Jump to content

Antivirus 2010


smithy

Recommended Posts

I recently had Antivirus 2010 contaminate my computer (Windows XP). I removed the virus program with ccleaner but I cannot get Malwarebytes to work to finish off the cleaning, Zone Alarm will not work either and now I have lost Internet Explorer. I can download Mbam setup and install onto my computer, it updates and then when I ask it to scan it will run for 3 seconds and then disappear. I do not have 'permission' to rerun the program although I am an Administrator. Norman is my antivirus software.

I have tried fix.info & fix.reg as advised on another site but to no avail.

I have tried using RootReeal but I only get 3 programs come up, two on volume restore and another was spycatcher, which I also temporarily tried so as to get rid of this problem. GMER will only run for a short period and the completly crash the computer saying:

"Stop: C000021a Fatal system error

The windows login process terminated unexpectedly with a status of 0Xc 0000005 (0x00000000 0x00000000)

The system has been shut down"

I have also tried Microsofts Essentials but this locks up half way through a scan. Also Hijack this will not run.

Is ther a way forward without reinstalling the windows software.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Paul Smith at 17:25:05.34 on 30/09/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.474 [GMT 1:00]

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\Program Files\Norman\Npm\Bin\Elogsvc.exe

C:\Program Files\Norman\Ngs\Bin\Nnf.exe

C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\WINDOWS\System32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Norman\Npm\Bin\ZLH.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Norman\Npm\Bin\scheduler.exe

C:\Program Files\Norman\Npm\Bin\Njeeves.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Norman\Nse\bin\NSESVC.EXE

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Norman\Nvc\Bin\Nip.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\Program Files\Safari\Safari.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Paul Smith\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://forums.malwarebytes.org/index.php?showtopic=9573

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60468

uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60468

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60468

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [spywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [Packard Bell Data Secure] c:\program files\packard bell data secure\PBDataSecure.exe

uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [spywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"

mRun: [RegisterDropHandler] c:\program files\scanneru\tbridge\bin\RegisterDropHandler.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF

mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [instantAccess] c:\program files\scanneru\tbridge\bin\InstantAccess.exe /h

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ErrorTeck] c:\program files\errorteck\ErrorTeck.exe /scan

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dslmon.lnk - c:\program files\zoom telephonics, inc\zoom adsl usb modem\DSLMON.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190204445531

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-8-21 26744]

R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2010-8-21 72392]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]

R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2009-10-15 22880]

R2 NNFSVC;Norman Network Filtering service;c:\program files\norman\ngs\bin\nnf.exe [2010-8-21 219904]

R2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2008-4-23 301192]

R2 NPROSECSVC;Norman Security service;c:\program files\norman\ngs\bin\nprosec.exe [2010-8-21 103016]

R2 nregsec;Norman Registry Security driver;c:\program files\norman\ngs\bin\nregsec.sys [2010-8-21 40384]

R2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2010-1-17 98776]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]

R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [2003-7-16 12800]

R3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2010-6-17 282624]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-2-3 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2009-6-26 210248]

R3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2010-1-17 133272]

S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2007-11-11 15104]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]

S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\norman\nvc\bin\nvcsched.exe --> c:\program files\norman\nvc\bin\NVCSCHED.EXE [?]

=============== Created Last 30 ================

2010-09-30 15:33:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-30 15:32:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-30 13:05:39 0 d-----w- c:\program files\Microsoft Security Essentials

2010-09-30 12:45:53 0 d-----w- c:\program files\ACW

2010-09-30 10:33:02 0 d-----w- c:\docume~1\paulsm~1\applic~1\ErrorTeck

2010-09-30 09:24:59 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 08:09:44 0 d-----w- c:\program files\MalBytes

2010-09-30 07:54:12 0 d-----w- c:\program files\obsolete 1

2010-09-30 07:21:08 0 d-----w- c:\program files\obsolete

2010-09-30 07:13:40 0 d-s---w- C:\ComboFix

2010-09-30 06:15:52 0 d--h--w- c:\windows\PIF

2010-09-29 18:17:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2010-09-29 18:17:11 0 d-----w- c:\program files\Security Task Manager

2010-09-29 16:32:15 0 d-----w- c:\docume~1\paulsm~1\applic~1\OpenCandy

2010-09-29 16:32:14 0 d-----w- c:\program files\RAR File Open Knife - Free Opener

2010-09-29 16:31:07 0 d-----w- c:\docume~1\alluse~1\applic~1\NovaStor

2010-09-29 13:08:15 0 d-----w- c:\windows\Internet Logs

2010-09-29 12:33:43 0 d-sha-r- C:\cmdcons

2010-09-29 12:27:00 98816 ----a-w- c:\windows\sed.exe

2010-09-29 12:27:00 77312 ----a-w- c:\windows\MBR.exe

2010-09-29 12:27:00 256512 ----a-w- c:\windows\PEV.exe

2010-09-29 12:27:00 161792 ----a-w- c:\windows\SWREG.exe

2010-09-29 11:29:20 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-09-29 11:29:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-09-29 11:21:57 0 d-----w- c:\program files\Trend Micro

2010-09-29 06:44:24 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-09-28 10:36:29 0 ----a-w- c:\documents and settings\paul smith\defogger_reenable

2010-09-28 06:21:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-09-28 06:21:15 0 d-----w- c:\docume~1\paulsm~1\applic~1\SUPERAntiSpyware.com

2010-09-28 06:20:55 0 d-----w- c:\program files\SUPERAntiSpyware

2010-09-26 08:59:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-25 19:02:22 0 d-----w- c:\program files\Emsisoft Anti-Malware

2010-09-25 17:21:06 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-09-25 16:06:29 0 d-----w- c:\program files\common files\iS3

2010-09-25 16:06:21 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!

2010-09-25 12:08:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Norman

2010-09-19 19:00:18 0 d-----w- c:\program files\iPod

2010-09-15 19:24:21 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys

2010-09-15 19:24:21 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys

2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-09-25 21:33:53 0 ----a-w- c:\program files\Uniblue

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 07:50:41 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-16 07:50:40 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-20 07:18:47 36104 ----a-w- c:\docume~1\paulsm~1\applic~1\GDIPFONTCACHEV1.DAT

2010-07-16 18:09:55 423656 ----a-w- c:\windows\system32\deployJava1.dll

2008-09-01 09:49:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 17:25:20.71 ===============

DDS.txt

DDS.txt

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Hello smithy

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

I downloaded and installed OTL. The program ran a scan for about 10 seconds and then just disappeared whilst looking at drivers. I can not run this program any more. I reinstalled it and tried again. The same thing happened so I have no OTL report to post.

Rootkit Unhooker worked I have posted two reports, one for my 'C' drive on my computer and one for my external (Packard Bell) hard drive used for backing up my Documents. After the scan I only closed the program I not 'unhook'.

