Need help to remove Netbt.Sys virus, following the 8 steps

Solved
By bonmotwang
Nov 4, 2010
Topic Status:
Not open for further replies.
  1. Norton reported Netbt.sys virus.
    So I followed the 8 steps. but with DDS, I only got DDS.txt, and I won't be able to close it after scan.
    But anyway, I need my computer to be cleaned.
    Thank you!

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,433   +252

  3. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    Sorry, Here are the logs

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5034

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    04/11/2010 10:14:25 AM
    mbam-log-2010-11-04 (10-14-25).txt

    Scan type: Quick scan
    Objects scanned: 156321
    Time elapsed: 8 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)

    ===============================================
    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit quick scan 2010-11-04 12:45:51
    Windows 6.0.6002 Service Pack 2
    Running: pd7wmbf0.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kwryrpob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sectors 195371339 (+1): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHTS721010G9SA00_________________________MCZIC14V#4&2f17976&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Processes - GMER 1.0.15 ----

    Process wscstub.exe (*** hidden *** ) 4492

    ---- EOF - GMER 1.0.15 ----

    ===================================================

    DDS (Ver_10-11-03.01) - NTFSx86
    Run by Paul at 13:15:31.86 on 04/11/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1377 [GMT -4:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\IPSSVC.EXE
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Windows\System32\TPHDEXLG.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\VMSnap3.exe
    C:\Windows\Domino.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
    C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Altium Designer Winter 09\dxp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Users\Paul\AppData\Local\Temp\BA4.tmp\MBR.DAT
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Paul\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    uStart Page = about:blank
    uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    mWinlogon: Userinit=c:\windows\system32\Userinit.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [AdobeBridge]
    mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [<NO NAME>]
    mRun: [TpShocks] TpShocks.exe
    mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
    mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    mRun: [VMSnap3] c:\windows\VMSnap3.exe
    mRun: [Domino] c:\windows\Domino.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [gemstrmw] c:\windows\system32\gemstrmw.exe /r
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Gemplus Reader Resource Manager] c:\program files\icbcebanktools\gemplus\gemsafe libraries\bin\RRMSVR.exe
    mRun: [RegTool] c:\program files\icbcebanktools\gemplus\gemsafe libraries\bin\RegTool.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
    IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
    IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: com.cn\mybank.icbc
    Trusted Zone: com.cn\vip.icbc
    Trusted Zone: com.cn\www.icbc
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
    DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.05.04&unknown&unknown&http://www.seaeagle.com/vp/375fc.asp
    DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
    DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
    DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
    DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
    DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://bonmot.spaces.live.com/PhotoUpload/VistaMsnPUplden-ca.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
    DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    LSA: Notification Packages = scecli psqlpwd ACGina
    mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-24 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-24 173104]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-11-1 692272]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-24 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-10-20 13744]
    R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-24 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-24 339504]
    R2 altio;altio;c:\program files\altium designer winter 09\system\drivers\altio.sys [2004-5-31 3200]
    R2 hios6;hios6;c:\windows\system32\drivers\HIOS6.SYS [2010-1-15 15899]
    R2 hwhios6;hwhios6;c:\windows\system32\drivers\HWHIOS6.SYS [2010-1-15 7144]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-3 304464]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
    R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 55936]
    R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2006-12-14 569344]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-1 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]
    R3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\drivers\Chip_smc.sys [2007-10-26 14336]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-3 20952]
    R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2007-4-3 14592]
    R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
    S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\drivers\icd2w2k.sys [2004-3-22 12427]
    S2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\drivers\icd2w2kl.sys [2004-3-22 16556]
    S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2008-7-13 6656]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    S3 GD_USB;USB Chip Service;c:\windows\system32\drivers\Chip_usb.sys [2010-10-2 12672]
    S3 GKeyUSB;GKeyUSB;c:\windows\system32\drivers\gkeyusb.sys [2005-5-19 71040]
    S3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\drivers\htcusbmdmv32.sys [2007-1-29 97280]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-10 28672]
    S3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\drivers\mqb2all.sys [2007-10-19 15960]
    S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\realicebulk.sys [2007-4-5 12160]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-5-12 475136]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

    =============== File Associations ===============

    txtfile=c:\windows\notepad.exe %1

    =============== Created Last 30 ================

    2010-11-04 02:54:17 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
    2010-11-01 16:27:33 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
    2010-10-24 21:48:58 -------- d-----w- c:\program files\iPod
    2010-10-24 21:48:44 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-10-24 21:48:43 -------- d-----w- c:\program files\iTunes
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-10-24 21:34:58 -------- d-----w- c:\program files\Bonjour
    2010-10-14 20:14:39 624056 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.285\mframe.dll
    2010-10-14 20:14:39 312768 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.285\ppp.dll
    2010-10-13 21:58:05 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-13 21:58:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 21:56:09 531968 ----a-w- c:\windows\system32\comctl32.dll

    ==================== Find3M ====================

    2010-10-02 15:16:24 5632 ----a-w- c:\windows\system32\ChipCo.dll
    2010-10-02 15:16:02 4608 ----a-w- c:\windows\system32\R5CoInst.dll
    2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-22 16:24:12 185 ----a-w- c:\windows\system32\msblcd32.dll
    2010-09-22 16:23:06 212240 ----a-w- c:\windows\system32\richtx32.ocx
    2010-09-22 16:23:05 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
    2010-09-22 16:23:04 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2010-09-22 16:23:03 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

