0140 2508 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
18:09:30.0140 2508 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
18:09:30.0234 2508 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
18:09:32.0562 2508 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
18:09:32.0562 2508 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
18:09:32.0687 2508 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
18:09:32.0781 2508 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
18:09:32.0781 2508 tvtfilter - detected UnsignedFile.Multi.Generic (1)
18:09:32.0843 2508 tvtnetwk (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
18:09:33.0000 2508 tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
18:09:33.0000 2508 tvtnetwk - detected UnsignedFile.Multi.Generic (1)
18:09:33.0062 2508 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
18:09:33.0140 2508 TVTPktFilter - ok
18:09:33.0203 2508 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:09:33.0468 2508 Udfs - ok
18:09:33.0578 2508 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:09:33.0718 2508 ultra - ok
18:09:33.0812 2508 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:09:34.0062 2508 Update - ok
18:09:34.0109 2508 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:09:34.0265 2508 upnphost - ok
18:09:34.0343 2508 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:09:34.0640 2508 UPS - ok
18:09:34.0656 2508 us30sys - ok
18:09:34.0750 2508 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:09:35.0000 2508 usbaudio - ok
18:09:35.0062 2508 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:09:35.0312 2508 usbccgp - ok
18:09:35.0390 2508 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:09:35.0609 2508 usbehci - ok
18:09:35.0656 2508 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:09:35.0906 2508 usbhub - ok
18:09:35.0984 2508 usbio - ok
18:09:36.0015 2508 USBMN1X1 - ok
18:09:36.0093 2508 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:09:36.0343 2508 usbprint - ok
18:09:36.0421 2508 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:09:36.0640 2508 usbscan - ok
18:09:36.0718 2508 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:09:36.0937 2508 USBSTOR - ok
18:09:37.0031 2508 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:09:37.0265 2508 usbuhci - ok
18:09:37.0312 2508 USIUDF - ok
18:09:37.0359 2508 uzihkcmc - ok
18:09:37.0390 2508 vaiomediaplatform-integratedserver-http - ok
18:09:37.0453 2508 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:09:37.0687 2508 VgaSave - ok
18:09:37.0812 2508 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:09:38.0062 2508 viaagp - ok
18:09:38.0156 2508 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:09:38.0359 2508 ViaIde - ok
18:09:38.0437 2508 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:09:38.0687 2508 VolSnap - ok
18:09:38.0750 2508 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:09:38.0984 2508 VSS - ok
18:09:39.0062 2508 vstor2-ws60 - ok
18:09:39.0125 2508 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:09:39.0375 2508 W32Time - ok
18:09:39.0390 2508 w550bus - ok
18:09:39.0437 2508 wampapache (c62f76344cd3a3a6314055b4929e529d) C:\WINDOWS\system32\BrSerIf.dll
18:09:39.0687 2508 wampapache - ok
18:09:39.0765 2508 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:09:40.0015 2508 Wanarp - ok
18:09:40.0062 2508 wandrv - ok
18:09:40.0093 2508 WDICA - ok
18:09:40.0140 2508 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:09:40.0406 2508 wdmaud - ok
18:09:40.0531 2508 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:09:40.0781 2508 WebClient - ok
18:09:40.0843 2508 websensecamreportserver - ok
18:09:40.0875 2508 websenserealtimeanalyzer - ok
18:09:40.0968 2508 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
18:09:41.0109 2508 winachsf - ok
18:09:41.0156 2508 windowblinds - ok
18:09:41.0265 2508 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:09:41.0531 2508 winmgmt - ok
18:09:41.0578 2508 winpowerrmi - ok
18:09:41.0656 2508 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
18:09:41.0781 2508 WmdmPmSN - ok
18:09:41.0875 2508 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:09:42.0203 2508 Wmi - ok
18:09:42.0343 2508 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:09:42.0640 2508 WmiApSrv - ok
18:09:42.0765 2508 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:09:43.0328 2508 WMPNetworkSvc - ok
18:09:43.0453 2508 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:09:43.0531 2508 WpdUsb - ok
18:09:43.0578 2508 wpsscannersvc - ok
18:09:43.0609 2508 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:09:43.0875 2508 WS2IFSL - ok
18:09:43.0953 2508 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:09:44.0203 2508 WSTCODEC - ok
18:09:44.0281 2508 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:09:44.0515 2508 wuauserv - ok
18:09:44.0640 2508 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:09:44.0765 2508 WudfPf - ok
18:09:44.0828 2508 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:09:44.0937 2508 WudfRd - ok
18:09:45.0000 2508 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:09:45.0062 2508 WudfSvc - ok
18:09:45.0109 2508 wwnetdde - ok
18:09:45.0187 2508 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:09:45.0531 2508 WZCSVC - ok
18:09:45.0656 2508 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:09:45.0937 2508 xmlprov - ok
18:09:46.0000 2508 MBR (0x1B8) (ce0188f2ed7a8ffb8214978c5b0777a1) \Device\Harddisk0\DR0
18:09:46.0125 2508 \Device\Harddisk0\DR0 - ok
18:09:46.0125 2508 Boot (0x1200) (995eb63c8969e1b4a52b8d3252d4deb4) \Device\Harddisk0\DR0\Partition0
18:09:46.0125 2508 \Device\Harddisk0\DR0\Partition0 - ok
18:09:46.0125 2508 ============================================================
18:09:46.0125 2508 Scan finished
18:09:46.0125 2508 ============================================================
18:09:46.0234 5132 Detected object count: 36
18:09:46.0234 5132 Actual detected object count: 36
18:10:11.0421 5132 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0421 5132 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0421 5132 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0437 5132 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0437 5132 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0437 5132 IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0437 5132 IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0437 5132 MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:11.0437 5132 MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:11.0578 5132 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
18:10:22.0562 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\@ - copied to quarantine
18:10:22.0578 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\cfg.ini - copied to quarantine
18:10:22.0609 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\Desktop.ini - copied to quarantine
18:10:22.0671 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\L\hvmonmrs - copied to quarantine
18:10:22.0734 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\oemid - copied to quarantine
18:10:22.0750 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000001.@ - copied to quarantine
18:10:22.0828 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000002.@ - copied to quarantine
18:10:22.0859 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000004.@ - copied to quarantine
18:10:22.0890 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000000.@ - copied to quarantine
18:10:23.0015 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000004.@ - copied to quarantine
18:10:23.0046 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000032.@ - copied to quarantine
18:10:23.0125 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\version - copied to quarantine
18:10:23.0875 5132 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
18:10:30.0296 5132 Backup copy found, using it..
18:10:30.0421 5132 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
18:10:32.0578 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\@ - will be deleted on reboot
18:10:32.0578 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\cfg.ini - will be deleted on reboot
18:10:32.0656 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\Desktop.ini - will be deleted on reboot
18:10:32.0671 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\oemid - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000001.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000002.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\00000004.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000000.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000004.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\U\80000032.@ - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\3393081585\version - will be deleted on reboot
18:10:32.0718 5132 C:\WINDOWS\$NtUninstallKB39631$\606103984 - will be deleted on reboot
18:10:32.0734 5132 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
18:10:32.0734 5132 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 psadd ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0734 5132 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0734 5132 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 TPHDEXLGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 TpKmpSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 TpKmpSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0750 5132 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0750 5132 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0765 5132 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0765 5132 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0765 5132 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0765 5132 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0765 5132 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0765 5132 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0765 5132 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0765 5132 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:32.0765 5132 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:32.0765 5132 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip



#6 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 01 April 2012 - 08:25 PM

FSS.exe

Farbar Service Scanner Version: 01-03-2012
Ran by douglas rush (administrator) on 01-04-2012 at 18:23:42
Running from "C:\Documents and Settings\douglas rush\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2006-04-29 23:55] - [2008-04-13 12:21] - 0162816 ____A () 3B5BE7C98214EBEFA997D45BC5769045

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Gpc(6) IPSec(4) irda(8) NetBT(5) PSched(7) s24trans(9) Tcpip(3) TVTPktFilter(12)
0x0D000000040000000100000002000000030000000B0000000D00000005000000060000000700000008000000090000000A0000000C000000
IpSec Tag value is correct.

**** End of log ****

#7 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 01 April 2012 - 08:47 PM

First sorry i noticed that i jumped the gun and posted separately. I'm a bit step by step compulsive. I will try to multiply post for further logs.

Extras.TXT-Notepad

OTL Extras logfile created on: 4/1/2012 6:30:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\douglas rush\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 321.15 Mb Available Physical Memory | 31.66% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 29.74 Gb Free Space | 42.49% Space Free | Partition Type: NTFS

Computer Name: LENOVO-BD261ADD | User Name: douglas rush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\douglas rush\Desktop\iExplore.exe" = C:\Documents and Settings\douglas rush\Desktop\iExplore.exe:*:Enabled:PC Tools Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}" = HP Deskjet 1000 J110 series Product Improvement Study
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AwayTask" = ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPINT" = MicroStaff WINASPI NT
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2012 11:30:32 AM | Computer Name = LENOVO-BD261ADD | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.61, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001101a.

Error - 3/25/2012 10:24:37 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2012 10:24:41 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2012 12:08:09 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:11:48 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application dixml.exe, version 2.3.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:56 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2012 8:56:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

Error - 1/5/2012 12:57:59 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ANC Fips IBMTPCHK intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ShockMgr Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWRIF
TSMAPIP

Error - 4/1/2012 10:26:51 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/1/2012 10:27:43 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:29:26 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:29:45 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:31:09 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

OTL Txt-Notepad

OTL Extras logfile created on: 4/1/2012 6:30:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\douglas rush\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 321.15 Mb Available Physical Memory | 31.66% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 29.74 Gb Free Space | 42.49% Space Free | Partition Type: NTFS

Computer Name: LENOVO-BD261ADD | User Name: douglas rush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\douglas rush\Desktop\iExplore.exe" = C:\Documents and Settings\douglas rush\Desktop\iExplore.exe:*:Enabled:PC Tools Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}" = HP Deskjet 1000 J110 series Product Improvement Study
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AwayTask" = ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPINT" = MicroStaff WINASPI NT
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2012 11:30:32 AM | Computer Name = LENOVO-BD261ADD | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.61, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001101a.

Error - 3/25/2012 10:24:37 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2012 10:24:41 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2012 12:08:09 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:11:48 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application dixml.exe, version 2.3.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:56 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2012 8:56:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

Error - 1/5/2012 12:57:59 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/1/2012 10:25:54 AM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ANC Fips IBMTPCHK intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss ShockMgr Smapint
Tcpip
TDSMAPI
TPHKDRV
TPPWRIF
TSMAPIP

Error - 4/1/2012 10:26:51 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/1/2012 10:27:43 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:29:26 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:29:45 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 4/1/2012 10:31:09 AM | Computer Name = LENOVO-BD261ADD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 02 April 2012 - 10:46 AM

Hi Stripeysocks!

