Jump to content

Google search result get redirected to other search site or false antivirus ad site


Raj
 Share

Recommended Posts

Hello fellow member, I am new here but not new to using computer and Windows XP. I have a problem and hope someone here will assist tongue.gif .

Over the past few days I noticed when I clicked on Google search results in FireFox 2.0.0.20 I was re-directed to unintended search site(s) and/or false antivirus site. I suspect malware or trojan. I can confirm the Google search website I used were genuice.

I scan my notebook many times over last few days with both MalwareByte's 1.34 and Symantec Antivirus 10.1.5.500 (both with latest signature 25 Feb 2009) but they both failed to detect nor remove the malware/trojan.

Can anyone help?

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:49:05 PM, on 20/02/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Aventail\Connect\as32svc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Mobility Client\artstartsvc.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\DU Meter\DUMeterSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Syslogd\Syslogd_Service.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\notes\ntmulti.exe

C:\Program Files\AT&T Network Client\NetCfgSv.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\WINDOWS\System32\TPHDEXLG.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\vmnat.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

D:\_Malware Trojan Removal\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcen...?vid=4294906363

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r

O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup

O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

O11 - Options group: [JAVA_IBM] Java (IBM)

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://interactivebrokers.webex.com/client...ent/ieatgpc.cab

O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = au.ibm.com

O17 - HKLM\Software\..\Telephony: DomainName = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{06BD97FF-3447-4E09-8966-5CC38813F554}: Domain = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28471114-E7FC-43AF-B76C-9BADB4220B2E}: NameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{67EE5A76-FFB5-4428-8B78-ABFCA4F45C2B}: NameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{81DA3A9B-B0A1-4B7B-A273-C307A8DCCAAC}: Domain = au.ibm.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8C27F79B-2481-4D61-8FC9-2A779321AEA4}: Domain = au.ibm.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = au.ibm.com

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe

O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe

O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe

O23 - Service: Intel

Link to post
Share on other sites

Hello.

Please run MBAM Scan again. Update it first and make sure you do a 'quick scan' only. Let it remove anything it finds and post the log to me in your next reply please <_<

Also run the following scans as well.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.

  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:

http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:

  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Create and Run batch script

  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".
    @Echo off
    If exist "C:\looking.txt" Del /q /s "C:\looking.txt"
    reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\looking.txt
    Notepad C:\looking.txt
    Exit
    Del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input peek.bat.
  • Hit OK.

When done properly, the icon should look like batch.png for the .bat file.

Double click on peek.bat, and Black DOS window shall appear and then notepad will soon open. This is normal please do not panic. Once it's complete copy and paste the contents of notepad in your next reply.

Note: If you closed notepad accidentally, it can also be found at C:\looking.txt

Download and Run OTViewit

  1. Please download OTViewIt by OldTimer.
  2. Save it to your desktop.
  3. Double click on the otviewit.png icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the otviewitrun.png button.
  6. Two reports will open, copy and paste them in a reply here:
  7. OTViewIt.txt <-- Will be opened
  8. Extra.txt <-- Will be minimized

Post back with:

-MBAM scan log

-Looking log

-OTViewIT log

With Regards,

Extremeboy

Link to post
Share on other sites

Thanks for the quick reply ExtremeBoy, here are the files:

MBAM Log:

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 2

26/02/2009 5:22:53 AM

mbam-log-2009-02-26 (05-22-38).txt

Scan type: Quick Scan

Objects scanned: 83055

Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken. NOTE: I made mistake I removed this AFTER I had save the MBAM.log

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Looking.txt:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32