    ============= FINISH: 13:18:19.90 ===============
  4. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  5. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    2010/11/04 22:12:32.0443 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
    2010/11/04 22:12:32.0443 ================================================================================
    2010/11/04 22:12:32.0443 SystemInfo:
    2010/11/04 22:12:32.0443
    2010/11/04 22:12:32.0443 OS Version: 6.0.6002 ServicePack: 2.0
    2010/11/04 22:12:32.0443 Product type: Workstation
    2010/11/04 22:12:32.0443 ComputerName: T60P-PAUL
    2010/11/04 22:12:32.0443 UserName: Paul
    2010/11/04 22:12:32.0443 Windows directory: C:\Windows
    2010/11/04 22:12:32.0443 System windows directory: C:\Windows
    2010/11/04 22:12:32.0443 Processor architecture: Intel x86
    2010/11/04 22:12:32.0443 Number of processors: 2
    2010/11/04 22:12:32.0443 Page size: 0x1000
    2010/11/04 22:12:32.0443 Boot type: Normal boot
    2010/11/04 22:12:32.0443 ================================================================================
    2010/11/04 22:12:34.0752 Initialize success
    2010/11/04 22:12:46.0561 ================================================================================
    2010/11/04 22:12:46.0561 Scan started
    2010/11/04 22:12:46.0561 Mode: Manual;
    2010/11/04 22:12:46.0561 ================================================================================
    2010/11/04 22:12:48.0636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2010/11/04 22:12:48.0698 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
    2010/11/04 22:12:48.0870 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/04 22:12:48.0932 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2010/11/04 22:12:49.0010 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2010/11/04 22:12:49.0135 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2010/11/04 22:12:49.0198 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2010/11/04 22:12:49.0244 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2010/11/04 22:12:49.0291 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2010/11/04 22:12:49.0400 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
    2010/11/04 22:12:49.0432 aliide (63fe281d76c5703f97bc37483db78b51) C:\Windows\system32\drivers\aliide.sys
    2010/11/04 22:12:49.0541 altio (5e90a956526086634547bf8093feb699) C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
    2010/11/04 22:12:49.0697 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2010/11/04 22:12:49.0728 amdide (654044212c625a4582797b42d4b1bd89) C:\Windows\system32\drivers\amdide.sys
    2010/11/04 22:12:49.0759 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2010/11/04 22:12:49.0790 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2010/11/04 22:12:49.0931 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2010/11/04 22:12:49.0946 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2010/11/04 22:12:49.0993 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/04 22:12:50.0040 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2010/11/04 22:12:50.0118 athr (044dcfc10b9144725b0e59ac319759e3) C:\Windows\system32\DRIVERS\athr.sys
    2010/11/04 22:12:50.0336 atikmdag (107d6792a9473b9bfb553b0465460564) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/11/04 22:12:50.0555 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2010/11/04 22:12:50.0695 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
    2010/11/04 22:12:50.0898 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/04 22:12:50.0945 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2010/11/04 22:12:51.0023 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2010/11/04 22:12:51.0148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2010/11/04 22:12:51.0179 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2010/11/04 22:12:51.0226 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2010/11/04 22:12:51.0272 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2010/11/04 22:12:51.0319 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
    2010/11/04 22:12:51.0444 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2010/11/04 22:12:51.0491 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2010/11/04 22:12:51.0678 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2010/11/04 22:12:51.0740 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
    2010/11/04 22:12:51.0803 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
    2010/11/04 22:12:51.0850 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
    2010/11/04 22:12:52.0006 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
    2010/11/04 22:12:52.0146 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/04 22:12:52.0193 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/04 22:12:52.0240 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2010/11/04 22:12:52.0349 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2010/11/04 22:12:52.0427 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/04 22:12:52.0458 cmdide (ed46b460be318f2411c609dd6f318991) C:\Windows\system32\drivers\cmdide.sys
    2010/11/04 22:12:52.0520 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/11/04 22:12:52.0645 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/04 22:12:52.0692 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2010/11/04 22:12:52.0754 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2010/11/04 22:12:52.0926 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/04 22:12:52.0973 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2010/11/04 22:12:53.0051 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/04 22:12:53.0176 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/04 22:12:53.0238 e1express (d72ecf252cbeb50c05d9c7f20216e6d0) C:\Windows\system32\DRIVERS\e1e6032.sys
    2010/11/04 22:12:53.0378 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2010/11/04 22:12:53.0456 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2010/11/04 22:12:53.0566 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2010/11/04 22:12:53.0722 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2010/11/04 22:12:53.0878 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2010/11/04 22:12:54.0065 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2010/11/04 22:12:54.0127 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2010/11/04 22:12:54.0174 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2010/11/04 22:12:54.0361 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/04 22:12:54.0424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2010/11/04 22:12:54.0580 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2010/11/04 22:12:54.0720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/04 22:12:54.0892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/04 22:12:54.0970 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\Windows\system32\drivers\ftdibus.sys
    2010/11/04 22:12:55.0126 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\Windows\system32\drivers\ftser2k.sys
    2010/11/04 22:12:55.0188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/04 22:12:55.0250 GDBaseSmc (63f6337e5681281b4045d62bb18376c0) C:\Windows\system32\DRIVERS\Chip_smc.sys
    2010/11/04 22:12:55.0297 GD_USB (6a12406427710afa7d22c5514d279326) C:\Windows\system32\DRIVERS\Chip_usb.sys
    2010/11/04 22:12:55.0438 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2010/11/04 22:12:55.0516 GKeyUSB (115727ce4e5eef3b63f0947b80eddcb4) C:\Windows\system32\Drivers\GKeyUSB.sys
    2010/11/04 22:12:55.0828 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
    2010/11/04 22:12:56.0233 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
    2010/11/04 22:12:56.0826 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2010/11/04 22:12:57.0341 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/04 22:12:57.0559 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2010/11/04 22:12:57.0606 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2010/11/04 22:12:57.0700 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2010/11/04 22:12:57.0762 hios6 (3c1a9314a699b0f25d72fee310dd9dec) C:\Windows\system32\drivers\hios6.sys
    2010/11/04 22:12:57.0949 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2010/11/04 22:12:58.0027 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    2010/11/04 22:12:58.0121 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2010/11/04 22:12:58.0246 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2010/11/04 22:12:58.0308 HtcUsbMdmV32 (f0ddf6b55ea5912d8fcfdfda4dabee49) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
    2010/11/04 22:12:58.0370 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2010/11/04 22:12:58.0480 hwhios6 (5c609ba1f03419de095a8435c179816b) C:\Windows\system32\drivers\hwhios6.sys
    2010/11/04 22:12:58.0542 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2010/11/04 22:12:58.0573 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/04 22:12:58.0651 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2010/11/04 22:12:58.0916 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/04 22:12:58.0979 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2010/11/04 22:12:59.0072 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    2010/11/04 22:12:59.0197 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
    2010/11/04 22:12:59.0338 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2010/11/04 22:12:59.0400 intelide (c12012c570bcf4b31f36200afa2b4f88) C:\Windows\system32\drivers\intelide.sys
    2010/11/04 22:12:59.0447 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/04 22:12:59.0494 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/04 22:12:59.0650 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2010/11/04 22:12:59.0728 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2010/11/04 22:12:59.0884 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
    2010/11/04 22:12:59.0962 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2010/11/04 22:13:00.0040 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2010/11/04 22:13:00.0180 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2010/11/04 22:13:00.0227 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2010/11/04 22:13:00.0274 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2010/11/04 22:13:00.0320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/04 22:13:00.0367 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2010/11/04 22:13:00.0539 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/04 22:13:00.0648 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
    2010/11/04 22:13:00.0866 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\DRIVERS\libusb0.sys
    2010/11/04 22:13:00.0929 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/04 22:13:01.0163 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2010/11/04 22:13:01.0194 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2010/11/04 22:13:01.0210 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/04 22:13:01.0256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2010/11/04 22:13:01.0319 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\Windows\system32\drivers\LUMDriver.sys
    2010/11/04 22:13:01.0444 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
    2010/11/04 22:13:01.0475 MCUSBICD2 (2fef6ae3573ca301a25e6f8a790bba12) C:\Windows\system32\Drivers\icd2w2k.sys
    2010/11/04 22:13:01.0553 MCUSBICD2LDR (3896e3f4842711d774ee08e7192f3dd6) C:\Windows\system32\Drivers\icd2w2kl.sys
    2010/11/04 22:13:01.0662 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2010/11/04 22:13:01.0709 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2010/11/04 22:13:01.0818 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2010/11/04 22:13:01.0880 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/04 22:13:02.0005 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/04 22:13:02.0114 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2010/11/04 22:13:02.0161 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/04 22:13:02.0208 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2010/11/04 22:13:02.0317 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/04 22:13:02.0395 MQB2ALL (112e5f13a76c2eb023eb074f87c033ed) C:\Windows\system32\Drivers\MQB2ALL.sys
    2010/11/04 22:13:02.0458 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2010/11/04 22:13:02.0567 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/04 22:13:02.0629 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/04 22:13:02.0692 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/04 22:13:02.0770 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/04 22:13:02.0863 msahci (0a37a1ba8afe084899bf82eef923daea) C:\Windows\system32\drivers\msahci.sys
    2010/11/04 22:13:02.0926 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2010/11/04 22:13:02.0988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2010/11/04 22:13:03.0035 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2010/11/04 22:13:03.0160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/04 22:13:03.0222 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/04 22:13:03.0253 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/04 22:13:03.0300 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/04 22:13:03.0362 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/04 22:13:03.0472 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/04 22:13:03.0518 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2010/11/04 22:13:03.0581 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/04 22:13:03.0690 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
    2010/11/04 22:13:03.0768 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
    2010/11/04 22:13:03.0940 NCBULK (2c737e8cd61bafbc122e28f89d1cc71c) C:\Windows\system32\drivers\RealICEBulk.sys
    2010/11/04 22:13:04.0018 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2010/11/04 22:13:04.0174 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/04 22:13:04.0220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/04 22:13:04.0267 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/04 22:13:04.0330 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/04 22:13:04.0439 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/04 22:13:04.0486 netbt (84a40a677c9bdaa8cbec53490e9f8194) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/04 22:13:04.0501 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/04 22:13:04.0564 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/04 22:13:04.0642 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2010/11/04 22:13:04.0751 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
    2010/11/04 22:13:04.0798 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/04 22:13:04.0891 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/04 22:13:05.0047 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2010/11/04 22:13:05.0094 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2010/11/04 22:13:05.0125 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2010/11/04 22:13:05.0172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2010/11/04 22:13:05.0203 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/04 22:13:05.0390 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/04 22:13:05.0453 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
    2010/11/04 22:13:05.0515 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2010/11/04 22:13:05.0624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
    2010/11/04 22:13:05.0718 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2010/11/04 22:13:05.0749 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
    2010/11/04 22:13:05.0812 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    2010/11/04 22:13:05.0968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2010/11/04 22:13:06.0217 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/04 22:13:06.0264 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
    2010/11/04 22:13:06.0311 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2010/11/04 22:13:06.0467 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
    2010/11/04 22:13:06.0514 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/04 22:13:06.0560 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/11/04 22:13:06.0670 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2010/11/04 22:13:06.0810 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/04 22:13:06.0888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/04 22:13:07.0013 R300 (107d6792a9473b9bfb553b0465460564) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/11/04 22:13:07.0169 R5BaseSmc (96fced4cc0a1cce9198ccd3243e098ca) C:\Windows\system32\DRIVERS\smccard.sys
    2010/11/04 22:13:07.0200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/04 22:13:07.0262 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/04 22:13:07.0340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/04 22:13:07.0450 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/04 22:13:07.0528 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/04 22:13:07.0606 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/04 22:13:07.0730 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2010/11/04 22:13:07.0777 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/04 22:13:07.0855 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/04 22:13:07.0996 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2010/11/04 22:13:08.0074 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/04 22:13:08.0120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/04 22:13:08.0183 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/11/04 22:13:08.0323 Sentinel (4b926f60ccce0c410591c66446675496) C:\Windows\System32\Drivers\SENTINEL.SYS
    2010/11/04 22:13:08.0354 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
    2010/11/04 22:13:08.0417 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/04 22:13:08.0557 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2010/11/04 22:13:08.0635 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/04 22:13:08.0729 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/04 22:13:08.0760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/04 22:13:08.0916 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\Windows\system32\DRIVERS\Apsx86.sys
    2010/11/04 22:13:09.0025 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2010/11/04 22:13:09.0072 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2010/11/04 22:13:09.0228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/04 22:13:09.0290 smihlp (30f3bd4007ac9916b18a79a4c2985a08) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
    2010/11/04 22:13:09.0368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2010/11/04 22:13:09.0509 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
    2010/11/04 22:13:09.0509 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2010/11/04 22:13:09.0524 sptd - detected Locked file (1)
    2010/11/04 22:13:09.0634 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
    2010/11/04 22:13:09.0727 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
    2010/11/04 22:13:09.0805 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/04 22:13:09.0868 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/04 22:13:09.0914 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/04 22:13:09.0961 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/04 22:13:10.0070 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2010/11/04 22:13:10.0195 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
    2010/11/04 22:13:10.0320 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
    2010/11/04 22:13:10.0398 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
    2010/11/04 22:13:10.0476 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
    2010/11/04 22:13:10.0601 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
    2010/11/04 22:13:10.0679 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2010/11/04 22:13:10.0772 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2010/11/04 22:13:10.0835 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\Windows\system32\DRIVERS\SynTP.sys
    2010/11/04 22:13:10.0975 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2010/11/04 22:13:11.0116 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/04 22:13:11.0256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/04 22:13:11.0303 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
    2010/11/04 22:13:11.0365 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/04 22:13:11.0396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/04 22:13:11.0521 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/04 22:13:11.0584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/04 22:13:11.0662 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\Windows\system32\DRIVERS\ApsHM86.sys
    2010/11/04 22:13:11.0724 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
    2010/11/04 22:13:11.0849 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
    2010/11/04 22:13:11.0927 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/04 22:13:11.0989 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2010/11/04 22:13:12.0052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/04 22:13:12.0192 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
    2010/11/04 22:13:12.0223 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\Windows\system32\DRIVERS\Tvti2c.sys
    2010/11/04 22:13:12.0317 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/04 22:13:12.0504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2010/11/04 22:13:12.0551 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2010/11/04 22:13:12.0598 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2010/11/04 22:13:12.0722 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/04 22:13:12.0785 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2010/11/04 22:13:12.0832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/04 22:13:12.0910 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2010/11/04 22:13:13.0034 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/04 22:13:13.0066 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/04 22:13:13.0128 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2010/11/04 22:13:13.0159 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2010/11/04 22:13:13.0190 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2010/11/04 22:13:13.0315 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/04 22:13:13.0362 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
    2010/11/04 22:13:13.0424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/04 22:13:13.0565 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2010/11/04 22:13:13.0596 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2010/11/04 22:13:13.0643 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2010/11/04 22:13:13.0705 viaide (9fa7c28d7088058cc9796008812f40e5) C:\Windows\system32\drivers\viaide.sys
    2010/11/04 22:13:13.0830 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2010/11/04 22:13:13.0892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/04 22:13:14.0002 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2010/11/04 22:13:14.0111 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/04 22:13:14.0189 vvftav303 (b952b84bf21c13027258a3f027511dda) C:\Windows\system32\drivers\vvftav303.sys
    2010/11/04 22:13:14.0329 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2010/11/04 22:13:14.0392 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/04 22:13:14.0407 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/04 22:13:14.0470 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2010/11/04 22:13:14.0610 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/04 22:13:14.0719 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2010/11/04 22:13:14.0906 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\Windows\system32\drivers\windrvr6.sys
    2010/11/04 22:13:15.0000 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
    2010/11/04 22:13:15.0140 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2010/11/04 22:13:15.0234 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    2010/11/04 22:13:15.0265 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/04 22:13:15.0328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/04 22:13:15.0452 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    2010/11/04 22:13:15.0546 ================================================================================
    2010/11/04 22:13:15.0546 Scan finished
    2010/11/04 22:13:15.0546 ================================================================================
    2010/11/04 22:13:15.0562 Detected object count: 2
    2010/11/04 22:13:54.0203 netbt (84a40a677c9bdaa8cbec53490e9f8194) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/04 22:14:01.0956 Backup copy found, using it..
    2010/11/04 22:14:02.0034 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
    2010/11/04 22:14:02.0050 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure
    2010/11/04 22:14:02.0050 Locked file(sptd) - User select action: Skip
    2010/11/04 22:14:23.0609 Deinitialize success
  6. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Business Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: LENOVO
    BIOS Manufacturer: LENOVO
    System Manufacturer: LENOVO
    System Product Name: 8743CTO
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 181):
    0x8283C000 \SystemRoot\system32\ntkrnlpa.exe
    0x82809000 \SystemRoot\system32\hal.dll
    0x80600000 \SystemRoot\system32\kdcom.dll
    0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80677000 \SystemRoot\system32\PSHED.dll
    0x80688000 \SystemRoot\system32\BOOTVID.dll
    0x80690000 \SystemRoot\system32\CLFS.SYS
    0x806D1000 \SystemRoot\system32\CI.dll
    0x807B1000 \SystemRoot\system32\drivers\klmdb.sys
    0x82E0B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x82E7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x82E8A000 \SystemRoot\System32\Drivers\spkh.sys
    0x82F8B000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x82F94000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x82FBA000 \SystemRoot\system32\drivers\acpi.sys
    0x82E00000 \SystemRoot\system32\drivers\msisadrv.sys
    0x807C3000 \SystemRoot\system32\drivers\pci.sys
    0x807EA000 \SystemRoot\System32\drivers\partmgr.sys
    0x82E08000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8AE02000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8AE0C000 \SystemRoot\system32\drivers\volmgr.sys
    0x8AE1B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8AE65000 \SystemRoot\system32\drivers\intelide.sys
    0x8AE6C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8AE7A000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x8AEA7000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8AEAE000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8AEBE000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8AF86000 \SystemRoot\system32\drivers\atapi.sys
    0x8AF8E000 \SystemRoot\system32\drivers\ataport.SYS
    0x8AFAC000 \SystemRoot\system32\drivers\msahci.sys
    0x8AFB5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B008000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
    0x8B05E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B06E000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
    0x8B09B000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8B0A4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B206000 \SystemRoot\system32\drivers\ndis.sys
    0x8B311000 \SystemRoot\system32\drivers\msrpc.sys
    0x8B33C000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B115000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B377000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B518000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B551000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
    0x8B559000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B561000 \SystemRoot\System32\DRIVERS\Apsx86.sys
    0x8B57D000 \SystemRoot\System32\Drivers\mup.sys
    0x8B58C000 \SystemRoot\System32\drivers\ecache.sys
    0x8B5B3000 \SystemRoot\system32\drivers\disk.sys
    0x8B5C4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8B5E5000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8F2D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8F2DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8FE04000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x904DC000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x9057D000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F2EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x90589000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x90602000 \SystemRoot\system32\DRIVERS\athr.sys
    0x906F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x906FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9073C000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9074B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9075E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x90769000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x907A0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x907A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x907AD000 \SystemRoot\system32\drivers\tpm.sys
    0x907BB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x907BF000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0x907C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x907DB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x905C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F378000 \SystemRoot\system32\DRIVERS\storport.sys
    0x907E1000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F3B9000 \SystemRoot\system32\drivers\windrvr6.sys
    0x8F3E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x907EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8B392000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x905EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8B3B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8B3C9000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90806000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x9088F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x9089F000 \SystemRoot\system32\DRIVERS\smccard.sys
    0x908A3000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0x908AE000 \SystemRoot\system32\DRIVERS\Chip_smc.sys
    0x908B2000 \SystemRoot\system32\DRIVERS\psadd.sys
    0x908B8000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
    0x908BF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x908C1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x908EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x908F5000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x90902000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x90937000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x90948000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x909A2000 \SystemRoot\system32\drivers\portcls.sys
    0x909CF000 \SystemRoot\system32\drivers\drmk.sys
    0x90C00000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x90C3D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x90D40000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8B3DE000 \SystemRoot\system32\drivers\modem.sys
    0x90DF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x909F4000 \SystemRoot\System32\Drivers\Null.SYS
    0x907F7000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B3EB000 \SystemRoot\System32\drivers\vga.sys
    0x91006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x91027000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x9102F000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x91037000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x91042000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x91050000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x91059000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x9106F000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
    0x910C8000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x910ED000 \SystemRoot\system32\DRIVERS\smb.sys
    0x91101000 \SystemRoot\system32\drivers\afd.sys
    0x91149000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x9117B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x91191000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9119F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x911B2000 \SystemRoot\System32\drivers\Tppwr32v.sys
    0x911B8000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
    0x911D7000 \SystemRoot\System32\Drivers\tcusb.sys
    0x911E2000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
    0x9200E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9204A000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92054000 \??\C:\Windows\system32\drivers\LUMDriver.sys
    0x92057000 \SystemRoot\system32\DRIVERS\smiif32.sys
    0x92059000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
    0x920B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x92112000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9212F000 \SystemRoot\system32\drivers\csc.sys
    0x9218A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x92600000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
    0x9267F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
    0x9272B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x92738000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x82050000 \SystemRoot\System32\win32k.sys
    0x921A1000 \SystemRoot\System32\drivers\Dxapi.sys
    0x921AB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82270000 \SystemRoot\System32\TSDDD.dll
    0x82290000 \SystemRoot\System32\cdd.dll
    0x822A0000 \SystemRoot\System32\ATMFD.DLL
    0x921BA000 \SystemRoot\system32\drivers\luafv.sys
    0x921D5000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
    0x921E5000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
    0x8F200000 \SystemRoot\system32\drivers\spsys.sys
    0x8F2B0000 \SystemRoot\system32\DRIVERS\irda.sys
    0x921EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0xA3E0C000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0xA3E36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA3E40000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA3E53000 \SystemRoot\system32\drivers\HTTP.sys
    0xA3EC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA3EDD000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA3EF6000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA3F17000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA3F36000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA3F6F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA3F87000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA3FAF000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA3E00000 \??\C:\Windows\system32\drivers\Haspnt.sys
    0x92000000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0xA3FFD000 \??\C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
    0xA5005000 \??\C:\Windows\system32\drivers\hardlock.sys
    0xA50AF000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA50D7000 \SystemRoot\System32\Drivers\hios6.SYS
    0xA50DB000 \SystemRoot\System32\Drivers\hwhios6.SYS
    0xA50DD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA50E1000 \SystemRoot\system32\drivers\peauth.sys
    0xA51BF000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA51C9000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA51D5000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA51DD000 \??\C:\Windows\system32\drivers\mbam.sys
    0xA51E1000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA9407000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
    0xA945E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
    0xA95AC000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
    0x770C0000 \Windows\System32\ntdll.dll

