Google search result get redirected to other search site or false antivirus ad site

Raj · February 24, 2009

Hello fellow member, I am new here but not new to using computer and Windows XP. I have a problem and hope someone here will assist tongue.gif .

Over the past few days I noticed when I clicked on Google search results in FireFox 2.0.0.20 I was re-directed to unintended search site(s) and/or false antivirus site. I suspect malware or trojan. I can confirm the Google search website I used were genuice.

I scan my notebook many times over last few days with both MalwareByte's 1.34 and Symantec Antivirus 10.1.5.500 (both with latest signature 25 Feb 2009) but they both failed to detect nor remove the malware/trojan.

Can anyone help?

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:49:05 PM, on 20/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Aventail\Connect\as32svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Mobility Client\artstartsvc.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\DU Meter\DUMeterSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Syslogd\Syslogd_Service.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\notes\ntmulti.exe

C:\Program Files\AT&T Network Client\NetCfgSv.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

D:\_Malware Trojan Removal\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcen...?vid=4294906363

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [JAVA_IBM] Java (IBM)

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client...ent/ieatgpc.cab

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = au.ibm.com

O17 - HKLM\Software\..\Telephony: DomainName = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{06BD97FF-3447-4E09-8966-5CC38813F554}: Domain = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28471114-E7FC-43AF-B76C-9BADB4220B2E}: NameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{67EE5A76-FFB5-4428-8B78-ABFCA4F45C2B}: NameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{81DA3A9B-B0A1-4B7B-A273-C307A8DCCAAC}: Domain = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C27F79B-2481-4D61-8FC9-2A779321AEA4}: Domain = au.ibm.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = au.ibm.com

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe

O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe

O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe

O23 - Service: Intel

extremeboy · February 24, 2009

Hello.

Please run MBAM Scan again. Update it first and make sure you do a 'quick scan' only. Let it remove anything it finds and post the log to me in your next reply please <_<

Also run the following scans as well.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.

Please download erunt-setup.exe to your desktop.
Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:

http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:

Turn on your machine with the disk in the drive.
Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
Type without quotes "cd erdnt" followed by Enter.
Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
Type without quotes "cd **name of the folder**" followed by Enter.
Type without quotes "batch erdnt.con" followed by Enter.
Type without quotes "exit" followed by Enter.
Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Create and Run batch script

Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".
@Echo off
If exist "C:\looking.txt" Del /q /s "C:\looking.txt"
reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\looking.txt
Notepad C:\looking.txt
Exit
Del %0
Click File, then Save As... .
Click Desktop on the left.
Under the Save as type dropdown, select All Files.
In the box File Name, input peek.bat.
Hit OK.

When done properly, the icon should look like for the .bat file.

Double click on peek.bat, and Black DOS window shall appear and then notepad will soon open. This is normal please do not panic. Once it's complete copy and paste the contents of notepad in your next reply.

Note: If you closed notepad accidentally, it can also be found at C:\looking.txt

Download and Run OTViewit

Please download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
OTViewIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Post back with:

-MBAM scan log

-Looking log

-OTViewIT log

With Regards,

Extremeboy

Raj · February 25, 2009

Thanks for the quick reply ExtremeBoy, here are the files:

MBAM Log:

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 2

26/02/2009 5:22:53 AM

mbam-log-2009-02-26 (05-22-38).txt

Scan type: Quick Scan

Objects scanned: 83055

Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken. NOTE: I made mistake I removed this AFTER I had save the MBAM.log

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Looking.txt:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32