Both reports concluded that !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

'C' drive:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189952 bytes

0x804D7000 RAW 2189952 bytes

0x804D7000 WMIxWDM 2189952 bytes

0xBF083000 C:\WINDOWS\System32\ati3duag.dll 1916928 bytes (ATI Technologies Inc. , ati3duag.dll)

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF68C6000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)

0xF6A76000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 839680 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xF679B000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )

0xF6831000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)

0xF7624000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF257000 C:\WINDOWS\System32\ativvaxx.dll 507904 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xED7DD000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF66DD000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xED8EA000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEBBCC000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xEB7CB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xF7755000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF6A34000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)

0xEBE2B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF75F7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xED875000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xED8C2000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xEB521000 C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys 159744 bytes (Norman ASA, NVC MiniFilter)

0xED7B7000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xEC6B3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6777000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6A10000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF69ED000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xED987000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xED8A0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131840 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF76ED000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7725000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF75DD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF770D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xED6FF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF76C4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF674C000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xEC23E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6763000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6A62000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xED943000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF76B1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF76DB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xED976000 C:\Program Files\Norman\Ngs\Bin\nprosec.sys 69632 bytes (Norman ASA, Norman Process Security Driver)

0xF7744000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF673B000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF6C34000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7944000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7924000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF7904000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7954000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xEC3D3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF79F4000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF78F4000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 57344 bytes (Intel Corporation, Modem AFE Driver)

0xF77E4000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7914000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xEBDCB000 C:\Program Files\Norman\Ngs\Bin\nregsec.sys 53248 bytes (Norman ASA, Norman Registry Filter Driver)

0xF7964000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF77C4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7984000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF6CA4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7934000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF77B4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7974000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF77A4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF79D4000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF79A4000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF77D4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF78E4000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF7994000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7814000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xEB369000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77F4000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF6C94000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7B5C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7A74000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A94000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7B4C000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7B64000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7B3C000 C:\WINDOWS\System32\Drivers\mvb35316.SYS 28672 bytes

0xF7A24000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A9C000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF7A8C000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF7B7C000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF7B6C000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7B54000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)

0xF7B74000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7A7C000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes

0xF7B44000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7A64000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7BAC000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF7A6C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7A84000 c:\program files\norman\ngs\bin\ngs.sys 20480 bytes (Norman ASA, Norman General Security Driver)

0xF7A2C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7B8C000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7B94000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7B84000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7AA4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7C4C000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)

0xF6B5F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xEC677000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7C98000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)

0xF750D000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xED9CE000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)

0xF7BB4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7C58000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xEC67F000 C:\Program Files\Norman\Nse\bin\NDISKIO.SYS 12288 bytes (Norman ASA, Low-level disk I/O driver for Windows NT)

0xF7505000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7C7C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7C84000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7CE2000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)

0xF7D3A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7D4A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7D38000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7CA4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D3C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7D08000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7D3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7CE8000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7CEE000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7CA6000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E23000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7DE3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7E68000 C:\Program Files\Norman\Npm\Bin\NmchInjDrv.sys 4096 bytes

0xF7E77000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7D6C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x03CB0000 Hidden Image-->Inkjet.Localization.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 143360 bytes

0x03D30000 Hidden Image-->Inkjet.Hardware.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 176128 bytes

0x03C20000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 307200 bytes

0x03CF0000 Hidden Image-->Inkjet.Statistics.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 53248 bytes

0x037E0000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 61440 bytes

0x045F0000 Hidden Image-->Inkjet.DeviceSettings.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 61440 bytes

0x03760000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 77824 bytes

0x03D90000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 86016 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA

!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA

!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA

==============================================

>Hooks

==============================================

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]

ntoskrnl.exe+0x0000B744, Type: Inline - RelativeCall 0x804E2744-->84ED97C9 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[1792]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[1792]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[1792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1792]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[1792]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[1792]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[1792]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

External Hard drive:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189952 bytes

0x804D7000 RAW 2189952 bytes

0x804D7000 WMIxWDM 2189952 bytes

0xBF083000 C:\WINDOWS\System32\ati3duag.dll 1916928 bytes (ATI Technologies Inc. , ati3duag.dll)

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF68C6000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)

0xF6A76000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 839680 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xF679B000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )

0xF6831000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)

0xF7624000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xBF257000 C:\WINDOWS\System32\ativvaxx.dll 507904 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xED7DD000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF66DD000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xED8EA000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEBBCC000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xEB7CB000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xF7755000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF6A34000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 188416 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)

0xEBE2B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF75F7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xED875000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xED8C2000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xEB521000 C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys 159744 bytes (Norman ASA, NVC MiniFilter)

0xED7B7000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xEC6B3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6777000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6A10000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF69ED000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xED987000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)

0xED8A0000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131840 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF76ED000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7725000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF75DD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF770D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xED6FF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF76C4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF674C000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xEC23E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6763000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6A62000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xED943000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF76B1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF76DB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xED976000 C:\Program Files\Norman\Ngs\Bin\nprosec.sys 69632 bytes (Norman ASA, Norman Process Security Driver)

0xF7744000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF673B000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF6C34000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7944000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7924000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF7904000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7954000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xEC3D3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF79F4000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF78F4000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 57344 bytes (Intel Corporation, Modem AFE Driver)

0xF77E4000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7914000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xEBDCB000 C:\Program Files\Norman\Ngs\Bin\nregsec.sys 53248 bytes (Norman ASA, Norman Registry Filter Driver)

0xF7964000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF77C4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7984000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF6CA4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7934000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF77B4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7974000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF77A4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF79D4000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF79A4000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF77D4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF78E4000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xF7994000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF7814000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xEB2D9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF77F4000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF6C94000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7B5C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7A74000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7A94000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xF7B4C000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7B64000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7B3C000 C:\WINDOWS\System32\Drivers\mvb35316.SYS 28672 bytes

0xF7A24000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7A9C000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)

0xF7A8C000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF7B7C000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF7B6C000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7B54000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)

0xF7B74000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7A7C000 C:\WINDOWS\System32\Drivers\StarOpen.SYS 24576 bytes

0xF7B44000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7A64000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7BAC000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF7A6C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7A84000 c:\program files\norman\ngs\bin\ngs.sys 20480 bytes (Norman ASA, Norman General Security Driver)

0xF7A2C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7B8C000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7B94000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7B84000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7AA4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7C4C000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)

0xF6B5F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xEC677000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7C98000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)

0xF750D000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xED9CE000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)

0xF7BB4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7C58000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xEC67F000 C:\Program Files\Norman\Nse\bin\NDISKIO.SYS 12288 bytes (Norman ASA, Low-level disk I/O driver for Windows NT)

0xF7505000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7C7C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7C84000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7CE2000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)