    Processes (total 89):
    0 System Idle Process
    4 System
    520 C:\Windows\System32\smss.exe
    620 csrss.exe
    672 csrss.exe
    680 C:\Windows\System32\wininit.exe
    716 C:\Windows\System32\services.exe
    744 C:\Windows\System32\winlogon.exe
    760 C:\Windows\System32\lsass.exe
    768 C:\Windows\System32\lsm.exe
    936 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\ibmpmsvc.exe
    1024 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\Ati2evxx.exe
    1188 C:\Windows\System32\svchost.exe
    1216 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\audiodg.exe
    1396 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\SLsvc.exe
    1520 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\Ati2evxx.exe
    1740 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    1756 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\spoolsv.exe
    1636 C:\Windows\System32\svchost.exe
    256 C:\Windows\System32\IPSSVC.EXE
    388 C:\Windows\System32\AEADISRV.EXE
    424 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    596 C:\Program Files\Bonjour\mDNSResponder.exe
    2132 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    2156 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2276 C:\Windows\System32\svchost.exe
    2316 C:\Windows\System32\svchost.exe
    2372 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2420 C:\Windows\System32\TPHDEXLG.exe
    2444 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    2468 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    2484 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    2544 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    2608 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    2620 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    2644 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    2692 C:\Windows\System32\svchost.exe
    2732 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    2748 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2772 C:\Windows\System32\SearchIndexer.exe
    2844 C:\Windows\System32\drivers\XAudio.exe
    2928 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3044 dllhost.exe
    3216 WmiPrvSE.exe
    3548 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    2600 C:\Windows\System32\dwm.exe
    3648 C:\Windows\explorer.exe
    3776 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    3472 C:\Windows\System32\taskeng.exe
    3056 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    1160 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    4040 C:\Windows\System32\TpShocks.exe
    2200 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    2824 C:\Windows\System32\rundll32.exe
    2064 C:\Windows\VMSnap3.exe
    1048 C:\Windows\Domino.exe
    1116 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2404 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1272 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
    3624 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
    3520 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    2832 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    2904 C:\Windows\System32\svchost.exe
    2860 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    468 C:\Program Files\iTunes\iTunesHelper.exe
    3724 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    4124 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    4132 C:\Program Files\Windows Sidebar\sidebar.exe
    1384 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5364 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    5900 C:\Program Files\Windows Sidebar\sidebar.exe
    4256 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4464 C:\Program Files\iPod\bin\iPodService.exe
    4576 C:\Windows\System32\svchost.exe
    3880 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3660 C:\Program Files\Internet Explorer\iexplore.exe
    1928 C:\Program Files\Internet Explorer\iexplore.exe
    4312 taskeng.exe
    3840 C:\Windows\System32\taskeng.exe
    4424 C:\Users\Paul\Desktop\MBRCheck.exe
    5648 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9fb00000 (NTFS)

    PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC14V

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 4817FAF96F14CBF594C990462C84B082E5E3F140