midimapper REG_SZ midimap.dll

msacm.imaadpcm REG_SZ imaadp32.acm

msacm.msadpcm REG_SZ msadp32.acm

msacm.msg711 REG_SZ msg711.acm

msacm.msgsm610 REG_SZ msgsm32.acm

msacm.trspch REG_SZ tssoft32.acm

vidc.cvid REG_SZ iccvid.dll

vidc.I420 REG_SZ msh263.drv

vidc.iv31 REG_SZ ir32_32.dll

vidc.iv32 REG_SZ ir32_32.dll

vidc.iv41 REG_SZ ir41_32.ax

vidc.iyuv REG_SZ iyuv_32.dll

vidc.mrle REG_SZ msrle32.dll

vidc.msvc REG_SZ msvidc32.dll

vidc.uyvy REG_SZ msyuv.dll

vidc.yuy2 REG_SZ msyuv.dll

vidc.yvu9 REG_SZ tsbyuv.dll

vidc.yvyu REG_SZ msyuv.dll

wavemapper REG_SZ msacm32.drv

msacm.msg723 REG_SZ msg723.acm

vidc.M263 REG_SZ msh263.drv

vidc.M261 REG_SZ msh261.drv

msacm.msaudio1 REG_SZ msaud32.acm

msacm.sl_anet REG_SZ sl_anet.acm

msacm.iac2 REG_SZ C:\WINDOWS\system32\iac25_32.ax

vidc.iv50 REG_SZ ir50_32.dll

msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm

wave REG_SZ wdmaud.drv

midi REG_SZ wdmaud.drv

mixer REG_SZ wdmaud.drv

VIDC.MPG4 REG_SZ mpg4c32.dll

VIDC.MP42 REG_SZ mpg4c32.dll

vidc.ffds REG_SZ C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

msacm.ac3filter REG_SZ ac3filter.acm

wave1 REG_SZ wdmaud.drv

midi1 REG_SZ wdmaud.drv

mixer1 REG_SZ wdmaud.drv

aux REG_SZ wdmaud.drv

msacm.voxacm160 REG_SZ vct3216.acm

msacm.scg726 REG_SZ scg726.acm

msacm.alf2cd REG_SZ alf2cd.acm

msacm.ac3acm REG_SZ AC3ACM.acm

vidc.dvsd REG_SZ mcdvd_32.dll

vidc.xvid REG_SZ xvidvfw.dll

vidc.DIVX REG_SZ DivX.dll

vidc.mp43 REG_SZ mpg4c32.dll

VIDC.VMnc REG_SZ vmnc.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32\Terminal Server

OTViewIt.txt:

OTViewIt logfile created on: 26/02/2009 5:32:27 AM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.13% Memory free

2.83 Gb Paging File | 2.14 Gb Available in Paging File | 75.38% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 1.22 Gb Free Space | 4.88% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.11 Gb Free Space | 0.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS

Computer Name: MQG80917

Current User Name: bh02

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe

[2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

[2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe

[2007/12/08 02:35:55 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

[2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

[2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

[2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

[2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

[2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

[2009/02/11 10:19:38 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[2008/10/29 10:07:58 | 00,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe

[2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

[2007/12/08 02:35:58 | 00,218,672 | ---- | M] (LENOVO) -- C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE

[2009/02/04 06:50:52 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

[2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])

[2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])

[2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped])

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running])

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running])

[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])

[2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running])

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running])

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])

[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])

[2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

File not found -- -- (ISAMsmt [Disabled | Stopped])

[2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped])

[2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped])

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [Auto | Running])

[2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])

[2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])

[2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running])

[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped])

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped])

[2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped])

[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])

[2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])

[2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped])

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])

[2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])

[2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped])

[2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped])

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])

[2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

[2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running])

[2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running])

[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running])

[2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running])

[2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])

[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Stopped])

[2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running])

[2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running])

[2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])

[2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped])

[2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

[2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running])

[2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

[2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])

[2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])

[2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])

[2008/09/03 19:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running])

[2008/09/17 10:55:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])

[2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running])

[2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])

[2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])

[2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])

[2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running])

[2007/12/08 02:34:46 | 00,021,040 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

[2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running])

[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running])

[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])

[2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Running])

[2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Running])

[2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])

[2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])

[2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])

[2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])

[2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped])

[2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])

[2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running])

[2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running])

[2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running])

[2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running])

[2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running])

[2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])

[2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running])

[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running])

[2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running])

[2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running])

[2008/07/29 02:43:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running])

[2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running])

[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

[2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running])

[2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

[2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])

[2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

[2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

[2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running])

[2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

[2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel

extremeboy · February 25, 2009

Hello.

I took a look at the OTViewIT log. Next time post the Attach.txt as well, like I have told you.