0xF7D3A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7D4A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7D38000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7CA4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D3C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7D08000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7D3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7CE8000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7CEE000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7CA6000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E23000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7DE3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7E68000 C:\Program Files\Norman\Npm\Bin\NmchInjDrv.sys 4096 bytes

0xF7E77000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7D6C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x03CB0000 Hidden Image-->Inkjet.Localization.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 143360 bytes

0x03D30000 Hidden Image-->Inkjet.Hardware.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 176128 bytes

0x03C20000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 307200 bytes

0x03CF0000 Hidden Image-->Inkjet.Statistics.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 53248 bytes

0x037E0000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 61440 bytes

0x045F0000 Hidden Image-->Inkjet.DeviceSettings.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 61440 bytes

0x03760000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 77824 bytes

0x03D90000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0x86DC57A8 ] PID: 2116, 86016 bytes

==============================================

>Files

==============================================

==============================================

>Hooks

==============================================

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]

ntoskrnl.exe+0x0000B744, Type: Inline - RelativeCall 0x804E2744-->84ED97C9 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[168]iTunesHelper.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[1792]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[1792]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[1792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1792]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[1792]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[1792]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[1792]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]

[356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[3736]NclMSBTSrv.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[3820]Safari.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[620]PCSuite.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[764]PBDataSecure.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[820]PcSync2.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->accept, Type: Inline - DirectJump 0x71AC1040-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->closesocket, Type: Inline - DirectJump 0x71AB3E2B-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->connect, Type: Inline - DirectJump 0x71AB4A07-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->htons, Type: Inline - DirectJump 0x71AB2E53-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAAccept, Type: Inline - DirectJump 0x71AC0DC1-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAAsyncSelect, Type: Inline - DirectJump 0x71AC0991-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAConnect, Type: Inline - DirectJump 0x71AC0C81-->00000000 [unknown_code_page]

[956]msmsgs.exe-->ws2_32.dll-->WSAEventSelect, Type: Inline - DirectJump 0x71AB64D9-->00000000 [unknown_code_page]

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-10-01.07 - Paul Smith 02/10/2010 17:52:31.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.356 [GMT 1:00]

Running from: c:\documents and settings\Paul Smith\Desktop\ComboFix.exe

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\.wtav

c:\documents and settings\Jackie Walters\Application Data\alot

c:\documents and settings\Jackie Walters\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Jackie Walters\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Jackie Walters\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\Jackie Walters\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Jackie Walters\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Jackie Walters\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\products\products.xml

c:\documents and settings\Jackie Walters\Application Data\alot\products\products.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_2\images\default_1610_alot_weather_search.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\default_1007_alot_weather_widget.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\mcloud.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\nmcloud.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\pcloud.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_3\images\rain.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_4\images\default_1606_alot_new_newsrss.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_5\images\default_1609_alot_wea_radar.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_6\images\default_1524_alot_wea_info.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_7\images\1571_icon.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_7\images\1571_icon.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_7\images\default_1519_alot_tvg_tvlisting.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_7\images\default_1519_alot_tvg_tvlisting.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_8\images\default_2115_default_1222_alot_lot_results.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_8\images\default_2115_default_1222_alot_lot_results.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_9\images\default_1795_alot_configure.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Button_9\images\default_1795_alot_configure.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\Jackie Walters\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Jackie Walters\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\toolbar.xml

c:\documents and settings\Jackie Walters\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Jackie Walters\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\Jackie Walters\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Jackie Walters\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\Joel Walters-Smith\Application Data\alot

c:\documents and settings\Joel Walters-Smith\Desktop\Internet Explorer.lnk

c:\documents and settings\Paul Smith\Application Data\alot

c:\documents and settings\Paul Smith\GoToAssistDownloadHelper.exe

c:\program files\webserver

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WEBSERVER

-------\Legacy_WEBSERVER

((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))

.

2010-09-30 15:33 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-30 15:32 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-30 12:45 . 2010-09-30 13:02 -------- d-----w- c:\program files\ACW

2010-09-30 11:53 . 2010-09-30 11:53 -------- d-----w- c:\documents and settings\Jackie Walters\Application Data\ErrorTeck

2010-09-30 10:33 . 2010-09-30 10:59 -------- d-----w- c:\documents and settings\Paul Smith\Application Data\ErrorTeck

2010-09-30 10:25 . 2010-09-30 12:49 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-30 09:24 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-30 08:09 . 2010-09-30 12:57 -------- d-----w- c:\program files\MalBytes

2010-09-30 07:54 . 2010-09-30 07:55 -------- d-----w- c:\program files\obsolete 1

2010-09-30 07:21 . 2010-09-30 07:46 -------- d-----w- c:\program files\obsolete

2010-09-30 06:15 . 2010-09-30 06:15 -------- d--h--w- c:\windows\PIF

2010-09-29 19:36 . 2010-09-30 11:55 -------- d-----w- c:\documents and settings\Jackie Walters\Application Data\Spyware Terminator

2010-09-29 19:30 . 2010-09-29 19:30 -------- d-----w- c:\documents and settings\Joel Walters-Smith\Application Data\Spyware Terminator

2010-09-29 16:32 . 2010-09-29 16:38 -------- d-----w- c:\documents and settings\Paul Smith\Local Settings\Application Data\OpenCandy

2010-09-29 16:32 . 2010-09-29 18:44 -------- d-----w- c:\documents and settings\Paul Smith\Application Data\OpenCandy

2010-09-29 16:32 . 2010-09-29 16:32 257257 ----a-w- c:\documents and settings\Paul Smith\Application Data\OpenCandy\DLMGR3.exe

2010-09-29 16:32 . 2010-09-29 16:33 -------- d-----w- c:\program files\RAR File Open Knife - Free Opener

2010-09-29 16:31 . 2010-09-29 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NovaStor

2010-09-29 13:08 . 2010-09-29 13:08 -------- d-----w- c:\windows\Internet Logs

2010-09-29 11:29 . 2010-09-30 12:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-29 11:29 . 2010-09-30 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-09-29 11:21 . 2010-09-29 11:21 -------- d-----w- c:\program files\Trend Micro

2010-09-29 06:48 . 2010-09-29 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-29 06:44 . 2010-09-29 06:46 76016408 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe

2010-09-29 06:44 . 2010-09-29 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-29 06:33 . 2010-09-29 06:38 -------- d-----w- c:\program files\Windows Live Safety Center

2010-09-28 12:00 . 2010-09-28 12:07 -------- d-----w- c:\windows\Symbols

2010-09-28 08:08 . 2010-09-28 08:08 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-28 08:08 . 2010-09-28 08:08 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-28 08:08 . 2010-09-28 08:08 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-28 08:07 . 2010-09-28 08:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2010-09-28 08:06 . 2010-09-28 08:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-28 06:22 . 2010-09-29 15:56 63488 ----a-w- c:\documents and settings\Paul Smith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-28 06:22 . 2010-09-28 06:22 52224 ----a-w- c:\documents and settings\Paul Smith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-28 06:21 . 2010-09-29 15:56 117760 ----a-w- c:\documents and settings\Paul Smith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-28 06:21 . 2010-09-28 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-09-28 06:21 . 2010-09-28 06:21 -------- d-----w- c:\documents and settings\Paul Smith\Application Data\SUPERAntiSpyware.com