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  7. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Good. We just killed a rootkit, but your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
  8. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Business Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: LENOVO
    BIOS Manufacturer: LENOVO
    System Manufacturer: LENOVO
    System Product Name: 8743CTO
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 180):
    0x8284E000 \SystemRoot\system32\ntkrnlpa.exe
    0x8281B000 \SystemRoot\system32\hal.dll
    0x80603000 \SystemRoot\system32\kdcom.dll
    0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8067A000 \SystemRoot\system32\PSHED.dll
    0x8068B000 \SystemRoot\system32\BOOTVID.dll
    0x80693000 \SystemRoot\system32\CLFS.SYS
    0x806D4000 \SystemRoot\system32\CI.dll
    0x82E0A000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x82E7B000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x82E89000 \SystemRoot\System32\Drivers\spji.sys
    0x82F8A000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x82F93000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x82FB9000 \SystemRoot\system32\drivers\acpi.sys
    0x82E00000 \SystemRoot\system32\drivers\msisadrv.sys
    0x807B4000 \SystemRoot\system32\drivers\pci.sys
    0x807DB000 \SystemRoot\System32\drivers\partmgr.sys
    0x807EA000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x807ED000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8AE0A000 \SystemRoot\system32\drivers\volmgr.sys
    0x8AE19000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8AE63000 \SystemRoot\system32\drivers\intelide.sys
    0x8AE6A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8AE78000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x8AEA5000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8AEAC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8AEBC000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x8AF84000 \SystemRoot\system32\drivers\atapi.sys
    0x8AF8C000 \SystemRoot\system32\drivers\ataport.SYS
    0x8AFAA000 \SystemRoot\system32\drivers\msahci.sys
    0x8AFB3000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B003000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
    0x8B059000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B069000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
    0x8B096000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8B09F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B207000 \SystemRoot\system32\drivers\ndis.sys
    0x8B312000 \SystemRoot\system32\drivers\msrpc.sys
    0x8B33D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B110000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B378000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B407000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B517000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B550000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
    0x8B558000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B560000 \SystemRoot\System32\DRIVERS\Apsx86.sys
    0x8B57C000 \SystemRoot\System32\Drivers\mup.sys
    0x8B58B000 \SystemRoot\System32\drivers\ecache.sys
    0x8B5B2000 \SystemRoot\system32\drivers\disk.sys
    0x8B5C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8B5E4000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8F4D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8F4DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x9000A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x906E2000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90783000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F4EE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x9078F000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x8FA0C000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8FAFD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8FB08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8FB46000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8FB55000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8FB68000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8FB73000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8FBAA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8FBAC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8FBB7000 \SystemRoot\system32\drivers\tpm.sys
    0x8FBC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8FBC9000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    0x8FBCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8FBE5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x907C6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F57B000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8FBEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F5BC000 \SystemRoot\system32\drivers\windrvr6.sys
    0x8B393000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8FA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8B3AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F5EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8B3CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8B3E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90806000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x9088F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x9089F000 \SystemRoot\system32\DRIVERS\smccard.sys
    0x908A3000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0x908AE000 \SystemRoot\system32\DRIVERS\Chip_smc.sys
    0x908B2000 \SystemRoot\system32\DRIVERS\psadd.sys
    0x908B8000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
    0x908BF000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x908C1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x908EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x908F5000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x90902000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x90937000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x90948000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x909A2000 \SystemRoot\system32\drivers\portcls.sys
    0x909CF000 \SystemRoot\system32\drivers\drmk.sys
    0x90C0D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x90C4A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x90E0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x90EBE000 \SystemRoot\system32\drivers\modem.sys
    0x90ECB000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
    0x90F22000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
    0x90F41000 \SystemRoot\System32\Drivers\tcusb.sys
    0x90F4C000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
    0x9220B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
    0x92359000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x9237E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
    0x92392000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9239B000 \SystemRoot\System32\Drivers\Null.SYS
    0x923A2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x923A9000 \SystemRoot\System32\drivers\vga.sys
    0x923B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x923D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x923DE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x923E6000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x923F1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x92200000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x90F56000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x90F6C000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
    0x90FC5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x90D4D000 \SystemRoot\system32\drivers\afd.sys
    0x90D95000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x90FD9000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x90FEF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90DC7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90E00000 \SystemRoot\System32\drivers\Tppwr32v.sys
    0x9960E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9964A000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x99654000 \??\C:\Windows\system32\drivers\LUMDriver.sys
    0x99657000 \SystemRoot\system32\DRIVERS\smiif32.sys
    0x99659000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
    0x996B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x99712000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9972F000 \SystemRoot\system32\drivers\csc.sys
    0x9978A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9A80E000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
    0x9A88D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
    0x9A939000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8F400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xA6470000 \SystemRoot\System32\win32k.sys
    0x9A946000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9A950000 \SystemRoot\system32\DRIVERS\monitor.sys
    0xA6690000 \SystemRoot\System32\TSDDD.dll
    0xA66B0000 \SystemRoot\System32\cdd.dll
    0xA66C0000 \SystemRoot\System32\ATMFD.DLL
    0x9A95F000 \SystemRoot\system32\drivers\luafv.sys
    0x9A97A000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
    0x9A98A000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
    0x9A994000 \SystemRoot\system32\DRIVERS\irda.sys
    0x9A9B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9A9C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9A9EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x997A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xAB60D000 \SystemRoot\system32\drivers\spsys.sys
    0xAB6BD000 \SystemRoot\system32\drivers\HTTP.sys
    0xAB72A000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xAB747000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xAB760000 \SystemRoot\system32\drivers\mrxdav.sys
    0xAB781000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAB7A0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xAB7D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x997B4000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAD00F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAD05D000 \??\C:\Windows\system32\drivers\Haspnt.sys
    0xAD081000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
    0xAD09D000 \??\C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
    0xAD09E000 \??\C:\Windows\system32\drivers\hardlock.sys
    0xAD148000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xAD170000 \SystemRoot\System32\Drivers\hios6.SYS
    0xAD174000 \SystemRoot\System32\Drivers\hwhios6.SYS
    0xAD176000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xAE806000 \SystemRoot\system32\drivers\peauth.sys
    0xAE8E4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAE8EE000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAE8FA000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xAE902000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xAE918000 \??\C:\Windows\system32\drivers\mbam.sys
    0x77670000 \Windows\System32\ntdll.dll

    Processes (total 93):
    0 System Idle Process
    4 System
    496 C:\Windows\System32\smss.exe
    592 csrss.exe
    644 csrss.exe
    652 C:\Windows\System32\wininit.exe
    688 C:\Windows\System32\services.exe
    716 C:\Windows\System32\winlogon.exe
    744 C:\Windows\System32\lsass.exe
    752 C:\Windows\System32\lsm.exe
    900 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\ibmpmsvc.exe
    988 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\Ati2evxx.exe
    1168 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1220 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\audiodg.exe
    1332 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\SLsvc.exe
    1440 C:\Windows\System32\svchost.exe
    1496 C:\Windows\System32\Ati2evxx.exe
    1624 C:\Windows\System32\svchost.exe
    1800 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    2040 C:\Windows\System32\spoolsv.exe
    384 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\IPSSVC.EXE
    1960 C:\Windows\System32\AEADISRV.EXE
    232 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    552 C:\Program Files\Bonjour\mDNSResponder.exe
    2060 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    2080 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2436 C:\Windows\System32\svchost.exe
    2460 C:\Windows\System32\svchost.exe
    2544 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    2584 C:\Windows\System32\TPHDEXLG.exe
    2596 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    2692 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    2732 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    2812 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    2880 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    2964 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    3084 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    3092 C:\Windows\System32\taskeng.exe
    3128 C:\Windows\System32\svchost.exe
    3180 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3192 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    3208 C:\Windows\System32\taskeng.exe
    3232 dllhost.exe
    3340 C:\Windows\System32\dwm.exe
    3368 C:\Windows\explorer.exe
    3500 C:\Windows\System32\SearchIndexer.exe
    3572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3664 C:\Windows\System32\drivers\XAudio.exe
    3812 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    3016 WmiPrvSE.exe
    788 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    3584 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    1164 C:\Windows\System32\TpShocks.exe
    2624 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    3688 C:\Windows\System32\rundll32.exe
    160 C:\Windows\VMSnap3.exe
    2832 C:\Windows\Domino.exe
    2088 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    4044 C:\Program Files\Windows Live\Mail\wlmail.exe
    3628 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    728 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
    1744 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
    4032 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    3160 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    3464 C:\Program Files\iTunes\iTunesHelper.exe
    4276 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4480 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    4620 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    4676 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    4720 C:\Windows\System32\svchost.exe
    4772 C:\Program Files\Windows Sidebar\sidebar.exe
    4924 C:\Windows\System32\svchost.exe
    5368 C:\Program Files\Common Files\Lenovo\BMGR\bmgr32.exe
    5508 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    5560 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5660 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    5716 C:\Program Files\Windows Sidebar\sidebar.exe
    5824 WmiPrvSE.exe
    4596 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    4784 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    5316 C:\Program Files\iPod\bin\iPodService.exe
    5676 C:\Program Files\Internet Explorer\iexplore.exe
    5080 C:\Users\Paul\Desktop\MBRCheck.exe
    5428 C:\Program Files\Internet Explorer\iexplore.exe
    5184 C:\Users\Paul\Desktop\MBRCheck.exe
    5256 C:\Windows\System32\conime.exe
    4556 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9fb00000 (NTFS)

    PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC14V

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  9. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    The ComboFix was running OK. and restarted the computer, and started running, preparing report ... after a while, I got blue screen!
    Now my laptop is restarted. what happened?
  11. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    It may happen sometimes on infected computers.
    Try to re-run Combofix.
    If still a problem, run it from Safe Mode.
     
  12. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    thanks, will do
  13. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    Rerun Combofix. it worked this time, and i got the report. but i cannot run any program any more. I got "Illegal operation attempted on a registry key that has been marked for deletion".
  14. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    ComboFix 10-11-04.01 - Paul 05/11/2010 0:21.2.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1907 [GMT -4:00]
    Running from: c:\users\Paul\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\readme.txt
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\system32\msblcd32.dll
    c:\windows\system32\secustat.dat
    c:\windows\system32\zlibwapi.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
    .