The OTViewIT log looks fine a few entries that are 'dead' that we can remove but they are not 'bad'. Let's run the following batch file and do some house work.

Create and Run batch script

Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".
@Echo off
If Exist "C:\deletelog.txt" del "C:\deletelog.txt"
For %%a in (
C:\Windows\system32\wdmaud.sys
C:\WINDOWS\system32\sysaudio.sys
) Do (
del /q /s /f /a %%a >nul 2>&1
if exist %%a echo.%%~a>>"C:\deletelog.txt"
)
if exist "C:\deletelog.txt" ( start notepad "C:\deletelog.txt"
) else echo.Deleted!
Pause
Exit
Del %0
Click File, then Save As... .
Click Desktop on the left.
Under the Save as type dropdown, select All Files.
In the box File Name, input removal.bat.
Hit OK.

When done properly, the icon should look like for the .bat file.

Double click on removal.bat, and Black DOS window shall appear and then you will see some message in that Black DOS window, please write that message down. Then after you have written the message down you will see a message saying "Press Any Key to Continue..." Please press any key to exit that Black DOS window. This is normal please do not panic. Reply back with the the message in that window in your next reply please.

Run GooredFix using Option2 (Removal)

Please download GooredFix and save it to your Desktop.

Alternative Download Mirror #2

Please make sure all instances of Firefox are closed at this point before proceeding.

Please double-click Goored.exe on your Desktop to run it.
A window will appear, please Select 2. (Fix Goored) by typing 2 and pressing Enter.
Type Y at the prompt and press Enter. The removal process will begin
A log will open with the file after completion, please post the contents of that log in your next reply

*Note: The log can also be found on your desktop (Goored.txt)

Reboot your computer NOW.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 Update 12 and save it to your desktop.
Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
Click the Download button to the right.
Select your Platform: "Windows".
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "Accept License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
Open the Kaspersky Scanner page.
Click on Accept and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

You can refer to this animation by sundavis.

Post back with:

-The Message in the Black DOS window

-Goored.txt Log

-Kaspersky scan log

-New OTViewIT logs (I want Attach.txt as well)

How is your computer now? Is there still redirects?

With Regards,

Extremeboy

Raj · February 26, 2009

My apology it took awhile before I could disable the Auto-Protect and carried out Kaspersky scan...

The scan result seems to be alright but I have not a clue how to get rid of those infected file in D:\RECYCLE folders. As long as it lays dormant I am fine with it.

I have tested the Google search & click on results, so far so good. I believe the notebook is clean, cross-finger!

OK, back to business....

I presume you meant Extras.txt from OTViewIt.exe rather than Attach.txt, here are the files..

Remove.bat output:

Deleted!

Press any key to continue . . .

GooredFix output:

GooredFix v1.91 by jpshortstuff

Log created at 10:43 on 26/02/2009 running Option #2 (bh02)

Firefox version 2.0.0.20 (en-GB)

=====Goored Deletions=====

C:\Program Files\Mozilla Firefox\extensions\{9E0C7ABE-9EE3-4BE8-A26F-8BB81F3D0B1C}

->Backing up folder... Done.

->Emptying folder... Done.

->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]

"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]

"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Kaspersky output:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, February 26, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, February 26, 2009 03:07:10

Records in database: 1845575

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

I:\

Scan statistics:

Files scanned: 115001

Threat name: 10

Infected objects: 15

Suspicious objects: 0

Duration of the scan: 03:22:30

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: Trojan.BAT.Agent.ms 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: not-a-virus:PSWTool.Win32.IEPassView.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN Infected: Trojan.Win32.Patched.dt 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN Infected: Trojan.Win32.Patched.dq 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Dropper.Win32.Agent.ynd 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Downloader.Win32.CodecPack.ml 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.b 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.a 1

The selected area was scanned.

OTViewIt output:

OTViewIt logfile created on: 26/02/2009 6:09:49 PM - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.38% Memory free

2.83 Gb Paging File | 1.87 Gb Available in Paging File | 66.05% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 0.94 Gb Free Space | 3.75% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.09 Gb Free Space | 0.23% Space Free | Partition Type: NTFS