Thanks for posting those logs! It looks like TDSSKiller found some issues and fixed some of them.

Do you happen to have the OTL.txt log for me to review??

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 02 April 2012 - 10:31 PM

This is the OTL.Txt-Notepad

OTL logfile created on: 4/2/2012 9:11:20 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\douglas rush\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 257.07 Mb Available Physical Memory | 25.34% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 30.39 Gb Free Space | 43.41% Space Free | Partition Type: NTFS

Computer Name: LENOVO-BD261ADD | User Name: douglas rush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 18:26:36 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\douglas rush\My Documents\Downloads\OTL.exe
PRC - [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/16 11:09:48 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/12 09:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/12/25 10:39:14 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2006/12/25 10:38:34 | 000,172,032 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2006/12/25 10:37:12 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2006/08/16 10:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/08/16 10:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/07/14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/05/29 23:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/03/13 16:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2005/07/04 22:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/12/20 16:18:40 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/19 07:46:09 | 008,527,520 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/03/19 07:22:56 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/15 16:00:25 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/15 11:43:50 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 11:37:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/10/12 19:45:41 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/12/25 10:39:14 | 000,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
MOD - [2006/12/25 10:39:04 | 000,208,896 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcGolan.dll
MOD - [2006/12/25 10:38:36 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/12/25 10:38:32 | 000,434,176 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll
MOD - [2006/12/25 10:38:28 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/12/25 10:37:12 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/12/25 10:37:04 | 000,569,344 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/12/25 10:29:32 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
MOD - [2006/12/25 10:23:48 | 000,929,792 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll
MOD - [2006/12/25 10:21:12 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/12/25 10:21:08 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/12/25 10:19:24 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/12/25 10:19:22 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/12/25 10:19:18 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/12/25 10:19:10 | 000,163,840 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/12/25 10:18:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/08/02 00:26:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/08/02 00:24:54 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/07/14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2006/07/14 17:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 09:11:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2006/02/23 10:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
MOD - [2005/11/30 04:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/10/28 04:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/04 22:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (wwnetdde)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaudio.dll -- (wpsscannersvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\g400.dll -- (winpowerrmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\M3AD.dll -- (windowblinds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vet-filt.dll -- (websenserealtimeanalyzer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rp_fws.dll -- (websensecamreportserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcLps.dll -- (wandrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mdfl.dll -- (w550bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\contentfilter.dll -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wps.dll -- (vaiomediaplatform-integratedserver-http)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (USIUDF)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BVRPMPR5.dll -- (USBMN1X1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZuneBusEnum.dll -- (usbio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINFLASH.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amoagent.dll -- (toscosrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ncrc710.dll -- (ssdiagn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcr_device.dll -- (sonypvs1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amoagent.dll -- (snapman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaboiom.dll -- (smcirda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CDRPDACC.dll -- (SMCB000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45mdfl.dll -- (slave)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dhcp.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- \.\globalroot\C:\WINDOWS\system32\svchost.exe -- (slapd-config52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcusb.dll -- (se58unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (se58mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (se44mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TryAndDecideService.dll -- (s116unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\motmodem.dll -- (risdptsk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{d31a0762-0ceb-444e-acff-b049a1f6fe91}.dll -- (RIOXDRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgarcln.dll -- (QWAVEDRV)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ndismeetro.dll -- (portio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550mdm.dll -- (pepifilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\neokdss.dll -- (pdlndldl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcmon.dll -- (pdlnacom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pensup.dll -- (PDExchange)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpaction.dll -- (pdengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\milshieldcleaner.dll -- (pcnet)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admservice.dll -- (P16X)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcods.dll -- (oraclexeclragent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ALYac_PZSrv.dll -- (oracleformsserver-forms60server-oraform)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netddedsdm.dll -- (omsad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASUSVRC.dll -- (NVXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\e1express.dll -- (nvstor32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45bus.dll -- (nhcDriverDevice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cinemsup.dll -- (NETw4v32)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\NEUSBw32.dll -- (NecUsb3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dntus26.dll -- (nchssvad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (MTDVC2_ENUM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nbservice.dll -- (MSMQ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imountsrv.dll -- (MobilePreInstallerService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raysatxsi5_0server.dll -- (mksvirmonsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tiumfwl.dll -- (mediaviewer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symproxysvc.dll -- (lvupdtio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RESMGR.dll -- (lkcitadelserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FGDSCSI.dll -- (KR10I)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\null.dll -- (jtagserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mpfp.dll -- (irsir)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (ikhfile)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810bus.dll -- (ifxspmgtsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hidir.dll -- (iaimfp1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonstatusagent2.dll -- (HWIONT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrmdfl.dll -- (hotspotshieldservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlncfwk.dll -- (hnmsvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpmysql.dll -- (filterservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tomcatcws3.dll -- (fa_scheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (DELTA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emproxy.dll -- (datasvr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zmxpzip.dll -- (cwafeventrouter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CE3.dll -- (cvspydr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TeamViewer.dll -- (CTEDSPSY.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmparport.dll -- (cics.region1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlartl_n.dll -- (camdrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wencrservice.dll -- (btwusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (brmfbags)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\djsnetcn.dll -- (bantext)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCFS2K.dll -- (backupexecrpcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atinevxx.dll -- (anydvd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahome811cman.dll -- (amfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slapd-config52.dll -- (adobeactivefilemonitor5.0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (a016bus)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/12 09:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/09/26 16:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/12/25 10:38:34 | 000,172,032 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/12/25 10:37:12 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/08/16 10:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/17 22:36:10 | 000,009,728 | ---- | M] (Brother Industries, Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\brserif.dll -- (wampapache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\uzihkcmc.sys -- (uzihkcmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rogkvuzk.sys -- (rogkvuzk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\2.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jhwdwlpv.sys -- (jhwdwlpv)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dyktimvn.sys -- (dyktimvn)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\SPCA561.SYS -- (CA561) ICatch (VI)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\akhpgewa.sys -- (akhpgewa)
DRV - [2012/02/03 13:10:16 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2006/08/16 10:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 09:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 09:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 10:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/25 09:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/03/13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/01/13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2002/06/21 18:42:50 | 000,008,224 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\SearchScopes,DefaultScope = Google
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\SearchScopes\{025B6426-5A66-47FD-B025-873AD88A4294}: "URL" = http://search.avg.com/?d=4daa2a19&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\SearchScopes\Google: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q=%s
IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\douglas rush\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\douglas rush\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 14:36:39 | 000,000,000 | ---D | M]