    2010-11-05 04:35 . 2010-11-05 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-04 02:54 . 2010-11-04 02:54 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-11-01 16:27 . 2010-11-01 16:27 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
    2010-10-24 21:48 . 2010-10-24 21:48 -------- d-----w- c:\program files\iPod
    2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\program files\iTunes
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2010-10-24 21:41 . 2010-10-24 21:41 -------- d-----w- c:\program files\Apple Software Update
    2010-10-24 21:34 . 2010-10-24 21:35 -------- d-----w- c:\program files\Bonjour
    2010-10-14 20:14 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\ppp.dll
    2010-10-14 20:14 . 2010-09-20 07:48 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\mframe.dll
    2010-10-13 21:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 21:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 21:56 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-05 02:16 . 2009-10-10 02:04 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-10-02 15:16 . 2010-10-02 15:16 12672 ----a-w- c:\windows\system32\drivers\Chip_usb.sys
    2010-10-02 15:16 . 2007-10-27 00:38 5632 ----a-w- c:\windows\system32\ChipCo.dll
    2010-10-02 15:16 . 2007-10-27 00:38 14336 ----a-w- c:\windows\system32\drivers\Chip_smc.sys
    2010-10-02 15:16 . 2007-10-27 00:37 4608 ----a-w- c:\windows\system32\R5CoInst.dll
    2010-10-02 15:16 . 2007-10-27 00:37 31744 ----a-w- c:\windows\system32\drivers\eps2kt1.sys
    2010-10-02 15:16 . 2007-04-03 10:32 14592 ----a-w- c:\windows\system32\drivers\smccard.sys
    2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-22 16:23 . 2009-02-16 19:53 212240 ----a-w- c:\windows\system32\richtx32.ocx
    2010-09-22 16:23 . 2010-09-22 16:23 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
    2010-09-22 16:23 . 2000-05-22 20:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2010-09-22 16:23 . 2002-12-20 21:02 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11 . 2010-09-15 22:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
    2009-12-28 03:26 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-01-17 58416]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "TpShocks"="TpShocks.exe" [2007-11-22 181536]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 243248]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 558368]
    "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2007-06-29 24576]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
    "Gemplus Reader Resource Manager"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe" [2007-10-08 77824]
    "RegTool"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe" [2008-01-21 172032]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-12-09 02:44 89600 ------w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ FREEIME.IME

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FreeSnap.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FreeSnap.lnk
    backup=c:\windows\pss\FreeSnap.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
    2008-01-11 06:20 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2006-12-13 19:10 2614848 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
    2008-01-11 06:21 124248 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
    2008-01-11 06:21 144728 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
    2009-09-01 14:47 606208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
    2010-09-20 07:48 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regtool]
    2006-09-28 20:45 122880 ------w- c:\program files\Gemplus\GemSafe Libraries\BIN\RegTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-25 03:35 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
    2008-03-04 14:34 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 D12TEST;D12TEST.Sys PDIUSBD12 Bulk IO test driver;c:\windows\system32\Drivers\D12TEST.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    R2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\Drivers\icd2w2k.sys [2004-03-22 12427]
    R2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\Drivers\icd2w2kl.sys [2004-03-22 16556]
    R3 Alidevice;Alidevice; [x]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    R3 GD_USB;USB Chip Service;c:\windows\system32\DRIVERS\Chip_usb.sys [2010-10-02 12672]
    R3 GKeyUSB;GKeyUSB;c:\windows\system32\Drivers\GKeyUSB.sys [2005-05-19 71040]
    R3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2007-01-29 97280]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-10 28672]
    R3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\Drivers\MQB2ALL.sys [2007-10-19 15960]
    R3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
    R3 qcusbser;Qualcomm Diagnostic Port;c:\windows\system32\DRIVERS\qcusbser.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
    R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 721904]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [2010-08-31 692272]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
    S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
    S2 altio;altio;c:\program files\Altium Designer Winter 09\System\Drivers\altio.sys [2004-05-31 3200]
    S2 hios6;hios6; [x]
    S2 hwhios6;hwhios6; [x]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-09 11152]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
    S3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\DRIVERS\Chip_smc.sys [2010-10-02 14336]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
    S3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2010-10-02 14592]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
    2006-10-31 19:30 73728 ----a-w- c:\windows\System32\aetsprov.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

    2010-11-05 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2008-12-29 13:29]

    2009-10-13 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2008-12-29 13:29]

    2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: com.cn\mybank.icbc
    Trusted Zone: com.cn\vip.icbc
    Trusted Zone: com.cn\www.icbc
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
    DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
    DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
    DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
    DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
    DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
    DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
    DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
    DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
    DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
    DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
    DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
    .
    .
    ------- File Associations -------
    .
    txtfile=c:\windows\notepad.exe %1
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-AdobeBridge - (no file)
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-05 00:35
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(792)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\windows\system32\aetsprov.dll

    - - - - - - - > 'Explorer.exe'(4976)
    c:\windows\System32\netshell.dll
    .
    Completion time: 2010-11-05 00:42:30
    ComboFix-quarantined-files.txt 2010-11-05 04:42

    Pre-Run: 16,185,450,496 bytes free
    Post-Run: 15,252,971,520 bytes free

    - - End Of File - - 68BCACFB89D4066F40B375CADDBAAB22
  15. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Restart computer and the issue will be fixed.
  16. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    After restart, this problem is gone. Thanks.
    How about the report? Is my computer clean now?
  17. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    I'm just checking it.
  18. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Uninstall Reg TOOL PC Errors Fix and RegCure
    Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    ====================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\Tasks\RegCure Program Check.job
    c:\windows\Tasks\RegCure.job
    
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  19. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    Combofix is running. While doing that. One question here: I am using emule to download from internet. While emule is running, Malwarebytes keeps detecting attacking from many other IPs. Is it normal?
  20. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    All I can say is that P2P programs are the "best" ways to reinfect your computer.

    My bed time is coming, so I'll catch you tomorrow.
  21. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    ComboFix 10-11-04.01 - Paul 05/11/2010 9:26.5.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1950 [GMT -4:00]
    Running from: c:\users\Paul\Desktop\ComboFix.exe
    Command switches used :: c:\users\Paul\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\Tasks\RegCure Program Check.job"
    "c:\windows\Tasks\RegCure.job"
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
    .

    2010-11-05 13:39 . 2010-11-05 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-05 13:39 . 2010-11-05 13:39 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
    2010-11-05 12:57 . 2010-11-05 13:40 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2010-11-04 02:54 . 2010-11-04 02:54 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-11-01 16:27 . 2010-11-01 16:27 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
    2010-10-24 21:48 . 2010-10-24 21:48 -------- d-----w- c:\program files\iPod
    2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\program files\iTunes
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
    2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
    2010-10-24 21:41 . 2010-10-24 21:41 -------- d-----w- c:\program files\Apple Software Update
    2010-10-24 21:34 . 2010-10-24 21:35 -------- d-----w- c:\program files\Bonjour
    2010-10-14 20:14 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\ppp.dll
    2010-10-14 20:14 . 2010-09-20 07:48 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\mframe.dll
    2010-10-13 21:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 21:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 21:56 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-05 02:16 . 2009-10-10 02:04 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2010-10-02 15:16 . 2010-10-02 15:16 12672 ----a-w- c:\windows\system32\drivers\Chip_usb.sys
    2010-10-02 15:16 . 2007-10-27 00:38 5632 ----a-w- c:\windows\system32\ChipCo.dll
    2010-10-02 15:16 . 2007-10-27 00:38 14336 ----a-w- c:\windows\system32\drivers\Chip_smc.sys
    2010-10-02 15:16 . 2007-10-27 00:37 4608 ----a-w- c:\windows\system32\R5CoInst.dll
    2010-10-02 15:16 . 2007-10-27 00:37 31744 ----a-w- c:\windows\system32\drivers\eps2kt1.sys
    2010-10-02 15:16 . 2007-04-03 10:32 14592 ----a-w- c:\windows\system32\drivers\smccard.sys
    2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-22 16:23 . 2009-02-16 19:53 212240 ----a-w- c:\windows\system32\richtx32.ocx
    2010-09-22 16:23 . 2010-09-22 16:23 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
    2010-09-22 16:23 . 2000-05-22 20:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
    2010-09-22 16:23 . 2002-12-20 21:02 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-08-17 14:11 . 2010-09-15 22:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
    2009-12-28 03:26 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-01-17 58416]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
    "TpShocks"="TpShocks.exe" [2007-11-22 181536]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 243248]
    "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 558368]
    "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
    "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2007-06-29 24576]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
    "Gemplus Reader Resource Manager"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe" [2007-10-08 77824]
    "RegTool"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe" [2008-01-21 172032]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-12-09 02:44 89600 ------w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ FREEIME.IME

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FreeSnap.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FreeSnap.lnk
    backup=c:\windows\pss\FreeSnap.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
    2008-01-11 06:20 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
    2006-12-13 19:10 2614848 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
    2008-01-11 06:21 124248 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
    2008-01-11 06:21 144728 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
    2009-09-01 14:47 606208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
    2010-09-20 07:48 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regtool]
    2006-09-28 20:45 122880 ------w- c:\program files\Gemplus\GemSafe Libraries\BIN\RegTool.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-05-25 03:35 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
    2008-03-04 14:34 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
    2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

    R2 D12TEST;D12TEST.Sys PDIUSBD12 Bulk IO test driver;c:\windows\system32\Drivers\D12TEST.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
    R2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\Drivers\icd2w2k.sys [2004-03-22 12427]
    R2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\Drivers\icd2w2kl.sys [2004-03-22 16556]
    R3 Alidevice;Alidevice; [x]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
    R3 GD_USB;USB Chip Service;c:\windows\system32\DRIVERS\Chip_usb.sys [2010-10-02 12672]
    R3 GKeyUSB;GKeyUSB;c:\windows\system32\Drivers\GKeyUSB.sys [2005-05-19 71040]
    R3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2007-01-29 97280]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-10 28672]
    R3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\Drivers\MQB2ALL.sys [2007-10-19 15960]
    R3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
    R3 qcusbser;Qualcomm Diagnostic Port;c:\windows\system32\DRIVERS\qcusbser.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
    R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 721904]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [2010-08-31 692272]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
    S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
    S2 altio;altio;c:\program files\Altium Designer Winter 09\System\Drivers\altio.sys [2004-05-31 3200]
    S2 hios6;hios6; [x]
    S2 hwhios6;hwhios6; [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
    S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-09 11152]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
    S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
    S3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\DRIVERS\Chip_smc.sys [2010-10-02 14336]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
    S3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2010-10-02 14592]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
    2006-10-31 19:30 73728 ----a-w- c:\windows\System32\aetsprov.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

    2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

    2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: com.cn\mybank.icbc
    Trusted Zone: com.cn\vip.icbc
    Trusted Zone: com.cn\www.icbc
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
    DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
    DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
    DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
    DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
    DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
    DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
    DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
    DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
    DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
    DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
    DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
    DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
    DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-05 09:40
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(772)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\windows\system32\aetsprov.dll
    .
    Completion time: 2010-11-05 09:45:14
    ComboFix-quarantined-files.txt 2010-11-05 13:45
    ComboFix2.txt 2010-11-05 04:42