2010-09-28 06:20 . 2010-09-30 13:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-26 08:59 . 2010-09-30 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-25 19:02 . 2010-09-29 13:07 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-09-25 16:25 . 2010-09-25 16:12 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll

2010-09-25 16:06 . 2010-09-25 16:06 -------- d-----w- c:\program files\Common Files\iS3

2010-09-25 16:06 . 2010-09-25 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2010-09-25 12:08 . 2010-09-25 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norman

2010-09-19 19:03 . 2010-09-19 19:03 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe

2010-09-19 19:00 . 2010-09-19 19:00 -------- d-----w- c:\program files\iPod

2010-09-19 18:50 . 2010-09-19 18:50 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-15 19:24 . 2010-08-19 07:12 68176 ----a-w- c:\windows\system32\drivers\ale_nf64.sys

2010-09-15 19:24 . 2010-08-19 07:12 61472 ----a-w- c:\windows\system32\drivers\ale_nf.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 17:07 . 2007-09-18 21:36 -------- d-----w- c:\program files\Packard Bell Data Secure

2010-10-02 17:04 . 2007-11-11 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak

2010-09-30 11:58 . 2007-09-18 23:45 36104 ----a-w- c:\documents and settings\Paul Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-30 11:54 . 2007-09-19 14:25 36104 ----a-w- c:\documents and settings\Jackie Walters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-09-30 06:46 . 2010-09-29 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-09-29 13:04 . 2007-09-18 21:02 -------- d-----w- c:\program files\Sonic

2010-09-28 09:35 . 2008-03-24 10:26 -------- d-----w- c:\program files\Safari

2010-09-25 21:33 . 2010-09-25 21:33 0 ----a-w- c:\program files\Uniblue

2010-09-25 18:21 . 2007-10-31 17:48 -------- d-----w- c:\program files\GIMP-2.0

2010-09-25 18:19 . 2008-08-12 16:01 -------- d-----w- c:\program files\Yahoo!

2010-09-25 17:25 . 2009-02-03 11:53 -------- d-----w- c:\program files\Norman

2010-09-25 17:21 . 2010-09-25 17:21 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-09-19 19:10 . 2007-09-18 23:12 -------- d-----w- c:\program files\QuickTime

2010-09-19 19:01 . 2009-11-17 17:40 -------- d-----w- c:\program files\iTunes

2010-09-19 19:00 . 2007-09-21 11:47 -------- d-----w- c:\program files\Common Files\Apple

2010-09-14 06:23 . 2009-09-22 21:51 -------- d-----w- c:\program files\CCleaner

2010-09-13 06:57 . 2010-07-01 12:09 -------- d-----w- c:\documents and settings\Paul Smith\Application Data\Temp

2010-08-30 20:37 . 2010-07-01 15:29 -------- d-----w- c:\documents and settings\Jackie Walters\Application Data\Temp

2010-08-27 19:36 . 2010-08-27 19:36 -------- d-----w- c:\program files\Defraggler

2010-08-27 09:14 . 2010-08-27 09:14 503808 ----a-w- c:\documents and settings\Joel Walters-Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3affd950-n\msvcp71.dll

2010-08-27 09:14 . 2010-08-27 09:14 499712 ----a-w- c:\documents and settings\Joel Walters-Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3affd950-n\jmc.dll

2010-08-27 09:14 . 2010-08-27 09:14 348160 ----a-w- c:\documents and settings\Joel Walters-Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3affd950-n\msvcr71.dll

2010-08-27 09:14 . 2010-08-27 09:14 61440 ----a-w- c:\documents and settings\Joel Walters-Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5849499f-n\decora-sse.dll

2010-08-27 09:14 . 2010-08-27 09:14 12800 ----a-w- c:\documents and settings\Joel Walters-Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5849499f-n\decora-d3d.dll

2010-08-27 07:26 . 2010-08-27 07:26 503808 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-29559279-n\msvcp71.dll

2010-08-27 07:26 . 2010-08-27 07:26 61440 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a02763-n\decora-sse.dll

2010-08-27 07:26 . 2010-08-27 07:26 499712 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-29559279-n\jmc.dll

2010-08-27 07:26 . 2010-08-27 07:26 12800 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-72a02763-n\decora-d3d.dll

2010-08-27 07:26 . 2010-08-27 07:26 348160 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-29559279-n\msvcr71.dll

2010-08-21 19:09 . 2010-08-21 19:09 61440 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-71ac78c1-n\decora-sse.dll

2010-08-21 19:09 . 2010-08-21 19:09 503808 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79cf744f-n\msvcp71.dll

2010-08-21 19:09 . 2010-08-21 19:09 499712 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79cf744f-n\jmc.dll

2010-08-21 19:09 . 2010-08-21 19:09 348160 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-79cf744f-n\msvcr71.dll

2010-08-21 19:09 . 2010-08-21 19:09 12800 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-71ac78c1-n\decora-d3d.dll

2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 07:52 . 2010-08-16 07:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-08-16 07:52 . 2010-08-16 07:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-08-16 07:52 . 2010-08-16 07:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-08-16 07:52 . 2010-08-16 07:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-08-16 07:52 . 2010-08-16 07:52 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-08-16 07:52 . 2010-08-16 07:52 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-08-16 07:52 . 2010-08-16 07:52 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-08-16 07:52 . 2010-08-16 07:52 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-08-16 07:52 . 2010-08-16 07:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-08-16 07:51 . 2007-12-18 10:38 -------- d-----w- c:\program files\Common Files\Real

2010-08-16 07:51 . 2007-12-18 10:38 -------- d-----w- c:\program files\Real

2010-08-16 07:51 . 2010-08-16 07:51 -------- d-----w- c:\program files\Common Files\xing shared

2010-08-16 07:50 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-08-16 07:50 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-08-16 07:45 . 2007-09-21 16:29 -------- d-----w- c:\program files\Google

2010-07-26 15:09 . 2010-07-10 18:55 452104 ----a-w- c:\documents and settings\Jackie Walters\Application Data\Real\Update\setup3.12\setup.exe

2010-07-22 15:49 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-17 10:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-16 18:11 . 2010-07-16 18:11 503808 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c3c256e-n\msvcp71.dll

2010-07-16 18:11 . 2010-07-16 18:11 499712 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c3c256e-n\jmc.dll

2010-07-16 18:11 . 2010-07-16 18:11 348160 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2c3c256e-n\msvcr71.dll