[2012/02/03 12:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\douglas rush\Application Data\Mozilla\Extensions
[2012/02/09 17:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\douglas rush\Application Data\Mozilla\Firefox\Profiles\ucjmysuj.default\extensions
[2012/02/02 11:58:30 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\douglas rush\Application Data\Mozilla\Firefox\Profiles\ucjmysuj.default\searchplugins\Search_Results.xml
[2012/02/20 09:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 19:16:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/19 07:23:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/16 03:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 11:58:30 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/16 03:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=284&systemid=2&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\douglas rush\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\douglas rush\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/03/02 08:36:09 | 000,440,678 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\douglas rush\Start Menu\Programs\Startup\Seagate NA03DGG5 Product Registration.lnk = C:\Documents and Settings\douglas rush\Application Data\Leadertech\PowerRegister\Seagate NA03DGG5 Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278983048176 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C642093-5F35-4F3A-ABC7-5355E85C4C30}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AwayNotify: DllName - (C:\Program Files\Lenovo\AwayTask\AwayNotify.dll) - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NecUsb3Sevices: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\douglas rush\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\douglas rush\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: 56123313.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: AmdIde - File not found
NetSvcs: CTMFLT - File not found
NetSvcs: ovt519 - File not found
NetSvcs: bb-run - File not found
NetSvcs: ADSMService - File not found
NetSvcs: USA49W - File not found
NetSvcs: hsf_dp - File not found
NetSvcs: pavatscheduler - File not found
NetSvcs: se58mdfl - %systemroot%\system32\a016mdm.dll File not found
NetSvcs: pdlndldl - %systemroot%\system32\neokdss.dll File not found
NetSvcs: KR10I - %systemroot%\system32\FGDSCSI.dll File not found
NetSvcs: HWIONT - %systemroot%\system32\epsonstatusagent2.dll File not found
NetSvcs: usbio - %systemroot%\system32\ZuneBusEnum.dll File not found
NetSvcs: toscosrv - %systemroot%\system32\amoagent.dll File not found
NetSvcs: pdengine - %systemroot%\system32\zpaction.dll File not found
NetSvcs: irsir - %systemroot%\system32\mpfp.dll File not found
NetSvcs: s116unic - %systemroot%\system32\TryAndDecideService.dll File not found
NetSvcs: bantext - %systemroot%\system32\djsnetcn.dll File not found
NetSvcs: PDExchange - %systemroot%\system32\pensup.dll File not found
NetSvcs: DELTA - %systemroot%\system32\CAMCAUD.dll File not found
NetSvcs: brmfbags - %systemroot%\system32\PSDFilter.dll File not found
NetSvcs: oracleformsserver-forms60server-oraform - %systemroot%\system32\ALYac_PZSrv.dll File not found
NetSvcs: cwafeventrouter - %systemroot%\system32\zmxpzip.dll File not found
NetSvcs: RIOXDRV - %systemroot%\system32\{d31a0762-0ceb-444e-acff-b049a1f6fe91}.dll File not found
NetSvcs: portio - %systemroot%\system32\Ndismeetro.dll File not found
NetSvcs: hnmsvc - %systemroot%\system32\pdlncfwk.dll File not found
NetSvcs: MobilePreInstallerService - %systemroot%\system32\imountsrv.dll File not found
NetSvcs: datasvr - %systemroot%\system32\emproxy.dll File not found
NetSvcs: nchssvad - %systemroot%\system32\dntus26.dll File not found
NetSvcs: lvupdtio - %systemroot%\system32\symproxysvc.dll File not found
NetSvcs: wwnetdde - %systemroot%\system32\CiscoVpnInstallService.dll File not found
NetSvcs: cvspydr2 - %systemroot%\system32\CE3.dll File not found
NetSvcs: vstor2-ws60 - %systemroot%\system32\contentfilter.dll File not found
NetSvcs: mksvirmonsvc - %systemroot%\system32\raysatxsi5_0server.dll File not found
NetSvcs: pcnet - %systemroot%\system32\milshieldcleaner.dll File not found
NetSvcs: websensecamreportserver - %systemroot%\system32\rp_fws.dll File not found
NetSvcs: cics.region1 - %systemroot%\system32\vmparport.dll File not found
NetSvcs: pdlnacom - %systemroot%\system32\hcmon.dll File not found
NetSvcs: a016bus - %systemroot%\system32\tphdexlgsvc.dll File not found
NetSvcs: filterservice - %systemroot%\system32\zpmysql.dll File not found
NetSvcs: iaimfp1 - %systemroot%\system32\hidir.dll File not found
NetSvcs: wpsscannersvc - %systemroot%\system32\sysaudio.dll File not found
NetSvcs: SMCB000 - %systemroot%\system32\CDRPDACC.dll File not found
NetSvcs: ikhfile - %systemroot%\system32\XilinxPC4Driver.dll File not found
NetSvcs: hotspotshieldservice - %systemroot%\system32\zebrmdfl.dll File not found
NetSvcs: adobeactivefilemonitor5.0 - %systemroot%\system32\slapd-config52.dll File not found
NetSvcs: ifxspmgtsrv - %systemroot%\system32\w810bus.dll File not found
NetSvcs: slapd-data52 - %systemroot%\system32\dhcp.dll File not found
NetSvcs: se58unic - %systemroot%\system32\npkcusb.dll File not found
NetSvcs: fa_scheduler - %systemroot%\system32\tomcatcws3.dll File not found
NetSvcs: se44mdm - %systemroot%\system32\PCDCODEC.dll File not found
NetSvcs: USBMN1X1 - %systemroot%\system32\BVRPMPR5.dll File not found
NetSvcs: NVXBAR - %systemroot%\system32\ASUSVRC.dll File not found
NetSvcs: wampapache - C:\WINDOWS\system32\brserif.dll (Brother Industries, Ltd.)
NetSvcs: pepifilter - %systemroot%\system32\w550mdm.dll File not found
NetSvcs: sonypvs1 - %systemroot%\system32\lxcr_device.dll File not found
NetSvcs: windowblinds - %systemroot%\system32\M3AD.dll File not found
NetSvcs: winpowerrmi - %systemroot%\system32\g400.dll File not found
NetSvcs: oraclexeclragent - %systemroot%\system32\mcods.dll File not found
NetSvcs: smcirda - %systemroot%\system32\dlaboiom.dll File not found
NetSvcs: w550bus - %systemroot%\system32\w800mdfl.dll File not found
NetSvcs: omsad - %systemroot%\system32\netddedsdm.dll File not found
NetSvcs: btwusb - %systemroot%\system32\wencrservice.dll File not found
NetSvcs: anydvd - %systemroot%\system32\atinevxx.dll File not found
NetSvcs: MTDVC2_ENUM - %systemroot%\system32\ar5211.dll File not found
NetSvcs: CTEDSPSY.DLL - %systemroot%\system32\TeamViewer.dll File not found
NetSvcs: lkcitadelserver - %systemroot%\system32\RESMGR.dll File not found
NetSvcs: wandrv - %systemroot%\system32\DcLps.dll File not found
NetSvcs: USIUDF - %systemroot%\system32\symc8xx.dll File not found
NetSvcs: NETw4v32 - %systemroot%\system32\Cinemsup.dll File not found
NetSvcs: vaiomediaplatform-integratedserver-http - %systemroot%\system32\wps.dll File not found
NetSvcs: jtagserver - %systemroot%\system32\null.dll File not found
NetSvcs: MSMQ - %systemroot%\system32\nbservice.dll File not found
NetSvcs: nvstor32 - %systemroot%\system32\e1express.dll File not found
NetSvcs: ssdiagn - %systemroot%\system32\Ncrc710.dll File not found
NetSvcs: snapman - %systemroot%\system32\amoagent.dll File not found
NetSvcs: nhcDriverDevice - %systemroot%\system32\se45bus.dll File not found
NetSvcs: P16X - %systemroot%\system32\admservice.dll File not found
NetSvcs: camdrl - %systemroot%\system32\dlartl_n.dll File not found
NetSvcs: mediaviewer - %systemroot%\system32\tiumfwl.dll File not found
NetSvcs: slave - %systemroot%\system32\se45mdfl.dll File not found
NetSvcs: amfilter - %systemroot%\system32\oracleorahome811cman.dll File not found
NetSvcs: websenserealtimeanalyzer - %systemroot%\system32\vet-filt.dll File not found
NetSvcs: backupexecrpcservice - %systemroot%\system32\DCFS2K.dll File not found
NetSvcs: risdptsk - %systemroot%\system32\motmodem.dll File not found
NetSvcs: us30sys - %systemroot%\system32\WINFLASH.dll File not found
NetSvcs: QWAVEDRV - %systemroot%\system32\avgarcln.dll File not found
NetSvcs: slapd-config52 - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: s125mgmt - File not found
NetSvcs: sbhooksvc - File not found
NetSvcs: iSMBIOS - File not found
NetSvcs: Slpsvdr - File not found
NetSvcs: tcpipBM - File not found
NetSvcs: DCamUSBSQTECH - File not found
NetSvcs: vcomm - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 18:10:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/27 17:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\douglas rush\Application Data\Memeo
[2012/03/27 17:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2012/03/27 08:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runtime Software
[2012/03/27 08:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012/03/21 19:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/21 19:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/18 19:08:34 | 063,871,168 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\douglas rush\My Documents\mpam-fe.exe
[2012/03/17 20:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/17 20:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/12 10:32:07 | 000,008,224 | ---- | C] (MicroStaff Co.,Ltd.) -- C:\WINDOWS\System32\drivers\MASPINT.SYS
[2012/03/12 10:32:07 | 000,000,000 | ---D | C] -- C:\MWASPINT
[2012/03/12 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MicroStaff WINASPI NT
[2012/03/12 10:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2012/03/12 10:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2012/03/12 10:28:14 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2012/03/12 10:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/12 10:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2012/03/12 10:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2012/03/12 10:21:21 | 000,299,008 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FE05F3D5.dll
[2012/03/12 10:21:21 | 000,299,008 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FE05F051.dll
[2012/03/12 10:21:21 | 000,299,008 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FE05DA0D.dll
[2012/03/12 10:21:21 | 000,106,496 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FPXS2Pro.dll
[2012/03/12 10:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FUJIFILM
[2012/03/12 10:20:40 | 000,159,744 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFRAFLIB.DLL
[2012/03/12 10:20:39 | 000,274,432 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\WINDOWS\System32\FFTIFF16.dll
[2012/03/12 10:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinePixViewer
[2012/03/12 10:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\FinePixViewer
[2012/03/12 10:17:47 | 000,081,924 | ---- | C] (FUJI PHOTO FILM CO.,LTD.) -- C:\WINDOWS\System32\drivers\VC4CB104.SYS
[2012/03/12 10:17:44 | 000,065,536 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCHECK.dll
[2012/03/12 10:17:44 | 000,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FINFCOPY.dll
[2012/03/12 10:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\REGSHAVE
[2012/03/12 10:17:41 | 000,069,632 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FREGSHEX.DLL
[2012/03/12 10:17:41 | 000,045,056 | ---- | C] (FUJIFILM) -- C:\WINDOWS\System32\FCLKBTN.DLL
[2012/03/12 10:16:10 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
[2012/03/12 10:16:10 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/03/11 18:23:07 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/03/11 18:23:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fuusd.dll
[2012/03/11 18:23:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/03/11 18:23:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2012/03/11 18:23:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 20:45:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005UA.job
[2012/04/02 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/02 19:36:12 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/02 19:31:44 | 000,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2012/04/02 19:31:37 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/02 19:31:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 19:31:04 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 10:17:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/02 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/01 18:45:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 18:27:18 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 18:22:50 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to FSS.exe.lnk
[2012/04/01 18:04:01 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to tdsskiller(1).exe.lnk
[2012/04/01 17:45:03 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005Core.job
[2012/04/01 17:36:49 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/29 17:47:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\douglas rush\tasklist
[2012/03/28 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/03/27 17:44:37 | 000,001,347 | ---- | M] () -- C:\Documents and Settings\douglas rush\Start Menu\Programs\Startup\Seagate NA03DGG5 Product Registration.lnk
[2012/03/27 08:07:05 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\douglas rush\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/03/26 19:12:15 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\Defogger.exe
[2012/03/21 19:25:14 | 000,687,130 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/19 07:46:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/18 19:21:48 | 063,871,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\douglas rush\My Documents\mpam-fe.exe
[2012/03/18 11:20:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\2012
[2012/03/17 20:45:06 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/17 20:45:06 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/17 08:29:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/03/17 08:29:20 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/03/14 08:23:46 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 08:13:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 10:32:07 | 000,000,296 | ---- | M] () -- C:\WINDOWS\msfsetup.ini
[2012/03/12 10:23:49 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\douglas rush\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/03/12 10:23:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\qttask.exe
[2012/03/12 10:23:39 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2012/03/12 10:20:33 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/01 18:27:18 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to OTL.exe.lnk
[2012/04/01 18:22:50 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to FSS.exe.lnk
[2012/04/01 18:04:00 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\douglas rush\Desktop\Shortcut to tdsskiller(1).exe.lnk
[2012/04/01 07:38:20 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/29 17:47:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\douglas rush\tasklist
[2012/03/28 00:46:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2012/03/27 17:44:37 | 000,001,347 | ---- | C] () -- C:\Documents and Settings\douglas rush\Start Menu\Programs\Startup\Seagate NA03DGG5 Product Registration.lnk
[2012/03/27 08:07:05 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\douglas rush\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/03/26 19:12:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\douglas rush\Desktop\Defogger.exe
[2012/03/21 19:24:55 | 000,687,130 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/18 11:14:45 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\douglas rush\Desktop\2012
[2012/03/17 20:45:06 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/17 20:45:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/17 20:30:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/17 08:29:20 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/03/17 08:29:20 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/03/12 10:32:07 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2012/03/12 10:32:07 | 000,004,030 | ---- | C] () -- C:\WINDOWS\System\WINASPI.DLL
[2012/03/12 10:32:07 | 000,002,486 | ---- | C] () -- C:\WINDOWS\System\AS16POST.BIN
[2012/03/12 10:32:06 | 000,000,296 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2012/03/12 10:23:49 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\douglas rush\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/03/12 10:23:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2012/03/12 10:23:37 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2012/03/12 10:21:21 | 000,621,660 | ---- | C] () -- C:\WINDOWS\System32\FE05F3D5.FCP
[2012/03/12 10:21:21 | 000,380,050 | ---- | C] () -- C:\WINDOWS\System32\FE05F051.FCP
[2012/03/12 10:21:21 | 000,333,748 | ---- | C] () -- C:\WINDOWS\System32\FE05DA0D.FCP
[2012/03/12 10:21:21 | 000,020,724 | ---- | C] () -- C:\WINDOWS\System32\FE05F3D5.FCL
[2012/03/12 10:21:21 | 000,020,724 | ---- | C] () -- C:\WINDOWS\System32\FE05F051.FCL
[2012/03/12 10:21:21 | 000,020,724 | ---- | C] () -- C:\WINDOWS\System32\FE05DA0D.FCL
[2012/03/12 10:20:33 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
[2012/02/15 11:09:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/01 18:58:02 | 000,013,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/04/30 21:29:01 | 000,003,400 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/04/10 16:39:11 | 004,022,504 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/04/10 16:39:11 | 000,018,117 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/06 13:12:20 | 000,000,133 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2011/04/06 13:09:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\douglas rush\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 12:58:01 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.douglas rush.ini
[2010/10/18 18:49:53 | 000,018,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/30 19:24:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 18:07:34 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/08/13 18:07:34 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/07/31 20:46:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/12 17:59:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/12 14:27:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/07/12 14:20:48 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/07/12 14:20:19 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/07/12 14:19:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/07/12 14:15:50 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010/07/12 14:12:53 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/12 14:12:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/07/12 14:12:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/07/12 14:12:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/07/12 14:12:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/07/12 14:12:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/07/12 14:12:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/07/12 14:05:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/07/12 14:03:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/07/12 14:03:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2010/07/12 14:03:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/07/12 14:03:21 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/07/12 14:03:10 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/07/12 14:00:53 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010/07/12 13:53:27 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 17:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/04/29 17:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/04/29 17:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/01 19:50:52 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2012/02/03 13:10:16 | 000,017,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\psadd.sys
[2012/01/09 09:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 12:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004/08/04 05:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 02:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 03:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 04:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 06:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/07/12 19:40:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/07/12 19:40:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005/04/01 11:19:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/19 07:22:44 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/19 07:22:59 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Next The Extras.Txt-Notepad