    Pre-Run: 14,826,782,720 bytes free
    Post-Run: 14,674,567,168 bytes free

    - - End Of File - - CEBC51F39FBCEE31E9B9F01A061852A0
  22. Broni

    Broni Malware Annihilator Posts: 46,433   +252

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  23. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    OTL logfile created on: 05/11/2010 11:51:08 AM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Paul\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 86.66 Gb Total Space | 13.72 Gb Free Space | 15.83% Space Free | Partition Type: NTFS

    Computer Name: T60P-PAUL | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
    PRC - [2009/12/03 17:44:42 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/04/11 01:39:08 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2008/01/21 15:28:22 | 000,172,032 | ---- | M] () -- C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
    PRC - [2007/11/22 15:09:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
    PRC - [2007/10/16 18:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
    PRC - [2007/10/08 16:17:58 | 000,077,824 | ---- | M] (Gemplus) -- C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
    PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2007/07/10 10:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007/05/31 19:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
    PRC - [2007/03/09 14:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    PRC - [2007/03/08 13:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2007/03/02 14:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007/01/17 14:01:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/12/14 02:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    PRC - [2006/12/14 02:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2006/12/14 01:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2006/12/14 00:46:08 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    PRC - [2006/12/13 14:52:44 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    PRC - [2006/12/08 22:45:48 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    PRC - [2006/11/28 13:30:00 | 000,243,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
    PRC - [2006/11/20 01:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
    PRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2006/07/18 16:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VMSnap3.exe
    PRC - [2006/07/04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2010/06/28 19:52:40 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
    MOD - [2010/06/28 19:52:40 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/11/14 15:40:36 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/15 07:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV - [2009/10/12 23:39:07 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2008/06/19 00:51:28 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/04/11 01:39:08 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/10/16 18:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2007/05/31 19:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/03/02 14:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/12/14 02:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
    SRV - [2006/12/14 02:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2006/12/14 00:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
    SRV - [2006/12/13 14:52:44 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
    SRV - [2006/11/20 01:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uagp35.sys -- (uagp35)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisagp.sys -- (sisagp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\qcusbser.sys -- (qcusbser)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\D12TEST.sys -- (D12TEST)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x)
    DRV - [2010/10/19 16:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2010/10/02 11:16:24 | 000,014,336 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Chip_smc.sys -- (GDBaseSmc)
    DRV - [2010/10/02 11:16:24 | 000,012,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Chip_usb.sys -- (GD_USB)
    DRV - [2010/10/02 11:16:02 | 000,014,592 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smccard.sys -- (R5BaseSmc)
    DRV - [2010/09/30 19:15:52 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.057\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/09/30 19:15:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.057\NAVENG.SYS -- (NAVENG)
    DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/05/27 00:07:59 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/27 00:07:59 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/09 23:03:23 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
    DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
    DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
    DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
    DRV - [2010/01/08 16:28:38 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)
    DRV - [2009/12/03 17:45:24 | 000,230,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/10/31 00:35:35 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/09/02 14:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2009/06/10 09:51:48 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
    DRV - [2009/05/11 10:13:32 | 000,958,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2009/02/16 23:48:35 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2008/10/10 00:21:28 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2008/09/26 22:16:26 | 000,215,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2008/01/19 01:55:24 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2008/01/11 02:20:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
    DRV - [2007/10/19 00:23:44 | 000,015,960 | ---- | M] (NEC Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mqb2all.sys -- (MQB2ALL)
    DRV - [2007/10/16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
    DRV - [2007/10/16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2007/10/04 16:14:44 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007/06/21 17:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2007/06/21 17:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/05/31 19:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2007/05/08 05:55:33 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2007/05/08 05:13:12 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2007/05/08 05:13:12 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2007/05/08 05:13:12 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/04/24 12:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
    DRV - [2007/04/05 12:08:16 | 000,012,160 | ---- | M] (PLX Technology, Inc. (visit www.PlxTech.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\realicebulk.sys -- (NCBULK)
    DRV - [2007/03/30 03:46:00 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
    DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
    DRV - [2007/02/27 14:20:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
    DRV - [2007/02/27 14:20:00 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
    DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
    DRV - [2007/01/29 12:32:40 | 000,097,280 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbmdmv32.sys -- (HtcUsbMdmV32) HTC Proprietary USB Driver (PID 0B03)
    DRV - [2006/12/22 11:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/22 11:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2006/12/22 11:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2006/12/21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2006/12/08 22:37:20 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
    DRV - [2006/11/28 16:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vstazl3.sys -- (HSFHWAZL)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
    DRV - [2006/08/30 06:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
    DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2005/05/19 13:18:50 | 000,071,040 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gkeyusb.sys -- (GKeyUSB)
    DRV - [2005/03/29 14:19:58 | 000,015,899 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HIOS6.SYS -- (hios6)
    DRV - [2004/05/31 16:20:04 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys -- (altio)
    DRV - [2004/03/22 02:43:00 | 000,016,556 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\icd2w2kl.sys -- (MCUSBICD2LDR) Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS)
    DRV - [2004/03/22 02:43:00 | 000,012,427 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\icd2w2k.sys -- (MCUSBICD2) Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS)
    DRV - [2004/01/13 10:25:58 | 000,007,144 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HWHIOS6.SYS -- (hwhios6)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/01 10:44:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/09 23:07:24 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/11/05 01:31:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
    O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [Gemplus Reader Resource Manager] C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe (Gemplus)
    O4 - HKLM..\Run: [gemstrmw] C:\Windows\System32\gemstrmw.exe (Gemplus)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [RegTool] C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe ()
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
    O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.cn ([vip.icbc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
    O16 - DPF: {03290DF3-5034-11D0-BC8C-524153480000} https://www.dpt-fast.com/stlview/astlview2005.dpt (StlView Control)
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MT...&unknown&http://www.seaeagle.com/vp/375fc.asp (MetaStreamCtl Class)
    O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} https://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll (InfosecCertInstall Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://bug.udoco.cn/qualitycenter/Spider80.ocx (Loader Class v2)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} https://b2c.icbc.com.cn/icbc/GDReadPub.cab (GDGetTokenInfo Class)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://img.alipay.com/download/2121/aliedit.cab (EditCtrl Class)
    O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} https://mybank.icbc.com.cn/icbc/NetSign.dll (Reg Error: Key error.)
    O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab (AxInputControl Class)
    O16 - DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} https://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab (ICBCOCX Public Key Check)
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://bonmot.spaces.live.com/PhotoUpload/VistaMsnPUplden-ca.cab (Windows Live Photo Upload Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab (AxSubmitControl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll (InfoSecICBCNetSign Class)
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab (Creative Toolbox Plug-in)
    O16 - DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} https://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll (CSetLET Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} https://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB (AxUSBKey Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: RedEyeQuote https://www.redeyeondemand.com/RedEyeQuote.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
  24. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/05 11:49:13 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2010/11/05 09:45:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/11/05 09:19:21 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/11/05 09:18:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
    [2010/11/04 23:43:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/11/04 23:43:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/11/04 23:43:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/11/04 23:43:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/11/04 23:41:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/04 23:06:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\NTBR_CD
    [2010/11/04 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\tdsskiller
    [2010/11/04 00:31:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
    [2010/11/03 22:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/11/01 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Project Outputs for Free Documents
    [2010/10/24 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/10/24 17:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/10/24 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/10/24 17:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/10/24 17:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

    ========== Files - Modified Within 30 Days ==========

    [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2010/11/05 11:38:39 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/05 11:38:39 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/05 11:14:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/05 10:40:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/05 10:14:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/05 09:55:33 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/05 09:55:32 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/05 09:55:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2010/11/05 09:55:16 | 000,025,312 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
    [2010/11/05 09:55:16 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
    [2010/11/05 09:54:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/05 08:59:29 | 416,338,079 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/05 01:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/04 23:35:27 | 003,903,125 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
    [2010/11/04 23:04:45 | 002,565,432 | ---- | M] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
    [2010/11/04 22:10:52 | 000,080,384 | ---- | M] () -- C:\Users\Paul\Desktop\MBRCheck.exe
    [2010/11/04 22:10:09 | 001,213,675 | ---- | M] () -- C:\Users\Paul\Desktop\tdsskiller.zip
    [2010/11/04 16:36:02 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
    [2010/11/04 13:29:10 | 000,000,395 | ---- | M] () -- C:\Windows\CAMDXP.INI
    [2010/11/04 00:31:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
    [2010/11/04 00:23:01 | 003,777,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/04 00:04:28 | 000,294,912 | ---- | M] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
    [2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/10/25 16:02:29 | 005,411,840 | ---- | M] () -- C:\Users\Paul\Desktop\sp580w.exe
    [2010/10/21 10:14:50 | 000,033,002 | ---- | M] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chw
    [2010/10/20 11:07:18 | 000,001,208 | ---- | M] () -- C:\Users\Paul\ViewMate.cfg
    [2010/10/14 22:02:00 | 008,713,599 | ---- | M] () -- C:\Users\Paul\Desktop\EverProS1000V141Install.zip
    [2010/10/14 15:57:54 | 000,000,161 | ---- | M] () -- C:\Windows\M1000.INI
    [2010/10/14 03:05:57 | 000,000,410 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2010/10/11 21:13:10 | 000,934,702 | ---- | M] () -- C:\Users\Paul\Desktop\der188.pdf
    [2010/10/06 23:39:24 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