2010-07-16 18:11 . 2010-07-16 18:11 12800 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-74d9cc4d-n\decora-d3d.dll

2010-07-16 18:11 . 2010-07-16 18:11 61440 ----a-w- c:\documents and settings\Paul Smith\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-74d9cc4d-n\decora-sse.dll

2010-07-16 18:09 . 2010-07-16 18:10 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-10 19:48 . 2007-09-19 18:25 36104 ----a-w- c:\documents and settings\Joel Walters-Smith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

[7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe

[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe

[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe

[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe

[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe

[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe

[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe

[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe

[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe

[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe

[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe

[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe

[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

[7] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe

[7] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe

[7] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe

[7] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe

[7] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe

[7] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iexplore.exe

[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe

[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe

[7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-26 68856]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

"Packard Bell Data Secure"="c:\program files\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-16 202256]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2010-01-29 189824]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 335872]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DSLMON.lnk - c:\program files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe [2010-7-14 929889]

HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]

HP Image Zone Fast Start.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sp_rssrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9322:TCP"= 9322:TCP:EKDiscovery

"9323:TCP"= 9323:TCP:*:Disabled:EKDiscovery

R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [21/08/2010 09:08 26744]

R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [21/08/2010 09:08 72392]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [17/05/2010 14:24 308592]

R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [15/10/2009 18:04 22880]

R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [21/08/2010 09:08 219904]

R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [21/08/2010 09:08 103016]

R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [21/08/2010 09:08 40384]

R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [17/01/2010 10:01 98776]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]

R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [16/07/2003 21:39 12800]

R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [17/06/2010 20:36 282624]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [03/02/2009 12:53 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [26/06/2009 20:21 210248]

R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [17/01/2010 10:01 133272]

S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [11/11/2007 10:28 15104]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/02/2010 19:35 135664]

S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE --> c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

.

Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 18:35]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-09 18:35]

2010-10-01 c:\windows\Tasks\Packard Bell Data Secure for Jackie Walters.job

- c:\program files\Packard Bell Data Secure\DSMsg.exe [2006-04-13 12:50]

2010-09-29 c:\windows\Tasks\Packard Bell Data Secure for Joel Walters-Smith.job

- c:\program files\Packard Bell Data Secure\DSMsg.exe [2006-04-13 12:50]

2010-10-02 c:\windows\Tasks\Packard Bell Data Secure for Paul Smith.job

- c:\program files\Packard Bell Data Secure\DSMsg.exe [2006-04-13 12:50]

2010-10-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1417001333-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-10-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1417001333-725345543-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-09-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1417001333-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

2010-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1417001333-725345543-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://forums.malwarebytes.org/index.php?showtopic=9573

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKCU-Run-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

HKLM-Run-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe

HKLM-Run-RegisterDropHandler - c:\program files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe

HKLM-Run-InstantAccess - c:\program files\ScannerU\TBRIDGE\BIN\InstantAccess.exe

HKLM-Run-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe

HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-02 18:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystem]

"ServiceDll"="c:\windows\System32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc]

"ImagePath"="System32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk]

"ImagePath"="System32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ftdisk]

"ImagePath"="System32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GEARAspiWDM]

"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Gpc]

"ImagePath"="System32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gupdate]

"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hkmsvc]

"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZid412]

"ImagePath"="System32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZipr12]

"ImagePath"="System32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZius12]

"ImagePath"="System32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i8042prt]

"ImagePath"="System32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Imapi]

"ImagePath"="System32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC51]

"ImagePath"="System32\DRIVERS\IntelC51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC52]

"ImagePath"="System32\DRIVERS\IntelC52.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC53]

"ImagePath"="System32\DRIVERS\IntelC53.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\intelppm]

"ImagePath"="System32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ip6fw]

"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpFilterDriver]

"ImagePath"="System32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpInIp]

"ImagePath"="System32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpNat]

"ImagePath"="System32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IPSec]

"ImagePath"="System32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IRENUM]

"ImagePath"="System32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\isapnp]

"ImagePath"="System32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\JavaQuickStarterService]

"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kbdclass]

"ImagePath"="System32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kodak AiO Network Discovery Service]

"ImagePath"="c:\program files\Kodak\AiO\Center\ekdiscovery.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc]

"ImagePath"="c:\windows\System32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MODEMCSA]

"ImagePath"="system32\drivers\MODEMCSA.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mohfilt]

"ImagePath"="System32\DRIVERS\mohfilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mouclass]

"ImagePath"="System32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxDAV]

"ImagePath"="System32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxSmb]

"ImagePath"="System32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC]

"ImagePath"="c:\windows\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mssmbios]

"ImagePath"="System32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\napagent]

"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndiskio]

"ImagePath"="\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisTapi]

"ImagePath"="System32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndisuio]

"ImagePath"="System32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisWan]

"ImagePath"="System32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBIOS]

"ImagePath"="System32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NGS]

"ImagePath"="\??\c:\program files\norman\ngs\bin\ngs.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nmwcd]

"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nmwcdc]

"ImagePath"="system32\drivers\ccdcmbo.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NNFSVC]

"ImagePath"="\"c:\program files\Norman\Ngs\Bin\Nnf.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norman NJeeves]

"ImagePath"="\"c:\program files\Norman\Npm\Bin\Njeeves.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norman ZANDA]

"ImagePath"="\"c:\program files\Norman\Npm\Bin\Zanda.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NPROSEC]

"ImagePath"="\??\c:\program files\Norman\Ngs\Bin\nprosec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NPROSECSVC]

"ImagePath"="\"c:\program files\Norman\Ngs\Bin\Nprosec.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nregsec]

"ImagePath"="\??\c:\program files\Norman\Ngs\Bin\nregsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nsesvc]

"ImagePath"="\"c:\program files\Norman\Nse\bin\NSESVC.EXE\" -daemon"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NvcMFlt]

"ImagePath"="system32\DRIVERS\nvcw32mf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nvcoas]

"ImagePath"="\"c:\program files\Norman\Nvc\bin\nvcoas.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVCScheduler]

"ImagePath"="c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVOY]

"ImagePath"="\"c:\program files\Norman\npm\bin\nvoy.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFlt]

"ImagePath"="System32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFwd]

"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OMCI]

"ImagePath"="\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Parport]

"ImagePath"="System32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pccsmcfd]

"ImagePath"="system32\DRIVERS\pccsmcfd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI]

"ImagePath"="System32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIIde]

"ImagePath"="System32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pml Driver HPZ12]

"ImagePath"="c:\windows\System32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PptpMiniport]

"ImagePath"="System32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Processor]

"ImagePath"="System32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSched]

"ImagePath"="System32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ptilink]

"ImagePath"="System32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rasl2tp]

"ImagePath"="System32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasPppoe]

"ImagePath"="System32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Raspti]