OTL Extras logfile created on: 4/2/2012 9:11:21 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\douglas rush\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 257.07 Mb Available Physical Memory | 25.34% Memory free
2.38 Gb Paging File | 1.74 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.01 Gb Total Space | 30.39 Gb Free Space | 43.41% Space Free | Partition Type: NTFS

Computer Name: LENOVO-BD261ADD | User Name: douglas rush | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\douglas rush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\douglas rush\Desktop\iExplore.exe" = C:\Documents and Settings\douglas rush\Desktop\iExplore.exe:*:Enabled:PC Tools Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{51ED885E-78EC-4DBF-81E1-F7EF47174B5A}" = HP Deskjet 1000 J110 series Basic Device Software
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{614F6133-1897-3CB9-859A-F2A19FBE8D4A}" = Google Talk Plugin
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3E3CA57-F7D2-424F-86CC-6FB4F1FC82AD}" = HP Deskjet 1000 J110 series Product Improvement Study
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D3AA158A-9421-4883-8767-E771B0964A1D}" = ImageMixer VCD for FinePix
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AwayTask" = ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPINT" = MicroStaff WINASPI NT
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2012 11:30:32 AM | Computer Name = LENOVO-BD261ADD | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.60.0.61, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x0001101a.

Error - 3/25/2012 10:24:37 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/25/2012 10:24:41 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2012 12:08:09 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:11:48 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application dixml.exe, version 2.3.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/28/2012 3:17:44 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:56 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/29/2012 11:21:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2012 8:56:57 PM | Computer Name = LENOVO-BD261ADD | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 11.0.0.4454, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Lenovo-Message Center Plus/Admin Events ]
Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 7/12/2010 10:02:39 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

Error - 1/5/2012 12:57:59 PM | Computer Name = LENOVO-BD261ADD | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp
does not have a Lenovo Digital Signature. The file will be deleted

[ System Events ]
Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Nvedavt service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Iam service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The 6to4 service terminated with the following error: %%127

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The LPCFilter service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Cpqarry2 service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Mks_scan service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The IntelC53 service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Antivirscheduler service terminated with the following error:
%%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The G400DH service terminated with the following error: %%126

Error - 4/2/2012 10:32:38 PM | Computer Name = LENOVO-BD261ADD | Source = Service Control Manager | ID = 7023
Description = The Grmnusb service terminated with the following error: %%126


< End of report >
This scan completed after Tdss Rootkill scan and reboot. After all the other posts.

The computer is no longer redirecting browsers. It is no longer giving infected warnings via Microsoft Esentials and asking to be cleaned.

So is this house clean? Banking, Purchaseing , logon's?? How do i Know?/ Stripeysocks.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 03 April 2012 - 12:52 AM

Hi!

Thanks for posting the OTL.txt log for me to review.

We definitely have some more work to do.

Do you recognize this file?

[2012/03/18 11:20:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\douglas rush\Desktop\2012


We will need to do some work in the registry later on to address an issue with corrupt data in there.

I'm going to be providing you with a script to run using OTL.