midimapper REG_SZ midimap.dll

msacm.imaadpcm REG_SZ imaadp32.acm

msacm.msadpcm REG_SZ msadp32.acm

msacm.msg711 REG_SZ msg711.acm

msacm.msgsm610 REG_SZ msgsm32.acm

msacm.trspch REG_SZ tssoft32.acm

vidc.cvid REG_SZ iccvid.dll

vidc.I420 REG_SZ msh263.drv

vidc.iv31 REG_SZ ir32_32.dll

vidc.iv32 REG_SZ ir32_32.dll

vidc.iv41 REG_SZ ir41_32.ax

vidc.iyuv REG_SZ iyuv_32.dll

vidc.mrle REG_SZ msrle32.dll

vidc.msvc REG_SZ msvidc32.dll

vidc.uyvy REG_SZ msyuv.dll

vidc.yuy2 REG_SZ msyuv.dll

vidc.yvu9 REG_SZ tsbyuv.dll

vidc.yvyu REG_SZ msyuv.dll

wavemapper REG_SZ msacm32.drv

msacm.msg723 REG_SZ msg723.acm

vidc.M263 REG_SZ msh263.drv

vidc.M261 REG_SZ msh261.drv

msacm.msaudio1 REG_SZ msaud32.acm

msacm.sl_anet REG_SZ sl_anet.acm

msacm.iac2 REG_SZ C:\WINDOWS\system32\iac25_32.ax

vidc.iv50 REG_SZ ir50_32.dll

msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm

wave REG_SZ wdmaud.drv

midi REG_SZ wdmaud.drv

mixer REG_SZ wdmaud.drv

VIDC.MPG4 REG_SZ mpg4c32.dll

VIDC.MP42 REG_SZ mpg4c32.dll

vidc.ffds REG_SZ C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

msacm.ac3filter REG_SZ ac3filter.acm

wave1 REG_SZ wdmaud.drv

midi1 REG_SZ wdmaud.drv

mixer1 REG_SZ wdmaud.drv

aux REG_SZ wdmaud.drv

msacm.voxacm160 REG_SZ vct3216.acm

msacm.scg726 REG_SZ scg726.acm

msacm.alf2cd REG_SZ alf2cd.acm

msacm.ac3acm REG_SZ AC3ACM.acm

vidc.dvsd REG_SZ mcdvd_32.dll

vidc.xvid REG_SZ xvidvfw.dll

vidc.DIVX REG_SZ DivX.dll

vidc.mp43 REG_SZ mpg4c32.dll

VIDC.VMnc REG_SZ vmnc.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32\Terminal Server

OTViewIt.txt:

OTViewIt logfile created on: 26/02/2009 5:32:27 AM - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 56.13% Memory free

2.83 Gb Paging File | 2.14 Gb Available in Paging File | 75.38% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 1.22 Gb Free Space | 4.88% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.11 Gb Free Space | 0.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS

Computer Name: MQG80917

Current User Name: bh02

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe

[2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

[2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe

[2007/12/08 02:35:55 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

[2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

[2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

[2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

[2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

[2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

[2009/02/11 10:19:38 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[2008/10/29 10:07:58 | 00,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe

[2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

[2007/12/08 02:35:58 | 00,218,672 | ---- | M] (LENOVO) -- C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE

[2009/02/04 06:50:52 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

[2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])

[2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])

[2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped])

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running])

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running])

[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])

[2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running])

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running])

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])

[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])

[2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

File not found -- -- (ISAMsmt [Disabled | Stopped])

[2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped])

[2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped])

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [Auto | Running])

[2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])

[2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])

[2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running])

[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped])

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped])

[2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped])

[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])

[2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])

[2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped])

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])

[2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])

[2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped])

[2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped])

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])

[2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

[2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running])

[2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running])

[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running])

[2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running])

[2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])

[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Stopped])

[2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running])

[2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running])

[2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])

[2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped])

[2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

[2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running])

[2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

[2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])

[2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])

[2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])

[2008/09/03 19:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running])

[2008/09/17 10:55:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])

[2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running])

[2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])

[2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])

[2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])

[2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running])

[2007/12/08 02:34:46 | 00,021,040 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

[2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running])

[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running])

[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])

[2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Running])

[2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Running])

[2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])

[2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])

[2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])

[2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])

[2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped])

[2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])

[2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running])

[2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running])

[2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running])

[2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running])

[2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running])

[2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])

[2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running])

[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running])

[2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running])

[2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running])

[2008/07/29 02:43:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running])

[2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running])

[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

[2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running])

[2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

[2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])

[2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

[2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

[2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running])

[2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

[2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel

Link to post
Share on other sites

Hello.

I took a look at the OTViewIT log. Next time post the Attach.txt as well, like I have told you.

The OTViewIT log looks fine a few entries that are 'dead' that we can remove but they are not 'bad'. Let's run the following batch file and do some house work.

Create and Run batch script

  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".
    @Echo off
    If Exist "C:\deletelog.txt" del "C:\deletelog.txt"
    For %%a in (
    C:\Windows\system32\wdmaud.sys
    C:\WINDOWS\system32\sysaudio.sys
    ) Do (
    del /q /s /f /a %%a >nul 2>&1
    if exist %%a echo.%%~a>>"C:\deletelog.txt"
    )
    if exist "C:\deletelog.txt" ( start notepad "C:\deletelog.txt"
    ) else echo.Deleted!
    Pause
    Exit
    Del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input removal.bat.
  • Hit OK.

When done properly, the icon should look like batch.png for the .bat file.

Double click on removal.bat, and Black DOS window shall appear and then you will see some message in that Black DOS window, please write that message down. Then after you have written the message down you will see a message saying "Press Any Key to Continue..." Please press any key to exit that Black DOS window. This is normal please do not panic. Reply back with the the message in that window in your next reply please.