"ImagePath"="System32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rdbss]

"ImagePath"="System32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook]

"ImagePath"="System32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RFCOMM]

"ImagePath"="system32\DRIVERS\rfcomm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocator]

"ImagePath"="%SystemRoot%\System32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RSVP]

"ImagePath"="%SystemRoot%\System32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Scheduler]

"ImagePath"="\"c:\program files\Norman\Npm\Bin\scheduler.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Secdrv]

"ImagePath"="System32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serenum]

"ImagePath"="System32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial]

"ImagePath"="System32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceLayer]

"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smwdm]

"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\spkrmon]

"ImagePath"="c:\program files\Analog Devices\SoundMAX\spkrmon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sr]

"ImagePath"="System32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ss_bus]

"ImagePath"="system32\DRIVERS\ss_bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ss_mdfl]

"ImagePath"="system32\DRIVERS\ss_mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ss_mdm]

"ImagePath"="system32\DRIVERS\ss_mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\StarOpen]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swenum]

"ImagePath"="System32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrv]

"ImagePath"="c:\windows\System32\dllhost.exe /Processid:{257DA388-D2E4-47F4-9862-96703F556B01}"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip]

"ImagePath"="System32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermDD]

"ImagePath"="System32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TomTomHOMEService]

"ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Update]

"ImagePath"="System32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upperdev]

"ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp]

"ImagePath"="System32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci]

"ImagePath"="System32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub]

"ImagePath"="System32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint]

"ImagePath"="System32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbser]

"ImagePath"="system32\drivers\usbser.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UsbserFilt]

"ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBSTOR]

"ImagePath"="System32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci]

"ImagePath"="System32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp]

"ImagePath"="System32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wdf01000]

"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv]

"ImagePath"="c:\windows\System32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc]

"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL]

"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{04FB43D7-58CF-4CDF-AA95-23246FA53BDB}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{D7041EE5-1E88-4FB2-A370-74C52A68F1F6}]

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{EA862727-D979-4C76-98CA-63DD8C2AB9AE}]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2664)

c:\windows\system32\WININET.dll

c:\program files\Norman\nvc\bin\Niphk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Norman\Npm\Bin\Elogsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Norman\Npm\Bin\Zanda.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Norman\Npm\Bin\Njeeves.exe

c:\program files\Norman\Nvc\Bin\Nip.exe

c:\program files\Norman\Nvc\Bin\cclaw.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

.

**************************************************************************

.

Completion time: 2010-10-02 18:13:29 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-02 17:13

Pre-Run: 113,090,064,384 bytes free

Post-Run: 113,138,954,240 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - C9A366095BBF599EAD34C9E03162EC86

Link to post
Share on other sites

  1. Please download mbrcheck from Here
  2. Save that file to your desktop and double click on it to run it.
  3. It will show a Black screen with some data on it then hit any key to continue.
  4. Once it finishes there will be a log produced on your desktop that is labeled mbrcheck*.txt (where the * is date)
  5. Please post the contents of that log in your next reply.

Link to post
Share on other sites

Unfortunately I am now unable to start my computer. It starts to boot but before it gets to the windows login screen I get a fatal error 'Stop c000021a'.

The last thing that happened with the computer was my Antivius scanner Norman ran a scan via its screen saver mode and quarantined a file that ended C:/......../killAV (I think). I am now assuming that I will need to reinstall Windows XP!!!!

Link to post
Share on other sites

I am sorry but I do not know the full file name only that it ended killAV. I assumed that we had made more files visible to anti virus/antimalware programs such as Norman Security Suite and it was starting to remove some of these horrible files.

Link to post
Share on other sites

That is fine we will attempt to get it back up and going.

When you ran Combofix it installed something called the Recovery Console.

It is made by Microsoft to give a dos environment to fix an unbootable computer.

We will need to use this to try to recover the machine.

First let's try to restore the registry.

Please reboot the system instead of booting normally you will see 2 options one is the Recovery Console.

Select it and then press enter.

Once the Recovery Console loads up, you will have to type in a number that corresponds to your Windows installation. This is normally just 1. Press Enter and then type in the Administrator password.

If no password then leave it blank then hit enter.

It should look like this recoveryconsole-thumb.png

Then at the C:\Windows prompt type cd \ and press "Enter".

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

After you press enter you will see a list of folders (like rp1, rp2) If the list of restore points has more than one page then press the "Enter" key until you reach the end of the list

Type cd rp {number of the second to last folder in the list} and press "Enter".

Note: Example: cd rp9 if the last restore point is rp10

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Type exit and press "Enter".

Your PC will reboot.

=======================

If you get an access denied error when doing the above, then do the following at the recovery console:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

=====================

Let me know if that get's you back into Windows.

Link to post
Share on other sites

I am afraid that I have failed again!

I got into Windows Recovery Console from F8 and then:

At the C:\Windows prompt type cd \ and press "Enter".

Type cd system~1\_resto~1 and press "Enter".

I had trouble with the ~ symbol but found it via shift ` (next to number 1)

I then had access denied. So I then:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

I then had a message that said 'file already exists'

I then typed exit and rebooted back to the Windows Recovery Console.

But now at the C:\Windows prompt which Windows would you like to log onto I can not type in anything. The 'enter' key does not work either. The keyboard does seem to work when I get into F8 menu.

Thank you for your patience with me.

Link to post
Share on other sites

Weird try to reboot and see if it works again.

Sometimes the keyboard will not initialize in the recovery environment.

If you are able to get back into the recovery console and you have to type in system.bak if it says it already exists then type a different extension such as system.bak2.

Let me know if you can do the steps.

Link to post
Share on other sites

I think that the keyboard is just trying to annoy me. If I go into Recovery Console and do anything then I have to leave the computer turned off for 5 minutes before the keyboard will work in Recovery Console.

I managed to get in and:

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak2 and press "Enter".

Type exit and press "Enter".

Then at the C:\Windows prompt type cd \ and press "Enter".

Type cd system~1\_resto~1 and press "Enter".

Type dir and press "Enter".

Highest RP was 35. This was next to a 'code' d_ _ _ _ _ _ _ _ .This was the same on RP34. All other RP entries were d_ _ _ _ _ c_ _

I typed cd rp34 and press "Enter".

Type cd snapshot and press "Enter".

Type copy _registry_machine_system c:\windows\system32\config\system and press "Enter".

Type copy _registry_machine_software c:\windows\system32\config\software and press "Enter".

Overwrite software YES/NO/ALL. I typed Y

Type exit and press "Enter"

I rebooted the system but again I got the fatal error screen come up.

I went through the process again this time I used system.bak3 and used rp33 and overwrite all software. I still get the fatal error screen come up.

I went through the process again this time used system.bak4 and used rp21 and overwrite all software. I still get the fatal error screen.

I hope I have not made things worse, if that is possible.