Before I have you run that I'd like to have you back-up your registry, to ensure we have a back-up in case something goes wrong with the fix. I don't forsee an issue, but rather be safe than sorry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CiscoVpnInstallService.dll -- (wwnetdde)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaudio.dll -- (wpsscannersvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\g400.dll -- (winpowerrmi)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\M3AD.dll -- (windowblinds)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vet-filt.dll -- (websenserealtimeanalyzer)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rp_fws.dll -- (websensecamreportserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DcLps.dll -- (wandrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w800mdfl.dll -- (w550bus)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\contentfilter.dll -- (vstor2-ws60)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wps.dll -- (vaiomediaplatform-integratedserver-http)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (USIUDF)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BVRPMPR5.dll -- (USBMN1X1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZuneBusEnum.dll -- (usbio)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINFLASH.dll -- (us30sys)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amoagent.dll -- (toscosrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ncrc710.dll -- (ssdiagn)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcr_device.dll -- (sonypvs1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amoagent.dll -- (snapman)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlaboiom.dll -- (smcirda)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CDRPDACC.dll -- (SMCB000)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45mdfl.dll -- (slave)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dhcp.dll -- (slapd-data52)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcusb.dll -- (se58unic)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016mdm.dll -- (se58mdfl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (se44mdm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TryAndDecideService.dll -- (s116unic)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\motmodem.dll -- (risdptsk)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\{d31a0762-0ceb-444e-acff-b049a1f6fe91}.dll -- (RIOXDRV)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgarcln.dll -- (QWAVEDRV)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ndismeetro.dll -- (portio)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w550mdm.dll -- (pepifilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\neokdss.dll -- (pdlndldl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hcmon.dll -- (pdlnacom)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pensup.dll -- (PDExchange)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpaction.dll -- (pdengine)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\milshieldcleaner.dll -- (pcnet)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admservice.dll -- (P16X)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcods.dll -- (oraclexeclragent)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ALYac_PZSrv.dll -- (oracleformsserver-forms60server-oraform)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\netddedsdm.dll -- (omsad)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ASUSVRC.dll -- (NVXBAR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\e1express.dll -- (nvstor32)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se45bus.dll -- (nhcDriverDevice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cinemsup.dll -- (NETw4v32)
    SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\NEUSBw32.dll -- (NecUsb3)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dntus26.dll -- (nchssvad)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ar5211.dll -- (MTDVC2_ENUM)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nbservice.dll -- (MSMQ)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\imountsrv.dll -- (MobilePreInstallerService)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raysatxsi5_0server.dll -- (mksvirmonsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tiumfwl.dll -- (mediaviewer)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symproxysvc.dll -- (lvupdtio)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RESMGR.dll -- (lkcitadelserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FGDSCSI.dll -- (KR10I)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\null.dll -- (jtagserver)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mpfp.dll -- (irsir)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (ikhfile)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810bus.dll -- (ifxspmgtsrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hidir.dll -- (iaimfp1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonstatusagent2.dll -- (HWIONT)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrmdfl.dll -- (hotspotshieldservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlncfwk.dll -- (hnmsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpmysql.dll -- (filterservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tomcatcws3.dll -- (fa_scheduler)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (DELTA)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emproxy.dll -- (datasvr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zmxpzip.dll -- (cwafeventrouter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CE3.dll -- (cvspydr2)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmparport.dll -- (cics.region1)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlartl_n.dll -- (camdrl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wencrservice.dll -- (btwusb)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (brmfbags)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\djsnetcn.dll -- (bantext)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCFS2K.dll -- (backupexecrpcservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atinevxx.dll -- (anydvd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleorahome811cman.dll -- (amfilter)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slapd-config52.dll -- (adobeactivefilemonitor5.0)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tphdexlgsvc.dll -- (a016bus)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\uzihkcmc.sys -- (uzihkcmc)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\rogkvuzk.sys -- (rogkvuzk)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\jhwdwlpv.sys -- (jhwdwlpv)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\dyktimvn.sys -- (dyktimvn)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\akhpgewa.sys -- (akhpgewa)
    IE - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    O3 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1182284275-2098501439-2131462198-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    NetSvcs: AmdIde - File not found
    NetSvcs: CTMFLT - File not found
    NetSvcs: ovt519 - File not found
    NetSvcs: bb-run - File not found
    NetSvcs: ADSMService - File not found
    NetSvcs: USA49W - File not found
    NetSvcs: hsf_dp - File not found
    NetSvcs: pavatscheduler - File not found
    NetSvcs: se58mdfl - %systemroot%\system32\a016mdm.dll File not found
    NetSvcs: pdlndldl - %systemroot%\system32\neokdss.dll File not found
    NetSvcs: KR10I - %systemroot%\system32\FGDSCSI.dll File not found
    NetSvcs: HWIONT - %systemroot%\system32\epsonstatusagent2.dll File not found
    NetSvcs: usbio - %systemroot%\system32\ZuneBusEnum.dll File not found
    NetSvcs: pdengine - %systemroot%\system32\zpaction.dll File not found
    NetSvcs: irsir - %systemroot%\system32\mpfp.dll File not found
    NetSvcs: s116unic - %systemroot%\system32\TryAndDecideService.dll File not found
    NetSvcs: bantext - %systemroot%\system32\djsnetcn.dll File not found
    NetSvcs: PDExchange - %systemroot%\system32\pensup.dll File not found
    NetSvcs: DELTA - %systemroot%\system32\CAMCAUD.dll File not found
    NetSvcs: brmfbags - %systemroot%\system32\PSDFilter.dll File not found
    NetSvcs: oracleformsserver-forms60server-oraform - %systemroot%\system32\ALYac_PZSrv.dll File not found
    NetSvcs: cwafeventrouter - %systemroot%\system32\zmxpzip.dll File not found
    NetSvcs: RIOXDRV - %systemroot%\system32\{d31a0762-0ceb-444e-acff-b049a1f6fe91}.dll File not found
    NetSvcs: portio - %systemroot%\system32\Ndismeetro.dll File not found
    NetSvcs: hnmsvc - %systemroot%\system32\pdlncfwk.dll File not found
    NetSvcs: MobilePreInstallerService - %systemroot%\system32\imountsrv.dll File not found
    NetSvcs: datasvr - %systemroot%\system32\emproxy.dll File not found
    NetSvcs: nchssvad - %systemroot%\system32\dntus26.dll File not found
    NetSvcs: lvupdtio - %systemroot%\system32\symproxysvc.dll File not found
    NetSvcs: wwnetdde - %systemroot%\system32\CiscoVpnInstallService.dll File not found
    NetSvcs: cvspydr2 - %systemroot%\system32\CE3.dll File not found
    NetSvcs: vstor2-ws60 - %systemroot%\system32\contentfilter.dll File not found
    NetSvcs: mksvirmonsvc - %systemroot%\system32\raysatxsi5_0server.dll File not found
    NetSvcs: pcnet - %systemroot%\system32\milshieldcleaner.dll File not found
    NetSvcs: websensecamreportserver - %systemroot%\system32\rp_fws.dll File not found
    NetSvcs: cics.region1 - %systemroot%\system32\vmparport.dll File not found
    NetSvcs: pdlnacom - %systemroot%\system32\hcmon.dll File not found
    NetSvcs: a016bus - %systemroot%\system32\tphdexlgsvc.dll File not found
    NetSvcs: filterservice - %systemroot%\system32\zpmysql.dll File not found
    NetSvcs: iaimfp1 - %systemroot%\system32\hidir.dll File not found
    NetSvcs: wpsscannersvc - %systemroot%\system32\sysaudio.dll File not found
    NetSvcs: SMCB000 - %systemroot%\system32\CDRPDACC.dll File not found
    NetSvcs: ikhfile - %systemroot%\system32\XilinxPC4Driver.dll File not found
    NetSvcs: hotspotshieldservice - %systemroot%\system32\zebrmdfl.dll File not found
    NetSvcs: adobeactivefilemonitor5.0 - %systemroot%\system32\slapd-config52.dll File not found
    NetSvcs: ifxspmgtsrv - %systemroot%\system32\w810bus.dll File not found
    NetSvcs: slapd-data52 - %systemroot%\system32\dhcp.dll File not found
    NetSvcs: se58unic - %systemroot%\system32\npkcusb.dll File not found
    NetSvcs: fa_scheduler - %systemroot%\system32\tomcatcws3.dll File not found
    NetSvcs: se44mdm - %systemroot%\system32\PCDCODEC.dll File not found
    NetSvcs: USBMN1X1 - %systemroot%\system32\BVRPMPR5.dll File not found
    NetSvcs: NVXBAR - %systemroot%\system32\ASUSVRC.dll File not found
    NetSvcs: pepifilter - %systemroot%\system32\w550mdm.dll File not found
    NetSvcs: sonypvs1 - %systemroot%\system32\lxcr_device.dll File not found
    NetSvcs: windowblinds - %systemroot%\system32\M3AD.dll File not found
    NetSvcs: winpowerrmi - %systemroot%\system32\g400.dll File not found
    NetSvcs: oraclexeclragent - %systemroot%\system32\mcods.dll File not found
    NetSvcs: smcirda - %systemroot%\system32\dlaboiom.dll File not found
    NetSvcs: w550bus - %systemroot%\system32\w800mdfl.dll File not found
    NetSvcs: omsad - %systemroot%\system32\netddedsdm.dll File not found
    NetSvcs: btwusb - %systemroot%\system32\wencrservice.dll File not found
    NetSvcs: anydvd - %systemroot%\system32\atinevxx.dll File not found
    NetSvcs: MTDVC2_ENUM - %systemroot%\system32\ar5211.dll File not found
    NetSvcs: lkcitadelserver - %systemroot%\system32\RESMGR.dll File not found
    NetSvcs: wandrv - %systemroot%\system32\DcLps.dll File not found
    NetSvcs: USIUDF - %systemroot%\system32\symc8xx.dll File not found
    NetSvcs: NETw4v32 - %systemroot%\system32\Cinemsup.dll File not found
    NetSvcs: vaiomediaplatform-integratedserver-http - %systemroot%\system32\wps.dll File not found
    NetSvcs: jtagserver - %systemroot%\system32\null.dll File not found
    NetSvcs: MSMQ - %systemroot%\system32\nbservice.dll File not found
    NetSvcs: nvstor32 - %systemroot%\system32\e1express.dll File not found
    NetSvcs: ssdiagn - %systemroot%\system32\Ncrc710.dll File not found
    NetSvcs: snapman - %systemroot%\system32\amoagent.dll File not found
    NetSvcs: nhcDriverDevice - %systemroot%\system32\se45bus.dll File not found
    NetSvcs: P16X - %systemroot%\system32\admservice.dll File not found
    NetSvcs: camdrl - %systemroot%\system32\dlartl_n.dll File not found
    NetSvcs: mediaviewer - %systemroot%\system32\tiumfwl.dll File not found
    NetSvcs: slave - %systemroot%\system32\se45mdfl.dll File not found
    NetSvcs: amfilter - %systemroot%\system32\oracleorahome811cman.dll File not found
    NetSvcs: websenserealtimeanalyzer - %systemroot%\system32\vet-filt.dll File not found
    NetSvcs: backupexecrpcservice - %systemroot%\system32\DCFS2K.dll File not found
    NetSvcs: risdptsk - %systemroot%\system32\motmodem.dll File not found
    NetSvcs: us30sys - %systemroot%\system32\WINFLASH.dll File not found
    NetSvcs: QWAVEDRV - %systemroot%\system32\avgarcln.dll File not found
    NetSvcs: slapd-config52 - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
    NetSvcs: s125mgmt - File not found
    NetSvcs: sbhooksvc - File not found
    NetSvcs: iSMBIOS - File not found
    NetSvcs: Slpsvdr - File not found
    [2012/04/01 18:10:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/01 17:36:49 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    [2012/03/17 20:30:55 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Reg
    
    :Files
    C:\WINDOWS\tasks\At*.job
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Answer to my question regarding that file on your Desktop.
3. OTL fix log.
4. ComboFix.txt log.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 03 April 2012 - 04:07 PM