Run GooredFix using Option2 (Removal)

Please download GooredFix and save it to your Desktop.

Alternative Download Mirror #2

Please make sure all instances of Firefox are closed at this point before proceeding.

  • Please double-click Goored.exe on your Desktop to run it.
  • A window will appear, please Select 2. (Fix Goored) by typing 2 and pressing Enter.
  • Type Y at the prompt and press Enter. The removal process will begin
  • A log will open with the file after completion, please post the contents of that log in your next reply

*Note: The log can also be found on your desktop (Goored.txt)

Reboot your computer NOW.

Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 Update 12 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.

*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

You can refer to this animation by sundavis.

Post back with:

-The Message in the Black DOS window

-Goored.txt Log

-Kaspersky scan log

-New OTViewIT logs (I want Attach.txt as well)

How is your computer now? Is there still redirects?

With Regards,

Extremeboy

Link to post
Share on other sites

My apology it took awhile before I could disable the Auto-Protect and carried out Kaspersky scan...

The scan result seems to be alright but I have not a clue how to get rid of those infected file in D:\RECYCLE folders. As long as it lays dormant I am fine with it.

I have tested the Google search & click on results, so far so good. I believe the notebook is clean, cross-finger!

OK, back to business....

I presume you meant Extras.txt from OTViewIt.exe rather than Attach.txt, here are the files..

Remove.bat output:

Deleted!

Press any key to continue . . .

GooredFix output:

GooredFix v1.91 by jpshortstuff

Log created at 10:43 on 26/02/2009 running Option #2 (bh02)

Firefox version 2.0.0.20 (en-GB)

=====Goored Deletions=====

C:\Program Files\Mozilla Firefox\extensions\{9E0C7ABE-9EE3-4BE8-A26F-8BB81F3D0B1C}

->Backing up folder... Done.

->Emptying folder... Done.

->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]

"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions]

"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Kaspersky output:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, February 26, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, February 26, 2009 03:07:10

Records in database: 1845575

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

I:\

Scan statistics:

Files scanned: 115001

Threat name: 10

Infected objects: 15

Suspicious objects: 0

Duration of the scan: 03:22:30

File name / Threat name / Threats count

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: Trojan.BAT.Agent.ms 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: not-a-virus:PSWTool.Win32.IEPassView.ae 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN Infected: Trojan.Win32.Patched.dt 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN Infected: Trojan.Win32.Patched.dq 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Dropper.Win32.Agent.ynd 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Downloader.Win32.CodecPack.ml 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.b 1

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.a 1

The selected area was scanned.

OTViewIt output:

OTViewIt logfile created on: 26/02/2009 6:09:49 PM - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.38% Memory free

2.83 Gb Paging File | 1.87 Gb Available in Paging File | 66.05% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 0.94 Gb Free Space | 3.75% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.09 Gb Free Space | 0.23% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS

Computer Name: MQG80917

Current User Name: bh02

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe

[2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

[2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE

[2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

[2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

[2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe

[2007/12/08 02:35:55 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

[2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

[2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

[2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

[2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

[2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

[2008/10/29 10:07:58 | 00,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[2009/02/26 11:07:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe

[2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

[2007/12/08 02:35:58 | 00,218,672 | ---- | M] (LENOVO) -- C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE

[2007/08/13 19:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

[2008/02/22 15:30:38 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

[2009/02/26 11:07:46 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe

[2005/07/28 14:22:20 | 00,131,072 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32.exe

[2007/04/17 03:59:12 | 00,565,248 | ---- | M] () -- C:\Program Files\IBM\Sametime Connect\sametime.exe

[2007/04/17 03:59:18 | 00,348,160 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe

[2009/02/26 13:23:40 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\bh02\Local Settings\Temp\jkos-bh02\binaries\ScanningProcess.exe

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

[2005/08/26 21:22:44 | 01,927,168 | ---- | M] (PixelMetrics) -- C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe

[2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

[2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])

[2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])

[2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped])

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running])

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running])

[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])

[2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running])

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand

| Stopped])

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped])

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running])

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])

[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand |

Stopped])

[2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])

[2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])

[2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand

| Stopped])

[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown

| Stopped])

File not found -- -- (ISAMsmt [Disabled | Stopped])

[2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped])

[2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped])

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])

[2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [Auto | Running])

[2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])

[2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])

[2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running])

[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe --

(NetTcpPortSharing [Disabled | Stopped])

[2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped])

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped])

[2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped])

[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])

[2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])

[2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled |

Stopped])

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])

[2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])

[2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled

| Stopped])

[2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus

[On_Demand | Stopped])