Link to post
Share on other sites

Well that may work my only hesitation is the service pack difference.

Sp1a and you have sp3.

Let's give it a shot.

Place the service pack 1a disk into the cd drive.

If it asks to Press any key to boot simply ignore the line.

Instead of booting normally you will see 2 options one is the Recovery Console.

Select it and then press enter.

Once the Recovery Console loads up, you will have to type in a number that corresponds to your Windows installation. This is normally just 1. Press Enter and then type in the Administrator password.

If no password then leave it blank then hit enter.

It should look like this recoveryconsole-thumb.png

When you get there type the following commands.

ren C:\Windows\explorer.exe explorer.vir then hit enter.

ren C:\Windows\system32\winlogon.exe winlogon.vir then hit enter.

Then type expand D:\I386\explorer.ex_ C:\Windows\ then hit Enter

Then type expand D:\I386\winlogon.ex_ C:\Windows\system32\ then hit Enter

It should say one file(s) expanded.

If it does then type exit at the next prompt then the computer will reboot.

See then of it boots normally.

Link to post
Share on other sites

Unfortunately all I got was "The file could not be expanded". This is exactly how I typed the commands.

C:\WINDOWS>expand(space)D:\I386\explorer.ex_C:\Windows\

"The file could not be expanded"

C:\WINDOWS>(space)expand(space)D:\I386\explorer.ex_(space)C:\Windows\

"The file could not be expanded"

C:\WINDOWS>(space)expand(space)D:\I386\explorer.ex_C:\Windows\

"The file could not be expanded"

C:\WINDOWS>expand(space)D:\I386\winlogon.ex_C:\Windows\system32\

"The file could not be expanded"

C:\WINDOWS>(space)expand(space)D:\I386\winlogon.ex_(space)C:\Windows\system32\

"The file could not be expanded"

C:\WINDOWS>(space)expand(space)D:\I386\winlogon.ex_C:\Windows\system32\

"The file could not be expanded"

If I try to restart and type:

ren C:\Windows\explorer.exe explorer.vir then hit enter.

"The system cannot find the file or directory specified"

ren C:\Windows\system32\winlogon.exe winlogon.vir then hit enter.

"The system cannot find the file or directory specified"

Link to post
Share on other sites

Hi you have to try the rename command first.

Really strange it did not work.

I have tested those commands and they are indeed correct.

First do the ren if it says it cannot find the file specified then it is missing.

It is also possible that the cd drive is a different letter,

If this is the case then when you get to the recovery prompt ( C:\Windows) type in Map then hit Enter.

This will display the devices it can see and one of them will be your cd drive.

See what drive letter it is it is typically D: but it may be E: or something similar.

So if that is the case then you will need to change the drive letter to match the drive letter your cd drive is.

Ex: expand E:\I386\explorer.ex_ C:\Windows\

Please try it once more trying those different things.

Link to post
Share on other sites

Sorry I did not make it clear but the first thing I did was type:

ren C:\Windows\explorer.exe explorer.vir then hit enter.

display went to C:Windows>

I then typed

ren C:\Windows\system32\winlogon.exe winlogon.vir then hit enter.

display went to C:Windows>

I then typed:

C:\WINDOWS>expand(space)D:\I386\explorer.ex_C:\Windows\

Display reads "The file could not be expanded"

I then typed

C:\WINDOWS>expand(space)D:\I386\winlogon.ex_C:\Windows\system32\

"The file could not be expanded"

I then tried inserting and deleting spaces in the last two commands (C:\WINDOWS>expandD:\I386\explorer.ex_C:\Windows\ & C:\WINDOWS>expandD:\I386\winlogon.ex_C:\Windows\system32\) to try to get the file to expand.

It was only then that I tried to start from the beginning again and that is when I typed:

ren C:\Windows\explorer.exe explorer.vir then hit enter.

ren C:\Windows\system32\winlogon.exe winlogon.vir then hit enter.

It is then that I got the message "The system cannot find the file or directory specified".

I will try checking my CD drive letter tomorrow and try to expand the files then.

Many thanks.

Link to post
Share on other sites

Good Morning

I have just successfully expanded the 2 files expand D:\I386\explorer.ex_ C:\Windows\ & expand D:\I386\winlogon.ex_ C:\Windows\system32\ . I used my external hard drive which is faster and more reliable.

I rebooted and this time I got to the Windows is starting up screen which displayed for approx. 8 seconds but then went to the same fatal screen as before ( 'Stop c000021a'). I tried to reboot my computer in safe mode but again I got through to the windows starting up screen for about 8 seconds and then back to the fatal windows screen.

Link to post
Share on other sites

Ok it probably didn't work because of the differences in the service packs.

Boot back into the Recovery Console then type in this cd $ntservicepackuninstall$\spuninst then hit Enter.

Then type this batch spuninst.txt, and then press ENTER.

This will remove SP3 and replace explorer and Winlogon.exe type exit when it is done and it will restart the system.

Let me know if that gets you back into Windows.

Link to post
Share on other sites

What a genius!! Thank you.

I now have my computer back up and running where we were 6 days ago.

I am still running on Service Pack 1 and will continue until you tell me otherwise. I am also turning Norman off and taking the risk of no Antivirus. But I am only connecting when required to.

I have downloaded and ran mbrcheck and posted the results below.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001d

Kernel Drivers (total 123):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806EC000 \WINDOWS\system32\hal.dll

0xF7CA4000 \WINDOWS\system32\KDCOM.DLL

0xF7BB4000 \WINDOWS\system32\BOOTVID.dll

0xF7755000 ACPI.sys

0xF7CA6000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF7744000 pci.sys

0xF77A4000 isapnp.sys

0xF7D6C000 pciide.sys

0xF7A24000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF77B4000 MountMgr.sys

0xF7725000 ftdisk.sys

0xF7A2C000 PartMgr.sys

0xF77C4000 VolSnap.sys

0xF770D000 atapi.sys

0xF77D4000 disk.sys

0xF77E4000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF76ED000 fltmgr.sys

0xF76DB000 sr.sys

0xF77F4000 PxHelp20.sys

0xF76C4000 KSecDD.sys

0xF76B1000 WudfPf.sys

0xF7624000 Ntfs.sys

0xF75F7000 NDIS.sys

0xF75DC000 Mup.sys

0xF7874000 \SystemRoot\System32\DRIVERS\intelppm.sys

0xF74B6000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xF74A2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF7474000 \SystemRoot\system32\DRIVERS\b57xp32.sys

0xF7B5C000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF7451000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF7B64000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF78C4000 \SystemRoot\System32\DRIVERS\IntelC53.sys