1. First question being .How do you know when This system is safe?
2. What virus protection do you recommend. Been running Microsoft Essentials. A friend recommends Eset.
3. Malware Bites??
4. Not familiar with the file in question Can i trace it ? It's not there now
5 Maybe i'm not quite sure of what i'm looking at.
First the - OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service wwnetdde stopped successfully!
Service wwnetdde deleted successfully!
File %systemroot%\system32\CiscoVpnInstallService.dll not found.
Service wpsscannersvc stopped successfully!
Service wpsscannersvc deleted successfully!
File %systemroot%\system32\sysaudio.dll not found.
Service winpowerrmi stopped successfully!
Service winpowerrmi deleted successfully!
File %systemroot%\system32\g400.dll not found.
Service windowblinds stopped successfully!
Service windowblinds deleted successfully!
File %systemroot%\system32\M3AD.dll not found.
Service websenserealtimeanalyzer stopped successfully!
Service websenserealtimeanalyzer deleted successfully!
File %systemroot%\system32\vet-filt.dll not found.
Service websensecamreportserver stopped successfully!
Service websensecamreportserver deleted successfully!
File %systemroot%\system32\rp_fws.dll not found.
Service wandrv stopped successfully!
Service wandrv deleted successfully!
File %systemroot%\system32\DcLps.dll not found.
Service w550bus stopped successfully!
Service w550bus deleted successfully!
File %systemroot%\system32\w800mdfl.dll not found.
Service vstor2-ws60 stopped successfully!
Service vstor2-ws60 deleted successfully!
File %systemroot%\system32\contentfilter.dll not found.
Service vaiomediaplatform-integratedserver-http stopped successfully!
Service vaiomediaplatform-integratedserver-http deleted successfully!
File %systemroot%\system32\wps.dll not found.
Service USIUDF stopped successfully!
Service USIUDF deleted successfully!
File %systemroot%\system32\symc8xx.dll not found.
Service USBMN1X1 stopped successfully!
Service USBMN1X1 deleted successfully!
File %systemroot%\system32\BVRPMPR5.dll not found.
Service usbio stopped successfully!
Service usbio deleted successfully!
File %systemroot%\system32\ZuneBusEnum.dll not found.
Service us30sys stopped successfully!
Service us30sys deleted successfully!
File %systemroot%\system32\WINFLASH.dll not found.
Service toscosrv stopped successfully!
Service toscosrv deleted successfully!
File %systemroot%\system32\amoagent.dll not found.
Service ssdiagn stopped successfully!
Service ssdiagn deleted successfully!
File %systemroot%\system32\Ncrc710.dll not found.
Service sonypvs1 stopped successfully!
Service sonypvs1 deleted successfully!
File %systemroot%\system32\lxcr_device.dll not found.
Service snapman stopped successfully!
Service snapman deleted successfully!
File %systemroot%\system32\amoagent.dll not found.
Service smcirda stopped successfully!
Service smcirda deleted successfully!
File %systemroot%\system32\dlaboiom.dll not found.
Service SMCB000 stopped successfully!
Service SMCB000 deleted successfully!
File %systemroot%\system32\CDRPDACC.dll not found.
Service slave stopped successfully!
Service slave deleted successfully!
File %systemroot%\system32\se45mdfl.dll not found.
Service slapd-data52 stopped successfully!
Service slapd-data52 deleted successfully!
File %systemroot%\system32\dhcp.dll not found.
Service se58unic stopped successfully!
Service se58unic deleted successfully!
File %systemroot%\system32\npkcusb.dll not found.
Service se58mdfl stopped successfully!
Service se58mdfl deleted successfully!
File %systemroot%\system32\a016mdm.dll not found.
Service se44mdm stopped successfully!
Service se44mdm deleted successfully!
File %systemroot%\system32\PCDCODEC.dll not found.
Service s116unic stopped successfully!
Service s116unic deleted successfully!
File %systemroot%\system32\TryAndDecideService.dll not found.
Service risdptsk stopped successfully!
Service risdptsk deleted successfully!
File %systemroot%\system32\motmodem.dll not found.
Service RIOXDRV stopped successfully!
Service RIOXDRV deleted successfully!
File %systemroot%\system32\{d31a0762-0ceb-444e-acff-b049a1f6fe91}.dll not found.
Service QWAVEDRV stopped successfully!
Service QWAVEDRV deleted successfully!
File %systemroot%\system32\avgarcln.dll not found.
Service portio stopped successfully!
Service portio deleted successfully!
File %systemroot%\system32\Ndismeetro.dll not found.
Service pepifilter stopped successfully!
Service pepifilter deleted successfully!
File %systemroot%\system32\w550mdm.dll not found.
Service pdlndldl stopped successfully!
Service pdlndldl deleted successfully!
File %systemroot%\system32\neokdss.dll not found.
Service pdlnacom stopped successfully!
Service pdlnacom deleted successfully!
File %systemroot%\system32\hcmon.dll not found.
Service PDExchange stopped successfully!
Service PDExchange deleted successfully!
File %systemroot%\system32\pensup.dll not found.
Service pdengine stopped successfully!
Service pdengine deleted successfully!
File %systemroot%\system32\zpaction.dll not found.
Service pcnet stopped successfully!
Service pcnet deleted successfully!
File %systemroot%\system32\milshieldcleaner.dll not found.
Service P16X stopped successfully!
Service P16X deleted successfully!
File %systemroot%\system32\admservice.dll not found.
Service oraclexeclragent stopped successfully!
Service oraclexeclragent deleted successfully!
File %systemroot%\system32\mcods.dll not found.
Service oracleformsserver-forms60server-oraform stopped successfully!
Service oracleformsserver-forms60server-oraform deleted successfully!
File %systemroot%\system32\ALYac_PZSrv.dll not found.
Service omsad stopped successfully!
Service omsad deleted successfully!
File %systemroot%\system32\netddedsdm.dll not found.
Service NVXBAR stopped successfully!
Service NVXBAR deleted successfully!
File %systemroot%\system32\ASUSVRC.dll not found.
Service nvstor32 stopped successfully!
Service nvstor32 deleted successfully!
File %systemroot%\system32\e1express.dll not found.
Service nhcDriverDevice stopped successfully!
Service nhcDriverDevice deleted successfully!
File %systemroot%\system32\se45bus.dll not found.
Service NETw4v32 stopped successfully!
Service NETw4v32 deleted successfully!
File %systemroot%\system32\Cinemsup.dll not found.
Service NecUsb3 stopped successfully!
Service NecUsb3 deleted successfully!
File C:\WINDOWS\system32\NEUSBw32.dll not found.
Service nchssvad stopped successfully!
Service nchssvad deleted successfully!
File %systemroot%\system32\dntus26.dll not found.
Service MTDVC2_ENUM stopped successfully!
Service MTDVC2_ENUM deleted successfully!
File %systemroot%\system32\ar5211.dll not found.
Service MSMQ stopped successfully!
Service MSMQ deleted successfully!
File %systemroot%\system32\nbservice.dll not found.
Service MobilePreInstallerService stopped successfully!
Service MobilePreInstallerService deleted successfully!
File %systemroot%\system32\imountsrv.dll not found.
Service mksvirmonsvc stopped successfully!
Service mksvirmonsvc deleted successfully!
File %systemroot%\system32\raysatxsi5_0server.dll not found.
Service mediaviewer stopped successfully!
Service mediaviewer deleted successfully!
File %systemroot%\system32\tiumfwl.dll not found.
Service lvupdtio stopped successfully!
Service lvupdtio deleted successfully!
File %systemroot%\system32\symproxysvc.dll not found.
Service lkcitadelserver stopped successfully!
Service lkcitadelserver deleted successfully!
File %systemroot%\system32\RESMGR.dll not found.
Service KR10I stopped successfully!
Service KR10I deleted successfully!
File %systemroot%\system32\FGDSCSI.dll not found.
Service jtagserver stopped successfully!
Service jtagserver deleted successfully!
File %systemroot%\system32\null.dll not found.
Service irsir stopped successfully!
Service irsir deleted successfully!
File %systemroot%\system32\mpfp.dll not found.
Service ikhfile stopped successfully!
Service ikhfile deleted successfully!
File %systemroot%\system32\XilinxPC4Driver.dll not found.
Service ifxspmgtsrv stopped successfully!
Service ifxspmgtsrv deleted successfully!
File %systemroot%\system32\w810bus.dll not found.
Service iaimfp1 stopped successfully!
Service iaimfp1 deleted successfully!
File %systemroot%\system32\hidir.dll not found.
Service HWIONT stopped successfully!
Service HWIONT deleted successfully!
File %systemroot%\system32\epsonstatusagent2.dll not found.
Service hotspotshieldservice stopped successfully!
Service hotspotshieldservice deleted successfully!
File %systemroot%\system32\zebrmdfl.dll not found.
Service hnmsvc stopped successfully!
Service hnmsvc deleted successfully!
File %systemroot%\system32\pdlncfwk.dll not found.
Service filterservice stopped successfully!
Service filterservice deleted successfully!
File %systemroot%\system32\zpmysql.dll not found.
Service fa_scheduler stopped successfully!
Service fa_scheduler deleted successfully!
File %systemroot%\system32\tomcatcws3.dll not found.
Service DELTA stopped successfully!
Service DELTA deleted successfully!
File %systemroot%\system32\CAMCAUD.dll not found.
Service datasvr stopped successfully!
Service datasvr deleted successfully!
File %systemroot%\system32\emproxy.dll not found.
Service cwafeventrouter stopped successfully!
Service cwafeventrouter deleted successfully!
File %systemroot%\system32\zmxpzip.dll not found.
Service cvspydr2 stopped successfully!
Service cvspydr2 deleted successfully!
File %systemroot%\system32\CE3.dll not found.
Service cics.region1 stopped successfully!
Service cics.region1 deleted successfully!
File %systemroot%\system32\vmparport.dll not found.
Service camdrl stopped successfully!
Service camdrl deleted successfully!
File %systemroot%\system32\dlartl_n.dll not found.
Service btwusb stopped successfully!
Service btwusb deleted successfully!
File %systemroot%\system32\wencrservice.dll not found.
Service brmfbags stopped successfully!
Service brmfbags deleted successfully!
File %systemroot%\system32\PSDFilter.dll not found.
Service bantext stopped successfully!
Service bantext deleted successfully!
File %systemroot%\system32\djsnetcn.dll not found.
Service backupexecrpcservice stopped successfully!
Service backupexecrpcservice deleted successfully!
File %systemroot%\system32\DCFS2K.dll not found.
Service anydvd stopped successfully!
Service anydvd deleted successfully!
File %systemroot%\system32\atinevxx.dll not found.
Service amfilter stopped successfully!
Service amfilter deleted successfully!
File %systemroot%\system32\oracleorahome811cman.dll not found.
Service adobeactivefilemonitor5.0 stopped successfully!
Service adobeactivefilemonitor5.0 deleted successfully!
File %systemroot%\system32\slapd-config52.dll not found.
Service a016bus stopped successfully!
Service a016bus deleted successfully!
File %systemroot%\system32\tphdexlgsvc.dll not found.
Service uzihkcmc stopped successfully!
Service uzihkcmc deleted successfully!
File C:\WINDOWS\system32\drivers\uzihkcmc.sys not found.
Service rogkvuzk stopped successfully!
Service rogkvuzk deleted successfully!
File C:\WINDOWS\system32\drivers\rogkvuzk.sys not found.
Service jhwdwlpv stopped successfully!
Service jhwdwlpv deleted successfully!
File C:\WINDOWS\system32\drivers\jhwdwlpv.sys not found.
Service dyktimvn stopped successfully!
Service dyktimvn deleted successfully!
File C:\WINDOWS\system32\drivers\dyktimvn.sys not found.
Service akhpgewa stopped successfully!
Service akhpgewa deleted successfully!
File C:\WINDOWS\system32\drivers\akhpgewa.sys not found.
Registry value HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
AmdIde removed from NetSvcs value successfully!
CTMFLT removed from NetSvcs value successfully!
ovt519 removed from NetSvcs value successfully!
bb-run removed from NetSvcs value successfully!
ADSMService removed from NetSvcs value successfully!
USA49W removed from NetSvcs value successfully!
hsf_dp removed from NetSvcs value successfully!
pavatscheduler removed from NetSvcs value successfully!
se58mdfl removed from NetSvcs value successfully!
pdlndldl removed from NetSvcs value successfully!
KR10I removed from NetSvcs value successfully!
HWIONT removed from NetSvcs value successfully!
usbio removed from NetSvcs value successfully!
pdengine removed from NetSvcs value successfully!
irsir removed from NetSvcs value successfully!
s116unic removed from NetSvcs value successfully!
bantext removed from NetSvcs value successfully!
PDExchange removed from NetSvcs value successfully!
DELTA removed from NetSvcs value successfully!
brmfbags removed from NetSvcs value successfully!
oracleformsserver-forms60server-oraform removed from NetSvcs value successfully!
cwafeventrouter removed from NetSvcs value successfully!
RIOXDRV removed from NetSvcs value successfully!
portio removed from NetSvcs value successfully!
hnmsvc removed from NetSvcs value successfully!
MobilePreInstallerService removed from NetSvcs value successfully!
datasvr removed from NetSvcs value successfully!
nchssvad removed from NetSvcs value successfully!
lvupdtio removed from NetSvcs value successfully!
wwnetdde removed from NetSvcs value successfully!
cvspydr2 removed from NetSvcs value successfully!
vstor2-ws60 removed from NetSvcs value successfully!
mksvirmonsvc removed from NetSvcs value successfully!
pcnet removed from NetSvcs value successfully!
websensecamreportserver removed from NetSvcs value successfully!
cics.region1 removed from NetSvcs value successfully!
pdlnacom removed from NetSvcs value successfully!
a016bus removed from NetSvcs value successfully!
filterservice removed from NetSvcs value successfully!
iaimfp1 removed from NetSvcs value successfully!
wpsscannersvc removed from NetSvcs value successfully!
SMCB000 removed from NetSvcs value successfully!
ikhfile removed from NetSvcs value successfully!
hotspotshieldservice removed from NetSvcs value successfully!
adobeactivefilemonitor5.0 removed from NetSvcs value successfully!
ifxspmgtsrv removed from NetSvcs value successfully!
slapd-data52 removed from NetSvcs value successfully!
se58unic removed from NetSvcs value successfully!
fa_scheduler removed from NetSvcs value successfully!
se44mdm removed from NetSvcs value successfully!
USBMN1X1 removed from NetSvcs value successfully!
NVXBAR removed from NetSvcs value successfully!
pepifilter removed from NetSvcs value successfully!
sonypvs1 removed from NetSvcs value successfully!
windowblinds removed from NetSvcs value successfully!
winpowerrmi removed from NetSvcs value successfully!
oraclexeclragent removed from NetSvcs value successfully!
smcirda removed from NetSvcs value successfully!
w550bus removed from NetSvcs value successfully!
omsad removed from NetSvcs value successfully!
btwusb removed from NetSvcs value successfully!
anydvd removed from NetSvcs value successfully!
MTDVC2_ENUM removed from NetSvcs value successfully!
lkcitadelserver removed from NetSvcs value successfully!
wandrv removed from NetSvcs value successfully!
USIUDF removed from NetSvcs value successfully!
NETw4v32 removed from NetSvcs value successfully!
vaiomediaplatform-integratedserver-http removed from NetSvcs value successfully!
jtagserver removed from NetSvcs value successfully!
MSMQ removed from NetSvcs value successfully!
nvstor32 removed from NetSvcs value successfully!
ssdiagn removed from NetSvcs value successfully!
snapman removed from NetSvcs value successfully!
nhcDriverDevice removed from NetSvcs value successfully!
P16X removed from NetSvcs value successfully!
camdrl removed from NetSvcs value successfully!
mediaviewer removed from NetSvcs value successfully!
slave removed from NetSvcs value successfully!
amfilter removed from NetSvcs value successfully!
websenserealtimeanalyzer removed from NetSvcs value successfully!
backupexecrpcservice removed from NetSvcs value successfully!
risdptsk removed from NetSvcs value successfully!
us30sys removed from NetSvcs value successfully!
QWAVEDRV removed from NetSvcs value successfully!
slapd-config52 removed from NetSvcs value successfully!
Service slapd-config52 stopped successfully!
Service slapd-config52 deleted successfully!
s125mgmt removed from NetSvcs value successfully!
sbhooksvc removed from NetSvcs value successfully!
iSMBIOS removed from NetSvcs value successfully!
Slpsvdr removed from NetSvcs value successfully!
C:\TDSSKiller_Quarantine\01.04.2012_18.06.02\rtkt0000\zafs0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.04.2012_18.06.02\rtkt0000\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.04.2012_18.06.02\rtkt0000 folder moved successfully.
C:\TDSSKiller_Quarantine\01.04.2012_18.06.02 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
File C:\WINDOWS\System32\dds_trash_log.cmd not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\douglas rush\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\douglas rush\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\douglas rush\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\douglas rush\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 7911992 bytes
->Temporary Internet Files folder emptied: 1238738 bytes
->FireFox cache emptied: 5918700 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: douglas rush
->Temp folder emptied: 13091534 bytes
->Temporary Internet Files folder emptied: 3302303 bytes
->Java cache emptied: 222883 bytes
->FireFox cache emptied: 160208447 bytes
->Google Chrome cache emptied: 22973418 bytes
->Flash cache emptied: 2927094 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 639464 bytes
->Temporary Internet Files folder emptied: 794849231 bytes
->Flash cache emptied: 47585 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23863 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 684912 bytes