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto |

Running])

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])

[2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [On_Demand | Stopped])

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [On_Demand | Stopped])

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [On_Demand | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

[2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running])

[2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running])

[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running])

[2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running])

[2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])

[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Running])

[2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running])

[2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running])

[2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])

[2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped])

[2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

[2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running])

[2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

[2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])

[2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])

[2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])

[2008/09/03 19:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running])

[2008/09/17 10:55:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv

[On_Demand | Running])

[2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])

[2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running])

[2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])

[2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])

[2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])

[2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running])

[2007/12/08 02:34:46 | 00,021,040 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

[2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running])

[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running])

[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVENG.SYS -- (NAVENG [On_Demand |

Running])

[2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVEX15.SYS -- (NAVEX15 [On_Demand |

Running])

[2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])

[2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Running])

[2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Running])

[2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])

[2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])

[2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])

[2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])

[2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped])

[2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])

[2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running])

[2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system |

Running])

[2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running])

[2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running])

[2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running])

[2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])

[2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running])

[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO

[On_Demand | Running])

[2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running])

[2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running])

[2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running])

[2008/07/29 02:43:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running])

[2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running])

[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand |

Stopped])

[2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running])

[2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

[2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])

[2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

[2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

[2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running])

[2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

[2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel

Link to post
Share on other sites

Extras.txt output:

OTViewIt Extras logfile created on: 26/02/2009 6:09:49 PM - Run 2

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.38% Memory free

2.83 Gb Paging File | 1.87 Gb Available in Paging File | 66.05% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 0.94 Gb Free Space | 3.75% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.09 Gb Free Space | 0.23% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS

Computer Name: MQG80917

Current User Name: bh02

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

"IBMconfig"=1

"UacDisableNotify"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004/08/04 16:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004/08/04 16:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget

[2008/03/11 01:33:14 | 00,126,016 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008-09\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server

[2008/04/22 22:36:32 | 00,636,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\GhostSrv.exe:*:Enabled:Symantec GhostCast Server

[2008/09/17 12:36:18 | 00,167,936 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player

[2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

[2008/08/19 18:47:38 | 01,795,656 | ---- | M] (FLASHGET) -- C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2

File not found -- C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate

File not found -- C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000001 [Aventail Connect Namespace] -- C:\Program Files\Aventail\Connect\asdns.dll (Aventail Corporation)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001/01/21 21:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-

00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-

0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-

0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-

0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-

00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2004/01/21 14:36:14 | 07,334,592 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3

-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008/09/09 00:04:00 | 00,823,808 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM)

[Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-

00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002C9999-0000-0000-C000-000000000114}"=Microsoft Office Web Components

"{0698CECB-9072-47B1-AEA1-94CA350989B8}"=Symantec Client Security

"{081D00DF-35F0-4570-8037-3E289795928F}"=Nitro PDF Professional

"{0A03C70A-E9E6-4592-AD79-D5395B09B2D5}"=UltraEdit 14.20

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{0CEFB453-41F6-4FE3-B56C-E5CE9539AB8B}"=VoiceRite Client for A/NZ

"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}"=Quicken 2007

"{1086D3E5-30AE-4280-A25E-35E1CB6BD3F6}"=NXPowerLite

"{17CBC505-D1AE-459D-B445-3D2000A85842}"=ThinkPad UltraNav Utility

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility

"{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT

"{2300EE96-0A41-4FAB-BD03-989EC44577A0}"=Acronis Disk Director Suite

"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}"=Uniblue SpeedUpMyPC 2009

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java 6 Update 12

"{28981DB1-9F50-40EE-A51A-1B589FA42C2B}"=ConceptDraw MINDMAP 5 Professional

"{2E21CBDA-1EDF-4C18-A561-DB53D683229F}"=AT&T Network Client

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3619D530-6248-4E83-BEB5-5336766A8516}"=IBM Mobility Client

"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}"=3 Mobile Broadband

"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}"=ThinkVantage Active Protection System

"{4C590030-7469-453E-8589-D15DA9D03F52}"=ANIWZCS2 Service

"{4F1DCA42-2030-437C-A94E-736692A499C1}"=Nokia Connectivity Cable Driver

"{4F3AFB85-B972-4621-AEB6-6C22317E145B}"=IBM 32-bit Runtime Environment for Java 2, v5.0

"{53480370-6CA2-47EC-BC05-02B4B9271C31}"=O&O Defrag Professional Edition

"{536D6172-7453-7569-7465-392E38300409}"=Lotus SmartSuite - English

"{53A93780-6073-4207-A729-A99A30AFDE40}"=AFP Workbench for Windows

"{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

"{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service

"{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}"=Windows Live Beta (all programs)