0xF742E000 \SystemRoot\System32\DRIVERS\ks.sys

0xF7307000 \SystemRoot\System32\DRIVERS\IntelC51.sys

0xF7272000 \SystemRoot\System32\DRIVERS\IntelC52.sys

0xF7B6C000 \SystemRoot\System32\DRIVERS\mohfilt.sys

0xF7B74000 \SystemRoot\System32\Drivers\Modem.SYS

0xF71DC000 \SystemRoot\system32\drivers\smwdm.sys

0xF71B8000 \SystemRoot\system32\drivers\portcls.sys

0xF78D4000 \SystemRoot\system32\drivers\drmk.sys

0xF7CF2000 \SystemRoot\system32\drivers\aeaudio.sys

0xF7B7C000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF78E4000 \SystemRoot\System32\DRIVERS\i8042prt.sys

0xF7B84000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF7B8C000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF71A4000 \SystemRoot\System32\DRIVERS\parport.sys

0xF7934000 \SystemRoot\System32\DRIVERS\serial.sys

0xF7C98000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF7944000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF7954000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF7964000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF7B9C000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7DE1000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF7974000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF7CA0000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF718D000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF7984000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF7994000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF7BA4000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF717C000 \SystemRoot\System32\DRIVERS\psched.sys

0xF79A4000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF7BAC000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF7A4C000 \SystemRoot\System32\DRIVERS\raspti.sys

0xF79B4000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF7CF4000 \SystemRoot\System32\DRIVERS\swenum.sys

0xF7083000 \SystemRoot\System32\DRIVERS\update.sys

0xF7597000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF7A14000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7824000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF7CF6000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xF7C50000 \SystemRoot\system32\drivers\MODEMCSA.sys

0xF7A74000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xEEFD7000 \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys

0xF7CFA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7D88000 \SystemRoot\System32\Drivers\Null.SYS

0xF7CFC000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7A84000 \SystemRoot\System32\drivers\vga.sys

0xF7CFE000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7D00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7A8C000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7A94000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7C64000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xEEFA4000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xEEF4C000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xEEF24000 \SystemRoot\System32\DRIVERS\netbt.sys

0xF7C74000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xEEF02000 \SystemRoot\System32\drivers\afd.sys

0xF78F4000 \SystemRoot\System32\DRIVERS\netbios.sys

0xF7AB4000 \SystemRoot\System32\Drivers\StarOpen.SYS

0xEEEE1000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xF78A4000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xEEEB6000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xF7C8C000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS

0xF7ABC000 \??\c:\program files\norman\ngs\bin\ngs.sys

0xEEE1F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xF716C000 \SystemRoot\System32\Drivers\Fips.SYS

0xF7ACC000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xF713C000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xEED67000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7D2A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xEEEA6000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7B14000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7DA4000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF049000 \SystemRoot\System32\ati2cqag.dll

0xBF083000 \SystemRoot\System32\ati3duag.dll

0xBF257000 \SystemRoot\System32\ativvaxx.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xEDC3B000 \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS

0xEDC3F000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xED9A3000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xF7CD6000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xEDB8F000 \??\C:\Program Files\Norman\Ngs\Bin\nregsec.sys

0xED7AE000 \SystemRoot\system32\drivers\wdmaud.sys

0xED95B000 \SystemRoot\system32\drivers\sysaudio.sys

0xED5F6000 \SystemRoot\System32\DRIVERS\srv.sys

0xED2AF000 \SystemRoot\system32\DRIVERS\nvcw32mf.sys

0xED1A6000 \SystemRoot\System32\Drivers\HTTP.sys

0xF7E03000 \??\C:\Program Files\Norman\Npm\Bin\NmchInjDrv.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):

0 System Idle Process

4 System

552 C:\WINDOWS\system32\smss.exe

608 C:\WINDOWS\system32\csrss.exe

632 C:\WINDOWS\system32\winlogon.exe

676 C:\WINDOWS\system32\services.exe

688 C:\WINDOWS\system32\lsass.exe

832 C:\Program Files\Norman\Npm\Bin\elogsvc.exe

844 C:\Program Files\Norman\Ngs\Bin\nnf.exe

872 C:\Program Files\Norman\Ngs\Bin\nprosec.exe

940 C:\WINDOWS\system32\ati2evxx.exe

956 C:\WINDOWS\system32\svchost.exe

1028 C:\WINDOWS\system32\svchost.exe

1064 C:\WINDOWS\system32\svchost.exe

1108 C:\WINDOWS\system32\svchost.exe

1172 C:\Program Files\Norman\Npm\Bin\Zanda.exe

1224 C:\Program Files\Norman\Npm\Bin\nvoy.exe

1268 C:\WINDOWS\system32\svchost.exe

1300 C:\WINDOWS\system32\svchost.exe

1416 C:\WINDOWS\system32\spoolsv.exe

1496 C:\WINDOWS\system32\svchost.exe

1528 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1568 C:\Program Files\Bonjour\mDNSResponder.exe

1580 C:\WINDOWS\system32\svchost.exe

1644 C:\Program Files\Java\jre6\bin\jqs.exe

1716 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

1772 C:\WINDOWS\system32\svchost.exe

1808 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

164 C:\WINDOWS\system32\wuauclt.exe

372 C:\WINDOWS\system32\alg.exe

532 C:\Program Files\Norman\Npm\Bin\scheduler.exe

584 C:\Program Files\Norman\Npm\Bin\Njeeves.exe

804 C:\Program Files\Norman\Nse\Bin\Nsesvc.exe

1904 C:\Program Files\Norman\nvc\bin\Nvcoas.exe

2200 C:\WINDOWS\explorer.exe

2748 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

2756 C:\Program Files\Norman\Npm\Bin\Zlh.exe

2780 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

3068 C:\Program Files\Norman\nvc\bin\Nip.exe

3108 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

3176 C:\Program Files\Norman\nvc\bin\CClaw.exe

3264 C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe

3292 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

3472 C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\DSLMON.exe

3860 C:\WINDOWS\system32\wscntfy.exe

3936 C:\Program Files\HP\digital imaging\bin\hpqgalry.exe

1380 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

2124 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

1908 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

1744 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

304 C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

3836 C:\Program Files\Safari\Safari.exe

4040 C:\Program Files\Norman\Npm\Bin\niu.exe

808 C:\Documents and Settings\Paul Smith\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JD-75HBB0, Rev: 08.02D08

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Great :)

I would like to see what is left over.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

I have finally managed to get Malwarebytes to run and below is the log:

My system did not meet the minimum requirements for Kaspersky Online Scanner as Windows XP SP2 is required. I will take it one step at a time and wait for you to tell me to update Windows as we have only just removed SP3 to get the computer to work.

I will await your next reply.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4778

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

08/10/2010 14:48:36

mbam-log-2010-10-08 (14-48-36).txt

Scan type: Quick scan

Objects scanned: 167542

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Paul Smith\Desktop\OTL.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

C:\WINDOWS\explorer.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\WINDOWS\winlogon.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.