    ========== Files Created - No Company Name ==========

    [2010/11/04 23:43:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/11/04 23:43:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/11/04 23:43:27 | 000,088,064 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/11/04 23:43:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/11/04 23:43:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/11/04 23:35:28 | 003,903,125 | R--- | C] () -- C:\Users\Paul\Desktop\ComboFix.exe
    [2010/11/04 23:04:40 | 002,565,432 | ---- | C] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
    [2010/11/04 22:10:52 | 000,080,384 | ---- | C] () -- C:\Users\Paul\Desktop\MBRCheck.exe
    [2010/11/04 22:09:59 | 001,213,675 | ---- | C] () -- C:\Users\Paul\Desktop\tdsskiller.zip
    [2010/11/04 12:06:29 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/04 00:04:24 | 000,294,912 | ---- | C] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
    [2010/10/25 16:02:30 | 005,411,840 | ---- | C] () -- C:\Users\Paul\Desktop\sp580w.exe
    [2010/10/21 10:14:50 | 000,033,002 | ---- | C] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chw
    [2010/10/21 10:03:14 | 000,352,783 | ---- | C] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chm
    [2010/10/14 22:02:02 | 008,713,599 | ---- | C] () -- C:\Users\Paul\Desktop\EverProS1000V141Install.zip
    [2010/10/14 15:57:54 | 000,000,161 | ---- | C] () -- C:\Windows\M1000.INI
    [2010/10/11 21:13:09 | 000,934,702 | ---- | C] () -- C:\Users\Paul\Desktop\der188.pdf
    [2010/10/02 11:16:24 | 000,012,672 | ---- | C] () -- C:\Windows\System32\drivers\Chip_usb.sys
    [2010/10/02 11:04:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\gwscm.dll
    [2010/10/01 23:39:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\InputControl.dll
    [2010/10/01 23:39:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
    [2010/10/01 23:39:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
    [2010/10/01 23:39:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\RootCert.dll
    [2010/10/01 23:39:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\EditControl.dll
    [2010/10/01 23:39:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ICBCQPK_HH.dll
    [2010/10/01 23:39:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\certInStall.dll
    [2010/10/01 23:39:42 | 000,091,520 | ---- | C] () -- C:\Windows\System32\icbc_bhdc2vdv.dll
    [2010/10/01 23:39:42 | 000,091,520 | ---- | C] () -- C:\Windows\System32\icbc_bhdc1vdv.dll
    [2010/10/01 23:39:42 | 000,054,656 | ---- | C] () -- C:\Windows\System32\icbc_gdgetdv.dll
    [2010/10/01 23:39:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\GDSetLET.dll
    [2010/05/12 09:43:54 | 000,000,410 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/05/10 12:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\Temptable.xml
    [2010/04/20 23:59:07 | 000,007,616 | -HS- | C] () -- C:\ProgramData\RJAhr0NY5OVC
    [2010/03/02 15:07:51 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
    [2010/02/10 12:16:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
    [2010/02/10 11:41:16 | 000,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
    [2009/11/12 10:43:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/11/11 01:37:14 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
    [2009/10/31 00:35:35 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2009/10/12 00:27:58 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
    [2009/10/09 22:05:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/26 11:48:31 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
    [2009/09/14 11:59:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\EASYZUSBMULTI.DLL
    [2009/09/14 11:59:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DDSCON.DLL
    [2009/08/20 22:36:16 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
    [2009/07/21 11:16:23 | 000,086,016 | ---- | C] () -- C:\Windows\System32\jcutilHUAUKLCD.dll
    [2009/07/21 11:16:23 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jcutilTdrUKLCD.dll
    [2009/03/28 00:53:08 | 000,002,290 | ---- | C] () -- C:\Windows\Palm OS Emulator.ini
    [2009/02/16 23:48:35 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
    [2009/02/16 15:53:49 | 000,193,024 | ---- | C] () -- C:\Windows\System32\co2c40en.dll
    [2009/02/16 15:53:49 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
    [2009/02/16 15:53:48 | 000,953,344 | ---- | C] () -- C:\Windows\System32\pg32.dll
    [2009/01/07 18:14:04 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
    [2008/11/15 13:54:01 | 004,804,608 | ---- | C] () -- C:\Users\Paul\AppData\Local\filesync.metadata
    [2008/04/06 22:16:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UnblkPIN.dll
    [2008/04/06 22:16:00 | 000,389,175 | ---- | C] () -- C:\Windows\System32\RsaFun.dll
    [2008/04/06 22:16:00 | 000,282,734 | ---- | C] () -- C:\Windows\System32\NPCard.dll
    [2008/04/06 22:16:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\jcutilHUAUK.dll
    [2008/04/06 22:16:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\jcinpublic.dll
    [2008/04/06 22:16:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcutilgem101101.dll
    [2008/04/06 22:15:58 | 000,262,208 | ---- | C] () -- C:\Windows\System32\GPKPCSC.dll
    [2008/04/06 22:15:58 | 000,241,758 | ---- | C] () -- C:\Windows\System32\GPKPIN.dll
    [2008/04/06 22:15:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hmukchk.dll
    [2008/04/06 22:15:57 | 000,184,320 | ---- | C] () -- C:\Windows\System32\GdApi.dll
    [2008/04/06 22:15:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CEA_Crypt.dll
    [2008/04/06 22:15:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ChangPIN.dll
    [2008/04/06 22:15:57 | 000,022,016 | ---- | C] () -- C:\Windows\System32\GEMPIN01.dll
    [2008/02/22 08:42:27 | 000,000,044 | ---- | C] () -- C:\Windows\liveup.ini
    [2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2007/12/17 20:00:50 | 000,000,395 | ---- | C] () -- C:\Windows\CAMDXP.INI
    [2007/12/06 22:27:14 | 000,000,216 | ---- | C] () -- C:\Windows\mercury.ini
    [2007/11/01 11:39:27 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2007/10/31 14:24:11 | 000,000,021 | ---- | C] () -- C:\Windows\iar2ice.ini
    [2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
    [2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
    [2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
    [2007/10/31 14:19:59 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
    [2007/10/31 14:19:59 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
    [2007/10/31 14:05:18 | 000,000,764 | ---- | C] () -- C:\Windows\cw23.INI
    [2007/10/31 14:04:58 | 000,001,187 | ---- | C] () -- C:\Windows\ew23.INI
    [2007/10/26 20:54:29 | 000,114,688 | ---- | C] () -- C:\Windows\System32\GDSPKLib.dll
    [2007/10/26 20:54:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\GDInitLib.dll
    [2007/10/26 20:38:08 | 000,012,928 | ---- | C] () -- C:\Windows\System32\drivers\chip_usb.sys.bak
    [2007/10/26 20:38:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\ChipCo.dll
    [2007/10/26 20:37:12 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\eps2kt1.sys
    [2007/10/26 20:37:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\R5CoInst.dll
    [2007/10/20 15:21:55 | 000,000,029 | ---- | C] () -- C:\Windows\IDE.INI
    [2007/10/07 20:25:38 | 000,000,600 | ---- | C] () -- C:\Users\Paul\AppData\Local\PUTTY.RND
    [2007/09/12 23:02:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GDReadPub.dll
    [2007/07/13 11:43:19 | 000,000,000 | ---- | C] () -- C:\Windows\HT-IDE3000.INI
    [2007/06/22 13:25:37 | 000,000,000 | ---- | C] () -- C:\Windows\SetID.INI
    [2007/06/09 17:27:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2007/05/12 22:30:05 | 000,131,072 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
    [2007/05/09 04:10:20 | 000,146,944 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/09 01:04:30 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/05/08 05:29:09 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
    [2007/03/29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
    [2007/02/09 17:32:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/12/14 14:14:16 | 000,025,312 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
    [2006/12/14 14:14:10 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
    [2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/10/08 19:04:32 | 000,023,040 | ---- | C] () -- C:\Windows\System32\jcidGEM102.dll
    [2006/10/08 19:03:28 | 000,027,136 | ---- | C] () -- C:\Windows\System32\jcinGEM102.dll
    [2006/09/05 14:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
    [2006/08/11 16:47:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\jcinHUAUK.dll
    [2006/08/11 16:47:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jcidHUAUK.dll
    [2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll
    [2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/04/05 10:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jcinGD84.dll
    [2003/10/15 12:29:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcidGEM101.dll
    [2003/10/09 12:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcidGD84.dll
    [2003/09/17 17:12:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\jcinTHTFUK.dll
    [2003/09/17 17:10:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jcidTHTFUK.dll
    [2003/09/17 16:02:42 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jcidWATCHK.dll
    [2003/09/17 15:34:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jcinWATCHK.dll
    [2003/07/03 18:28:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcinGEM101.dll
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
    [1999/11/16 13:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\System32\DrRw40.dll

    ========== LOP Check ==========

    [2010/04/21 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\3Dconnexion
    [2009/05/15 09:20:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AeroSnapApp
    [2007/05/09 02:27:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Altium2004
    [2009/02/13 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AltiumDesigner6
    [2010/11/05 11:49:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AltiumDesignerWinter09
    [2008/05/24 14:12:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\App Launcher Gadget
    [2008/07/16 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Autodesk
    [2010/02/26 18:06:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Azureus
    [2010/02/28 21:44:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DassaultSystemes
    [2007/06/09 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DWGeditor
    [2010/07/05 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\EDrawings
    [2007/05/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FlashGet
    [2010/02/28 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FlashgetSetup
    [2007/05/14 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GlobalSCAPE
    [2009/11/14 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IM
    [2007/05/08 12:04:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
    [2009/01/03 10:47:11 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LEGO Company
    [2008/06/14 08:51:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Lenovo
    [2009/10/04 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Luxology
    [2010/10/01 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Microchip
    [2007/12/09 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MySQL
    [2007/06/08 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
    [2010/02/08 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nordic Semiconductors ASA
    [2007/06/04 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
    [2007/05/12 13:45:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
    [2010/04/24 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPlive
    [2010/01/11 10:02:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPLiveVA
    [2010/04/19 16:29:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPStream
    [2007/05/31 14:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Radmin
    [2008/12/27 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\sldIM
    [2009/10/28 02:00:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Softland
    [2009/11/11 01:40:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tencent
    [2010/05/11 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tific
    [2010/02/26 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
    [2007/09/18 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\VoipStunt
    [2010/08/13 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\VSO
    [2010/10/07 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
    [2010/11/05 09:53:10 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/04 16:36:02 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2010/09/18 16:35:58 | 000,001,272 | ---- | M] () -- C:\bar.emf
    [2009/09/25 22:26:18 | 000,000,888 | ---- | M] () -- C:\bholog.txt
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/09 19:32:55 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/11/05 09:45:15 | 000,022,077 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/12/03 12:34:00 | 000,000,037 | ---- | M] () -- C:\crypt.bat
    [2007/05/08 05:23:31 | 000,001,264 | ---- | M] () -- C:\drivez.log
    [2010/11/05 09:54:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/05 13:44:42 | 000,016,480 | ---- | M] () -- C:\hope.otp
    [2007/10/31 14:26:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/16 23:40:36 | 000,102,947 | ---- | M] () -- C:\LICENSE.TXT
    [2009/02/17 09:49:22 | 000,000,547 | ---- | M] () -- C:\mentor.lic
    [2008/12/04 16:36:52 | 000,000,549 | ---- | M] () -- C:\mentor.lic.bak
    [2009/02/15 15:45:27 | 000,312,320 | ---- | M] (EFA Team) -- C:\MentorKG.exe
    [2008/11/26 04:37:38 | 001,601,536 | ---- | M] () -- C:\mgcld.EXE
    [2008/12/02 03:32:14 | 001,564,672 | ---- | M] (Mentor Graphics) -- C:\MGLS.DLL
    [2010/03/05 17:06:09 | 000,006,084 | ---- | M] () -- C:\MPUsbSIn.log
    [2007/10/31 14:26:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/06 22:19:10 | 000,000,000 | ---- | M] () -- C:\netsign_debuginfo.txt
    [2010/11/05 09:54:38 | 3533,348,864 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/08 10:21:24 | 1073,741,824 | -H-- | M] () -- C:\pfsvoddata.bbv
    [2008/02/05 10:41:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2008/03/04 14:45:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2008/02/05 10:41:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2008/03/04 14:45:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2007/05/08 05:13:02 | 000,000,053 | ---- | M] () -- C:\syslevel.lgl
    [2010/11/04 22:14:23 | 000,071,820 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_04.11.2010_22.12.32_log.txt
    [2007/08/06 00:16:51 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/09 22:45:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 08:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/06/21 00:03:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/09/21 13:24:31 | 000,000,352 | -HS- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/04 23:35:27 | 003,903,125 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
    [2010/11/04 22:10:52 | 000,080,384 | ---- | M] () -- C:\Users\Paul\Desktop\MBRCheck.exe
    [2010/11/04 23:04:45 | 002,565,432 | ---- | M] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
    [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2010/11/04 00:04:28 | 000,294,912 | ---- | M] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
    [2010/10/25 16:02:29 | 005,411,840 | ---- | M] () -- C:\Users\Paul\Desktop\sp580w.exe
    [2010/11/04 00:31:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2007/10/10 18:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2006/11/02 08:36:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/05/10 15:12:51 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/05/10 15:12:21 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/11/02 08:37:02 | 000,000,402 | -HS- | M] () -- C:\Users\Paul\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/10/12 00:27:58 | 000,000,016 | ---- | M] () -- C:\ProgramData\.7486160831680234
    [2008/07/12 10:49:11 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/04/21 00:41:19 | 000,007,616 | -HS- | M] () -- C:\ProgramData\RJAhr0NY5OVC