"{628789DC-75F8-4302-A268-27EF628E6906}"=Lotus Notes 7.0

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0

"{65706020-7B6F-41F2-8047-FC69579E386A}"=Presentation Director

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}"=ANIO Service

"{7E545666-F420-45FD-B3DF-C0B99A1A579F}"=QuickBooks EasyStart 2008-09

"{7EB114D8-207F-45AE-BABD-1669715F2630}"=ThinkVantage Access Connections

"{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}"=IBM Tivoli Storage Manager Client

"{870815CA-6B60-47B6-88DD-A67F42D2F03E}"=GPL MPEG-1/2 DirectShow Decoder Filter

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live Sign-in Assistant

"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}"=IBM Lotus Sametime Connect 7.5.1

"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007

"{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-0054-0409-0000-0000000FF1CE}"=Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=Microsoft Office Visio 2007 Service Pack 1 (SP1)

"{90120409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Standard

"{902929E5-77E8-444E-B760-1B54FDBCEC0C}"=Western Australian Time Zone Update

"{90840409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel Viewer 2003

"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003

"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}"=Samsung PC Studio 3

"{95120000-0052-0409-0000-0000000FF1CE}"=Microsoft Office Visio Viewer 2007

"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5

"{9C05FA75-0337-4523-AA57-9D3511018887}"=Nokia PC Suite

"{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}"=StuffIt 12

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}"=VMware Workstation

"{AA36483F-5D79-4EFD-ACA7-161EE2474E17}"=IBM Infoprint Select

"{AC599724-5755-48C1-ABE7-ABB857652930}"=PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8

"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0

"{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8

"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}"=Intel® PROSet/Wireless WiFi Software

"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation

"{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}"=PCmover

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2

"{C1939820-A945-11D4-86F6-0001031E5712}"=InterVideo WinDVD

"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}"=ContentSAFER for Wizmax

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio 5

"{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3

"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts

"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}"=Paragon Partition Manager 9.0 Professional

"{CA96F3A1-F350-11D3-B354-002035C150E4}"=ILC

"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1"=Sothink FLV Player

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}"=WinZip 11.2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1

"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}"=D-Link RangeBooster N DWA-140

"{D8ACA011-2F74-411E-B087-A4822A7B03E6}"=Active@ Boot Disk Demo

"{DAB8894B-F5EF-4E2E-A7FE-7C7BD38330FC}_is1"=Chinese Symbol Studio 2

"{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1"=FlashFXP v3

"{DFD6935E-D94A-4DBE-AD8F-E37CBC6B577F}"=Windows Live Mail

"{E4359B06-2A66-4A83-B3C6-BA2DA748C147}"=CommSec Professional Trader

"{E4944F56-5C8A-41F9-A747-A9EDFD6BC6D4}"=Aventail Connect 5.34

"{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}"=Access IBM

"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX

"{F9C3B51C-DCCC-4916-B08D-A6820D914AC0}"=ExcelDiff

"{FA9B0F6B-AC6D-401C-0099-00000628D82A}"=Symantec Ghost Console and Standard Tools

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration

"{FC98FBE9-E931-494C-8717-497185371033}"=Nero 7 Ultra Edition

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F"=Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"6194C28A8F62DD817EA1B918E6E46E806A21B452"=Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161"=Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"7-Zip"=7-Zip 4.57

"AC3Filter"=AC3Filter (remove only)

"Active@ Boot Disk 4.0 Suite"=Active@ Boot Disk 4.0 Suite

"Active@ Partition Recovery Enterprise"=Active@ Partition Recovery Enterprise

"Active@ UNDELETE 7"=Active@ UNDELETE 7

"ActiveTouchMeetingClient"=WebEx

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"Advanced Disk Catalog"=Advanced Disk Catalog

"AI RoboForm"=AI RoboForm (All Users)

"ATI Display Driver"=ATI Display Driver

"AVS Video Tools 5.1_is1"=AVS Video Tools 5.1

"AVS4YOU Software Navigator_is1"=AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1"=AVS Video Converter 6

"AVSDiscCreator_is1"=AVS Disc Creator version 2.1

"BART"=avast! BART CD Manager

"CaptureWiz"=CaptureWizPro 3.50

"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A"=Windows Driver Package - Nokia Modem (03/05/2008 3.7)

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014"=IBM Integrated 56K Modem

"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24

"DUMeter3_is1"=DU Meter

"DVD Identifier_is1"=DVD Identifier

"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1"=DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0

"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D"=Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)

"EPSON Printer and Utilities"=EPSON Printer Software

"ERUNT_is1"=ERUNT 1.1j

"ExamDiff Pro_is1"=ExamDiff Pro 3.5

"fe29d7d6aaf324b1964e31be6d7ce1981815068445"=IBM Dynamic Content Delivery (DCDClient-ISSI)