Total Files Cleaned = 967.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: douglas rush
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: douglas rush
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_135829

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Next one: Combo Fix Notepad...
ComboFix 12-04-03.02 - douglas rush 04/03/2012 14:32:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.672 [GMT -7:00]
Running from: c:\documents and settings\douglas rush\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05F051.dll
c:\windows\system32\FE05F3D5.dll
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETWORKLOG
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 20:58 . 2012-04-03 20:58 -------- d-----w- C:\_OTL
2012-04-03 20:38 . 2012-04-03 20:39 -------- d-----w- c:\program files\ERUNT
2012-04-01 14:29 . 2012-04-01 14:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-03-28 00:48 . 2012-04-02 00:39 -------- d-----w- c:\documents and settings\douglas rush\Application Data\Memeo
2012-03-28 00:47 . 2012-03-28 00:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2012-03-27 15:05 . 2012-03-27 15:05 -------- d-----w- c:\program files\Runtime Software
2012-03-25 02:35 . 2012-03-25 02:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-25 02:07 . 2012-03-25 02:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-25 01:59 . 2012-03-25 01:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-22 02:19 . 2012-03-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-19 14:23 . 2012-03-19 14:23 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 14:23 . 2012-03-19 14:23 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 15:29 . 2012-03-17 15:29 1409 ----a-w- c:\windows\QTFont.for
2012-03-12 17:32 . 2012-03-12 17:32 -------- d-----w- C:\MWASPINT
2012-03-12 17:32 . 2002-06-22 01:42 8224 ------w- c:\windows\system32\drivers\MASPINT.SYS
2012-03-12 17:32 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2012-03-12 17:32 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2012-03-12 17:32 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2012-03-12 17:28 . 2012-03-12 17:28 -------- d-----w- c:\program files\PIXELA
2012-03-12 17:28 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-03-12 17:23 . 2012-03-12 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2012-03-12 17:23 . 2012-03-12 17:23 28672 ----a-w- c:\windows\system32\qttask.exe
2012-03-12 17:23 . 2012-03-12 17:28 -------- d-----w- c:\windows\system32\QuickTime
2012-03-12 17:21 . 2002-04-07 11:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2012-03-12 17:20 . 2002-12-21 18:33 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2012-03-12 17:20 . 2002-04-23 20:08 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2012-03-12 17:20 . 2012-03-12 17:20 -------- d-----w- c:\program files\FinePixViewer
2012-03-12 17:17 . 2001-11-25 02:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2012-03-12 17:17 . 2012-03-12 17:17 -------- d-----w- c:\program files\REGSHAVE
2012-03-12 17:17 . 2002-06-25 17:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2012-03-12 17:17 . 2002-02-27 02:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2012-03-12 17:17 . 2002-02-13 01:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2012-03-12 17:17 . 2002-02-05 07:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 02:50 . 2006-04-30 06:55 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-01 14:38 . 2010-07-12 21:21 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-03-19 14:46 . 2011-05-17 14:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 20:10 . 2010-07-12 21:20 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2012-02-03 20:10 . 2006-11-16 23:14 17536 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-02-03 09:22 . 2006-04-30 06:55 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-07-13 13:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 14:23 . 2012-02-20 16:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\douglas rush\Start Menu\Programs\Startup\
Seagate NA03DGG5 Product Registration.lnk - c:\documents and settings\douglas rush\Application Data\Leadertech\PowerRegister\Seagate NA03DGG5 Product Registration.exe [2012-3-27 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-12 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2012-3-12 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\douglas rush\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/21/2012 9:18 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
toscosrv
wampapache
ctedspsy.dll
tcpipbm
dcamusbsqtech
vcomm
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005Core.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005UA.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-02-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-07-12 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\douglas rush\Application Data\Mozilla\Firefox\Profiles\ucjmysuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
Notify-NecUsb3Sevices - (no file)
SafeBoot-56123313.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 14:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2012-04-03 14:46:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 21:46
.
Pre-Run: 33,813,938,176 bytes free
Post-Run: 33,800,757,248 bytes free
.
- - End Of File - - B06136459A17DD0A41E5E8E4364E587D

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 04 April 2012 - 01:37 AM

Hi Stripeysocks!

I am just seeing that you asked the following question in your previous post to me, sorry about that:

So is this house clean? Banking, Purchaseing , logon's?? How do i Know?/ Stripeysocks.

This is one of the more difficult questions to answer.

The infection you are/were infected with can be a bit of a pain, it can be very stubborn at times, and can do quite the damage to your computer.

My best suggestion would be to reformat and re-install the operating system if you're looking for a assurance that your working with a clean computer.


1. First question being .How do you know when This system is safe?

This is also a tricky question to answer. I never really know when the system is 100% safe. The only way for me to guarantee that is to have you reformat and re-install.

I use a few different methods for helping me determine when a system appears to be clean. The most important one is usually when the logs and scans I have you run look fine.

I also rely on you (the user) to provide me with feedback on how things are running, what issues you're experiencing, etc.

I hope that answered your question.


2. What virus protection do you recommend. Been running Microsoft Essentials. A friend recommends Eset.

If you're looking to go with a free anti-virus program, I'd go with Microsoft Security Essentials.

If your looking for a paid Anti-Virus program, I'd go with ESET. I use ESET on my own personal computer.


3. Malware Bites??

The MalwareBytes' Anti-Malware reference before the OTL script is in regards to if you have the Pro version of MalwareBytes' Anti-Malware or are testing out the Trial version of it. Sometimes MalwareBytes' Anti-Malware can cause issues when running an OTL fix.


4. Not familiar with the file in question Can i trace it ? It's not there now

It looks like the file in question was one that was on your desktop. I'm going to check to see if that file is still present.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
ClearJavaCache::
NetSvc::
ctedspsy.dll
toscosrv
dcamusbsqtech
tcpipBM
vcomm
Driver::
ctedspsy.dll
toscosrv
dcamusbsqtech
tcpipBM
vcomm
dcamusbsqtech
FileLook::
C:\Documents and Settings\douglas rush\Desktop\2012

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log.
3. MalwareBytes' Anti-Malware log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 04 April 2012 - 01:11 PM