"FinePrint"=FinePrint

"FlashGet 2.0"=FlashGet 2.0

"Google Updater"=Google Updater

"HijackThis"=HijackThis 2.0.2

"IBM Ayudame"=IBM Ayudame

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}"=IBM 32-bit Runtime Environment for Java 2, v5.0

"InstallShield_{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}"=PCmover

"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio

"Kiwi Syslog Daemon"=Kiwi Syslog Daemon 8.3.7 (Service Edition)

"LENOVO.SMIIF"=Lenovo System Interface Driver

"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Memory Washer_is1"=Memory Washer 5.1

"MESOL"=Intel® Active Management Technology Device Software

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)

"Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"MyFreeCodec"=MyFreeCodec

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Nokia PC Suite"=Nokia PC Suite

"NVIDIA Drivers"=NVIDIA Drivers

"OnScreenDisplay"=On Screen Display

"P2P GUI"=IBM ISMA Peer-To-Peer

"pdfFactory Pro"=pdfFactory Pro

"Power Management Driver"=ThinkPad Power Management Driver

"PowerISO"=PowerISO

"PPTminimizer_is1"=PPTminimizer

"Product Key Explorer_is1"=Product Key Explorer 2.1.4

"ProInst"=Intel PROSet Wireless

"PROSet"=Intel® PRO Network Connections Drivers

"QuicktimeAlt_is1"=QuickTime Alternative 1.81

"RealAlt_is1"=Real Alternative 1.8.0

"SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem"=SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software

"SAUninstall"=SA Installation Manager

"SecureCRT"=VanDyke Software SecureCRT 5.5

"Sharp World Clock_is1"=Sharp World Clock 4.21

"Smarty Uninstaller 2007 Pro_is1"=Smarty Uninstaller 2007 Pro 1.7.1

"Snapshot Viewer"=Snapshot Viewer

"Sync Now!_is1"=Sync Now! 4.1.2.125

"SynTPDeinstKey"=ThinkPad UltraNav Driver

"Teleport Pro"=Teleport Pro

"ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier

"Total Uninstall 4_is1"=Total Uninstall 4.6.2

"Touch_is1"=Touch 2.11.1

"TweakNow PowerPack Professional_is1"=TweakNow PowerPack Professional

"Uniblue SpeedUpMyPC 2009"=Uniblue SpeedUpMyPC 2009

"USB Safely Remove_is1"=USB Safely Remove 4.0 beta 6

"Video Cleaner Pro"=River Past Video Cleaner Pro

"VISPRO"=Microsoft Office Visio Professional 2007

"Warecase eXtended Task Manager_is1"=Warecase eXtended Task Manager 1.987

"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WheelMouse"=2X-Office 7.80

"WIC"=Windows Imaging Component

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"WinLiveSuite_Wave3"=Windows Live Beta (all programs)

"WinPcapInst"=WinPcap 4.0.2

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Workstation Security Tool_is1"=Workstation Security Tool 2.0

"WorldTime v1.1"=WorldTime v1.1

"WS_Ping ProPack"=Ipswitch WS_Ping ProPack Uninstall

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xilisoft Video Converter Ultimate"=Xilisoft Video Converter Ultimate

"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

"Yahoo! Companion"=Yahoo! Toolbar

"Yahoo! Messenger"=Yahoo! Messenger

"Yahoo! Toolbar"=Yahoo! Toolbar

"YPOPs_is1"=YPOPs! 0.9.5.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 20/02/2009 1:06:26 AM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 24/02/2009 8:39:50 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 24/02/2009 9:09:36 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 12:58:32 AM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 2:48:29 AM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 2:05:47 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 5:52:39 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 7:48:25 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 8:05:14 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

Error - 25/02/2009 8:12:01 PM | Computer Name = MQG80917 | Source = LMS | ID = 2

Description = LMS Service cannot connect to HECI driver

[ ODiag Events ]

Error - 28/07/2008 6:35:46 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Diagnostics | ID = 320

Description = An unexpected error occurred. Tag: 3ff0. Error code: N/A

Error - 28/07/2008 6:35:46 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Diagnostics | ID = 320

Description = An unexpected error occurred. Tag: 3fft. Error code: N/A

[ OSession Events ]

Error - 28/07/2008 6:35:44 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:

12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 207

seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/08/2008 1:06:11 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:

12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 109018

seconds with 16020 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 25/02/2009 2:06:06 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Portable Media Serial Number Service service terminated with the

following error: %%126

Error - 25/02/2009 5:52:55 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Logical Disk Manager service terminated with the following error:

%%126

Error - 25/02/2009 5:52:55 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Portable Media Serial Number Service service terminated with the

following error: %%126

Error - 25/02/2009 7:48:41 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Logical Disk Manager service terminated with the following error:

%%126

Error - 25/02/2009 7:48:41 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Portable Media Serial Number Service service terminated with the

following error: %%126

Error - 25/02/2009 7:59:16 PM | Computer Name = MQG80917 | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 25/02/2009 8:05:29 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Logical Disk Manager service terminated with the following error:

%%126

Error - 25/02/2009 8:05:29 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Portable Media Serial Number Service service terminated with the

following error: %%126

Error - 25/02/2009 8:12:16 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Logical Disk Manager service terminated with the following error:

%%126

Error - 25/02/2009 8:12:16 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023

Description = The Portable Media Serial Number Service service terminated with the

following error: %%126

< End of report >

PS: Couldn't find the old Extras.txt, OTViewIT.exe must have overwritten it.

Link to post
Share on other sites

Hello again.

That's good, we got rid of the re-direction. A few things we can remove :rolleyes:

Download and Run OTMoveIT3

  1. Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  2. Double click the otmi3desktopicon.png icon on your desktop.
  3. Paste the following code under the pasteline.png area. Do not include the word "Code".
    :filesC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBNC:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBND:\RECYCLER:commands[EmptyTemp][Reboot]


  4. Click the large btnmoveit.png button.
  5. Copy/Paste the contents under the results.png line here in your next reply.

Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Remove Infected Files Quarantined by AV

Please open your Symantec Anti-Virus and delete/remove everything it quarantined please as they are all probably bad and there is not point of having them in the quarantined box.

Alternatively you can navigate to the following folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine <- This folder

Delete EVERYTHING in that folder please, if there are any.

Empty your Recycling Bin afterwards if there were files you deleted/removed.

Post back with the

-OTMoveIT log

-New OTViewIT.txt log (only OTViewIT.txt is required this time)

How's your computer running now? Any more problems, we should of removed the RECYCLER problem by now. Let me know how it goes.

With Regards,

Extremeboy

Link to post
Share on other sites

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. ;)

With Regards,

Extremeboy

Link to post
Share on other sites

Hi I am back. Appreciate your patience.

Here are the files, I hope they are the correct outputs you've asked for. As far, re-direction has not happened for the last two days. So hopefully it is gone for good. (Curious though, I would expect current Symantec Antivirus, avast! and MalwareByte's to have picked up this trojan/malware/??. I was speaking to an in-house IT Specialist and he said they received many calls on this problem in the last 3 weeks.)

OTMoveIT3 output:

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN moved successfully.

File/Folder C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN not found.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN moved successfully.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN moved successfully.

D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006 moved successfully.

D:\RECYCLER\S-1-5-21-1180395095-502627533-162025716-500 moved successfully.

D:\RECYCLER moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\VBE\MSForms.exd scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\67.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\report avast King T61 D 20090226b.000 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\Sma22.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_Apps from Net.040 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET iii.039 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET.032 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_Essential software & hardware list.013 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_holiday short trips.029 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_webreg IIb.022 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF2F72.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF5C2.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF6DEB.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF798D.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DFFCA4.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP44.FP scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP49.FP scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP72.FP scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\atchksrv.log scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_191609

Files moved on Reboot...

C:\DOCUME~1\bh02\LOCALS~1\Temp\VBE\MSForms.exd moved successfully.

File C:\DOCUME~1\bh02\LOCALS~1\Temp\67.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\report avast King T61 D 20090226b.000 not found!

C:\DOCUME~1\bh02\LOCALS~1\Temp\Sma22.tmp moved successfully.

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_Apps from Net.040 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET iii.039 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET.032 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_Essential software & hardware list.013 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_holiday short trips.029 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\_webreg IIb.022 not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF2F72.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF5C2.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF6DEB.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF798D.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DFFCA4.tmp not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP44.FP not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP49.FP not found!

File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP72.FP not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\atchksrv.log scheduled to be moved on reboot.

File C:\WINDOWS\temp\ib2 not found!

File C:\WINDOWS\temp\ib3 not found!

File C:\WINDOWS\temp\ib4 not found!

File C:\WINDOWS\temp\ib5 not found!

File C:\WINDOWS\temp\ib6 not found!

File C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat not found!

C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\XUL.mfl moved successfully.