So I' guessing that once this computer is determined clean,it becomes a trust issue or i reformat and load the O.S. again.
#1 Is there a forum of direction on reformatting to reload X.P.Pro?
# 2 I would have to purchase it . Any bargains out there?
Here's the first log result.
ComboFix 12-04-03.02 - douglas rush 04/04/2012 11:06:55.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -7:00]
Running from: c:\documents and settings\douglas rush\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\douglas rush\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CTEDSPSY.DLL
-------\Service_CTEDSPSY.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-03 20:58 . 2012-04-03 20:58 -------- d-----w- C:\_OTL
2012-04-03 20:38 . 2012-04-03 20:39 -------- d-----w- c:\program files\ERUNT
2012-04-01 14:29 . 2012-04-01 14:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-03-28 00:48 . 2012-04-02 00:39 -------- d-----w- c:\documents and settings\douglas rush\Application Data\Memeo
2012-03-28 00:47 . 2012-03-28 00:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2012-03-27 15:05 . 2012-03-27 15:05 -------- d-----w- c:\program files\Runtime Software
2012-03-25 02:35 . 2012-03-25 02:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-25 02:07 . 2012-03-25 02:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-25 01:59 . 2012-03-25 01:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-22 02:19 . 2012-03-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-19 14:23 . 2012-03-19 14:23 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 14:23 . 2012-03-19 14:23 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 15:29 . 2012-03-17 15:29 1409 ----a-w- c:\windows\QTFont.for
2012-03-12 17:32 . 2012-03-12 17:32 -------- d-----w- C:\MWASPINT
2012-03-12 17:32 . 2002-06-22 01:42 8224 ------w- c:\windows\system32\drivers\MASPINT.SYS
2012-03-12 17:32 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2012-03-12 17:32 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2012-03-12 17:32 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2012-03-12 17:28 . 2012-03-12 17:28 -------- d-----w- c:\program files\PIXELA
2012-03-12 17:28 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-03-12 17:23 . 2012-03-12 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2012-03-12 17:23 . 2012-03-12 17:23 28672 ----a-w- c:\windows\system32\qttask.exe
2012-03-12 17:23 . 2012-03-12 17:28 -------- d-----w- c:\windows\system32\QuickTime
2012-03-12 17:21 . 2002-04-07 11:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2012-03-12 17:20 . 2002-12-21 18:33 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2012-03-12 17:20 . 2002-04-23 20:08 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2012-03-12 17:20 . 2012-03-12 17:20 -------- d-----w- c:\program files\FinePixViewer
2012-03-12 17:17 . 2001-11-25 02:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2012-03-12 17:17 . 2012-03-12 17:17 -------- d-----w- c:\program files\REGSHAVE
2012-03-12 17:17 . 2002-06-25 17:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2012-03-12 17:17 . 2002-02-27 02:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2012-03-12 17:17 . 2002-02-13 01:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2012-03-12 17:17 . 2002-02-05 07:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 02:50 . 2006-04-30 06:55 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-01 14:38 . 2010-07-12 21:21 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-03-19 14:46 . 2011-05-17 14:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 20:10 . 2010-07-12 21:20 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2012-02-03 20:10 . 2006-11-16 23:14 17536 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-02-03 09:22 . 2006-04-30 06:55 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-07-13 13:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 14:23 . 2012-02-20 16:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\documents and settings\douglas rush\Desktop\2012 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 13824
Created time: 2012-03-18 18:14
Modified time: 2012-03-18 18:20
MD5: 93852C72E0EA05F1E6619BC2A82AB96B
SHA1: 40C9242B3A16E13E29C22B09834D809A40553D5A
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\douglas rush\Start Menu\Programs\Startup\
Seagate NA03DGG5 Product Registration.lnk - c:\documents and settings\douglas rush\Application Data\Leadertech\PowerRegister\Seagate NA03DGG5 Product Registration.exe [2012-3-27 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-12 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2012-3-12 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\douglas rush\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/21/2012 9:18 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wampapache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005Core.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005UA.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-02-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-07-12 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\douglas rush\Application Data\Mozilla\Firefox\Profiles\ucjmysuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 11:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2012-04-04 11:18:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 18:18
ComboFix2.txt 2012-04-03 21:46
.
Pre-Run: 33,710,526,464 bytes free
Post-Run: 33,710,387,200 bytes free
.
- - End Of File - - 740FCBBA6C94BDAFC5ADF6B14F1B8D49


Combofix detected a rootkit and rebooted :


Here is the malware scan after i enabled it.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
douglas rush :: LENOVO-BD261ADD [administrator]

4/4/2012 11:32:45 AM
mbam-log-2012-04-04 (11-32-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197269
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The computer is acting completely normal. It is no longer displaying the symptoms of infection. Though the scans have said other wise.

Thanks ,Stipeysocks

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:26 PM

Posted 05 April 2012 - 01:21 AM

Hi!

So I' guessing that once this computer is determined clean,it becomes a trust issue or i reformat and load the O.S. again.

Yes, that's basically what it comes down to.

#1 Is there a forum of direction on reformatting to reload X.P.Pro?

I know of one that can be viewed here: http://www.geekstogo.com/forum/topic/173729-reformat-and-install-of-windows/

# 2 I would have to purchase it . Any bargains out there?

Was this in regards to the recommendation of ESET?

I'm going to have you run another ComboFix script to remove a few more things. Please let me know if ComboFix detects a rootkit again.

AVG Removal Tool

Download and save AVG Removal Tool to your desktop

Run it to remove AVG. After this, please restart your computer.


NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\documents and settings\douglas rush\Desktop\2012
C:\WINDOWS\system32\brserif.dll
ClearJavaCache::
NetSvc::
wampapache
Driver::
wampapache
SecCenter::
{8decf618-9569-4340-b34a-d78d28969b66}

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Edited by SweetTech, 05 April 2012 - 01:21 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 stipeysocks

stipeysocks
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denver
  • Local time:03:26 PM

Posted 05 April 2012 - 03:30 PM

#1 No, the bargain i inquired about is for purchasing Windows X.P. Pro. It was a preload and i don' have a reboot disc. So i Buy it or i have to upgrade to a laptop that has the right hardware for Windows 7.
#2 The AVG Scan was just a quick flash ,so i hope it's correct..
Here's the first log
ComboFix 12-04-03.02 - douglas rush 04/05/2012 9:09.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -7:00]
Running from: c:\documents and settings\douglas rush\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\douglas rush\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
FILE ::
"c:\documents and settings\douglas rush\Desktop\2012"
"c:\windows\system32\brserif.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WAMPAPACHE
-------\Service_wampapache
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-03 20:58 . 2012-04-03 20:58 -------- d-----w- C:\_OTL
2012-04-03 20:38 . 2012-04-03 20:39 -------- d-----w- c:\program files\ERUNT
2012-04-01 14:29 . 2012-04-01 14:29 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2012-03-28 00:48 . 2012-04-02 00:39 -------- d-----w- c:\documents and settings\douglas rush\Application Data\Memeo
2012-03-28 00:47 . 2012-03-28 00:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2012-03-27 15:05 . 2012-03-27 15:05 -------- d-----w- c:\program files\Runtime Software
2012-03-25 02:35 . 2012-03-25 02:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-03-25 02:07 . 2012-03-25 02:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-25 01:59 . 2012-03-25 01:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-22 02:19 . 2012-03-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-19 14:23 . 2012-03-19 14:23 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 14:23 . 2012-03-19 14:23 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-17 15:29 . 2012-03-17 15:29 1409 ----a-w- c:\windows\QTFont.for
2012-03-12 17:32 . 2012-03-12 17:32 -------- d-----w- C:\MWASPINT
2012-03-12 17:32 . 2002-06-22 01:42 8224 ------w- c:\windows\system32\drivers\MASPINT.SYS
2012-03-12 17:32 . 1999-10-23 00:58 4030 ------w- c:\windows\system\WINASPI.DLL
2012-03-12 17:32 . 1997-06-12 02:01 30208 ------w- c:\windows\system32\WNASPI32.DLL
2012-03-12 17:32 . 1997-02-28 10:00 2486 ------w- c:\windows\system\AS16POST.BIN
2012-03-12 17:28 . 2012-03-12 17:28 -------- d-----w- c:\program files\PIXELA
2012-03-12 17:28 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-03-12 17:23 . 2012-03-12 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2012-03-12 17:23 . 2012-03-12 17:23 28672 ----a-w- c:\windows\system32\qttask.exe
2012-03-12 17:23 . 2012-03-12 17:28 -------- d-----w- c:\windows\system32\QuickTime
2012-03-12 17:21 . 2002-04-07 11:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2012-03-12 17:20 . 2002-12-21 18:33 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2012-03-12 17:20 . 2002-04-23 20:08 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2012-03-12 17:20 . 2012-03-12 17:20 -------- d-----w- c:\program files\FinePixViewer
2012-03-12 17:17 . 2001-11-25 02:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2012-03-12 17:17 . 2012-03-12 17:17 -------- d-----w- c:\program files\REGSHAVE
2012-03-12 17:17 . 2002-06-25 17:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2012-03-12 17:17 . 2002-02-27 02:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2012-03-12 17:17 . 2002-02-13 01:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2012-03-12 17:17 . 2002-02-05 07:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-12 17:16 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-03-12 01:23 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-12 01:23 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 02:50 . 2006-04-30 06:55 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-01 14:38 . 2010-07-12 21:21 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-03-19 14:46 . 2011-05-17 14:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 20:10 . 2010-07-12 21:20 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe
2012-02-03 20:10 . 2006-11-16 23:14 17536 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-02-03 09:22 . 2006-04-30 06:55 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-07-13 13:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-11 19:06 . 2012-02-15 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-04-30 06:55 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 14:23 . 2012-02-20 16:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\douglas rush\Start Menu\Programs\Startup\
Seagate NA03DGG5 Product Registration.lnk - c:\documents and settings\douglas rush\Application Data\Leadertech\PowerRegister\Seagate NA03DGG5 Product Registration.exe [2012-3-27 1731736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-12 24576]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2012-3-12 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\douglas rush\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 4:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 3:55 PM 3968]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2.tmp --> c:\windows\system32\2.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/21/2012 9:18 AM 27064]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - WAM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005Core.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1182284275-2098501439-2131462198-1005UA.job
- c:\documents and settings\douglas rush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-04 03:34]
.
2012-02-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-07-12 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\douglas rush\Application Data\Mozilla\Firefox\Profiles\ucjmysuj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast,
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 09:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1182284275-2098501439-2131462198-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2012-04-05 09:25:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 16:24
ComboFix2.txt 2012-04-04 18:18
ComboFix3.txt 2012-04-03 21:46
.
Pre-Run: 33,696,874,496 bytes free
Post-Run: 33,695,465,472 bytes free
.
- - End Of File - - 9B47FF642DF472B7EDCCDDE10644A6E7

Now the second scan result :
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP596\A0074378.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP597\A0075378.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP597\A0075392.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP597\A0075418.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP597\A0075432.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP597\A0075444.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP598\A0075492.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP598\A0075521.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075548.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075560.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075571.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075585.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075593.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP599\A0075611.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP600\A0075629.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP600\A0075637.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP600\A0075654.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP600\A0075681.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP600\A0075696.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP601\A0075715.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP601\A0075730.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075773.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075794.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075808.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075828.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075842.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075923.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP602\A0075940.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0075959.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0075974.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0075989.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0076005.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0076019.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP603\A0076035.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP604\A0076056.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP604\A0076071.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP604\A0076086.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP605\A0076177.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP605\A0076191.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP605\A0076205.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP606\A0076224.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP606\A0076239.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP607\A0077240.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP607\A0077259.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP607\A0077274.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP607\A0077289.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP608\A0078289.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP608\A0078305.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP608\A0078320.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0078342.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0079341.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0079355.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0080355.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0081355.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0082359.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0082377.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0083377.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP609\A0084377.sys a variant of Win32/Rootkit.Kryptik.KD trojan
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP615\A0084759.exe Win32/InstallIQ application
C:\_OTL\MovedFiles\04032012_135829\C_TDSSKiller_Quarantine\01.04.2012_18.06.02\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.KD trojan
C:\_OTL\MovedFiles\04032012_135829\C_TDSSKiller_Quarantine\01.04.2012_18.06.02\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan

Thanks , Stripeysocks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users