OTViewIt output:

OTViewIt logfile created on: 3/03/2009 9:58:00 PM - Run 3

OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.98 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.52% Memory free

2.83 Gb Paging File | 1.53 Gb Available in Paging File | 54.13% Paging File free

Paging file location(s): D:\pagefile.sys 1024 1024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 25.00 Gb Total Space | 1.20 Gb Free Space | 4.79% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 0.58 Gb Free Space | 1.44% Space Free | Partition Type: NTFS

Drive E: | 172.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS

Computer Name: MQG80917

Current User Name: 02

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe

[2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

[2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe

[2009/03/01 07:34:01 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe

[2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe

[2005/12/28 21:22:54 | 03,956,736 | ---- | M] () -- C:\Program Files\Chemistry Lab\mysql\bin\mysqld.exe

[2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

[2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

[2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe

[2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

[2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

[2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

[2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

[2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe

[2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe

[2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

[2009/02/11 10:19:38 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[2009/02/26 11:07:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe

[2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe

[2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe

[2009/02/04 06:50:52 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

[2005/07/28 14:22:20 | 00,131,072 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32.exe

[2006/06/22 04:43:07 | 01,110,016 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe

[2005/08/15 16:16:22 | 00,009,728 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe

[2007/04/17 03:59:12 | 00,565,248 | ---- | M] () -- C:\Program Files\IBM\Sametime Connect\sametime.exe

[2007/04/17 03:59:18 | 00,348,160 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe

[2007/08/29 00:34:32 | 00,186,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\VISIO.EXE

[2004/05/04 20:47:44 | 09,190,080 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\EXCEL.EXE

[2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])

[2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])

[2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])

[2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped])

[2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running])

[2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running])

[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])

[2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running])

[2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])

[2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])

[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])

[2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])

[2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running])

[2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])

[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])

[2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])

[2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

File not found -- -- (ISAMsmt [Disabled | Stopped])

[2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped])

[2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped])

[2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])

[2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [On_Demand | Stopped])

[2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])

[2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])

[2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

[2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])

[2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

[2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running])

[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped])

[2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped])

[2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

[2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

[2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped])

[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])

[2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped])

[2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped])

[2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])

[2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])

[2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])

[2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

[2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running])

[2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped])

[2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped])

[2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])

[2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])

[2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])

[2009/03/01 07:33:58 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])

[2009/03/01 07:34:01 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])

[2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])

[2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])

[2005/12/28 21:22:54 | 03,956,736 | ---- | M] () -- C:\Program Files\Chemistry Lab\mysql\bin\mysqld.exe -- (VCL MySQL Database Server [Auto | Running])

[2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [On_Demand | Stopped])

[2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [On_Demand | Stopped])

[2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [On_Demand | Stopped])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

[2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

[2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running])

[2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running])

[2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running])

[2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running])

[2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running])

[2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Running])

[2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running])

[2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running])

[2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])

[2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped])

[2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

[2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running])

[2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])

[2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])

[2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])

[2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped])

[2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])

[2009/02/26 20:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running])

[2009/02/26 20:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running])

[2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])

[2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running])

[2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])

[2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped])

[2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])

[2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])

[2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running])

[2008/09/29 10:17:16 | 00,023,848 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])

[2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running])

[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running])

[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

[2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090226.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090226.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running])

[2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])

[2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])

[2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])

[2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

[2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])

[2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running])

[2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])

[2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])

[2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])

[2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped])

[2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])

[2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running])

[2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running])

[2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])

[2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running])

[2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running])

[2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running])

[2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])

[2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running])

[2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running])

[2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running])

[2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running])

[2004/11/30 16:38:24 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running])

[2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running])

[2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])

[2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])

[2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])

[2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running])

[2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])

[2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped])

[2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running])

[2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])

[2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running])

[2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])

[2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel

Link to post
Share on other sites

Hello.

Well Done! Those look good. Let's cleanup now.

Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. ;)

Cleanup! with OTMoveIt

Let's remove all the tools we've used so far.

  • Double click the OTMoveIt3.exe to run it.
  • Click th_OTMoveItCleanUpButton.jpg. If you recieve a warning from your security program, select allow to download the packet.
  • A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
  • If required for a reboot click Yes

Other Removals

Please delete the batch files we created as you do not need it anymore. Using these unsupervised may lead to problems.

peek.bat

removal.bat

Goored.exe

They should be located on your desktop. If they are gone that is fine as it may be removed by the Cleanup! from OTMoveIT.

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! ;)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

[*]Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a sm

Link to post
Share on other sites

Hello.

Since the problem appears to be resolved, this topic wil be Closed by a Moderator. Glad I could help :)

Please start a new thread in the Hijackthis-Malware Removal forum and post a new Hijackthis log if you require assistance again. Do Not PM me please as I need to leave soon and cannot continue to help you at that time frame.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,

Extremeboy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.