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Files - Unicode (All) ==========
    [2010/08/27 23:44:51 | 000,000,000 | ---D | M](C:\Users\Paul\Desktop\??) -- C:\Users\Paul\Desktop\探亲
    [2010/04/11 20:58:22 | 000,000,000 | ---D | C](C:\Users\Paul\Desktop\??) -- C:\Users\Paul\Desktop\探亲
    [2007/06/16 00:21:04 | 000,000,000 | ---D | M](C:\Users\Paul\Favorites\????(??THUMBXP)) -- C:\Users\Paul\Favorites\手机论坛(宣传THUMBXP)

    < End of report >
  25. bonmotwang

    bonmotwang Newcomer, in training Topic Starter Posts: 28

    OTL Extras logfile created on: 05/11/2010 11:51:08 AM - Run 1
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Paul\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 86.66 Gb Total Space | 13.72 Gb Free Space | 15.83% Space Free | Partition Type: NTFS

    Computer Name: T60P-PAUL | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .scr [@ = scrfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    jsfile [edit] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03C91A7F-2832-4FED-A193-A482E42870C4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{058044B2-4AB4-4BB7-92D4-153D0A069B60}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{084E189F-CE0E-4021-9B9C-098B95101214}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{204360C8-4145-4CFA-995D-84C05B20690D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{36314F92-65CD-43D7-BCB5-65474E22B44F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{4303B49F-B507-4011-8C7A-524281CFC1F7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{44B40FBE-3732-4C96-9823-BE3C212FCBC0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{48B21167-245B-4758-BB53-2942B63E987F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4DAE64FE-39A3-41B7-BB3F-C3AEF8C10882}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5E839C1B-997A-4261-ABFE-E3FEC1D3FB04}" = lport=7553 | protocol=6 | dir=in | name=emule tcp |
    "{7132B6CF-0A86-424E-AEFF-3D65F39E68F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7FBC4DE7-8498-40D1-B0D7-4E900F1B8E40}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{932D6046-B71B-498C-919C-D81BEC03DE56}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{9916ACFA-DD20-4EF0-AEBC-6C4701E5B2E2}" = lport=7563 | protocol=17 | dir=in | name=emule udp |
    "{9A357ED6-DC4D-40DB-BC66-E36DE95E73D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{AB781A36-9827-4E6B-8288-EE72EED59547}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{AE2D1464-7725-4388-A701-66C2405E17E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{DD0CE62D-F03F-4005-8E26-D4090F90FF0C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DF95E72A-16F9-40AC-8D5B-343165F4CE0F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00E4E296-C015-4088-8142-10E93180EDF6}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
    "{01D38775-0FD4-49C3-84B0-22C09734B5A1}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
    "{0271EA39-2AFC-42DE-921E-03EE32E76DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{02C15982-1811-4281-B208-847379EE428B}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all professional 4\backup4all.exe |
    "{0723892B-D61D-4879-9D93-2BC2E8B6AD2C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{0737C413-9352-4A6C-9D60-67169968A476}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
    "{088A66B9-A799-4D3A-AA61-67494FA24A48}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{098EFC1E-9609-48BC-AC0B-9B33E96770B7}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
    "{11AB0502-CA26-4E5A-9463-03725D079CD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{13DB5195-13A1-4555-91D9-5662BEE90C32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{15BADEC3-3EDD-4D9A-B374-15B0F6C18EC3}" = protocol=17 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
    "{177B58E3-3F79-4C55-9179-D8953E3FE029}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1A276A72-2F47-47C8-B838-4CCA8A3BAEDB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{1C02F26C-C67E-467B-A968-25C5C633E435}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1C4E174F-6E94-46A7-85D6-C39E4D752ABF}" = protocol=17 | dir=in | app=c:\program files\aliwangwang\aliim.exe |
    "{1DFAB063-7D78-4045-B744-9A405D6E9843}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
    "{1E6BD409-8E71-4FD1-8C88-737E09281C37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1EC3E8FF-0E82-46C5-BEDC-9F3DA252BA31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1F03EC84-EE2F-4832-8C24-39DA1443F9B9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{230F3CBB-26A1-4EDE-AB58-32330FFDE06E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{24676578-D72F-4473-8754-B9E064314521}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
    "{24B200CE-BC16-4936-ADC5-866FC3423895}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{28C64E69-E7DF-4B64-A180-3E9383FA846D}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
    "{2C20DD8D-EA88-452C-82E7-F2F5964713CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{2D9E92F4-2314-4321-8690-8E86A68197BC}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
    "{30382777-C883-4AD7-ACE4-3F9492516BFE}" = protocol=17 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
    "{30C360FC-E8E2-45C8-8880-57E74ECA654E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{31F4BED9-7AA2-400F-86CE-E2C17920A2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{32D2AFA4-C277-4C41-AACA-F9DDA950CA1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3591958B-D37F-458C-9396-04E39DFA195A}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
    "{366CAD6D-7E68-4BAC-AC03-E2B897FE9BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{37FD0568-169D-4158-8BD5-8DC2C0829015}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
    "{399B2170-96EF-4CD9-8A15-774D86F3ACBD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3B359866-EA86-4EBD-9313-128F2F4CBEF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3C54B604-8D29-4AD0-AC1F-BD745665A803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{3E5A9E59-CE4A-4C5B-AB97-6616F02D896F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{42032143-B310-48AF-8A96-7CAE42DB0F0E}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe |
    "{43997170-A820-4C65-ADCA-9520794ECAE8}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
    "{46F6171A-EC1D-4446-BC74-A9D462B573E6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
    "{496A68D6-9266-4F36-839C-067C467C617A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4C2F7C64-5715-45F2-9B78-0BB936F3DD61}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
    "{4D14E678-BC9B-4795-B35D-5B3C8E21C09D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4D22019C-10E3-46D4-BFFB-5F9956706EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4D89A6E2-A54E-4615-99F2-70F6B8ED60D0}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
    "{4DE6EBEB-6A58-4C45-806E-1D49AE523EDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{4F44EB37-C17A-4308-AC47-CB0DE9E79D4B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{539EEF6A-3B22-42A1-91E0-A6FBB3A85EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{54CED8C3-08ED-4C9F-9CAA-99CA070CBC24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{57B0975B-A473-41AB-A406-492AF7B9FB32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{58828CBC-8057-4581-938A-578C4AB80028}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5A3CA6DB-A414-41C8-AEAD-01D8D78C27DF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5AB6CD37-87C1-42A0-A003-577943BB77BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{5DAFBA06-F5E8-4585-A308-A9F9FC3F781C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5DF9D9BE-8B98-4A40-9966-1BF4919AB916}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{675573BC-0D8E-43AD-8D2F-53EFD9791767}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6B15CA74-B663-439C-A028-CD07F2B806C9}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
    "{6C7FAAB9-2ABD-46BE-B1F0-41025FEB2E67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{6E115240-FF4B-4BB1-AC0C-2F8E325C38E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6EE309D2-C85B-4157-A92B-53AF75499F25}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7064E125-BC28-49B9-928C-F657302C811F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{741695BD-0635-42A4-9BA9-3959A7E4802F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{79C283F3-DEC0-4C3E-A784-E31A37C7B6C2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7B893C96-D41E-4619-B454-899DED94C0F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7C81741D-6C80-4C70-9691-7A653FB150DB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{7EEDEBFD-A64A-4E33-97B6-21C8982DF130}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{807071FF-16F5-4931-BFEF-8F47DD720096}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{822C4341-5B12-4C7D-A9C5-F6CD687A7769}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
    "{84FE82F2-5CBC-474C-9F62-D249CB8F903B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
    "{865F9F34-4E6A-4F55-A850-E7EAF734EC41}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
    "{877710E1-7C11-40D9-B3D7-B9F67D6369DB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{8802B7A8-6E44-49D2-8D5C-4B2A4B8F9397}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
    "{89AE6A80-B047-407B-B9C8-4AC33BEE8371}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{90BD5CA5-2587-4B60-9D00-7A75BE4495A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{942123DD-AC6F-4212-88A8-948781728706}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{94FAF415-F7ED-41F6-8912-BCFFCC0899DD}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
    "{952B41C3-BC86-4B7E-B35E-4704E8C32C1C}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{96511A6B-6A89-438A-A306-04EB737AAEC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9675CAD0-772C-4AB3-9486-0434078878EE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{98348DC0-3251-4C77-9521-4A09D15AB601}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{993790F6-9432-482A-B65B-2736D7C6F71B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{994388CD-56E5-4894-8626-B4671CA55FF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9AF56249-F575-406F-AD14-24AD63B45DD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9FF59C96-16A5-45D9-AD57-6754FD6B168E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{A098F88F-1189-45CC-8AAD-DC2C482D2B9A}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
    "{A150A68C-9274-4D22-9A2B-FB9186787253}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
    "{A4786A77-F44A-45B0-BC46-0DC4866488EF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{ACB8DF31-117A-4A74-8124-8911A2BBCC07}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
    "{AEA3EFB4-F2AB-4414-95F2-F83C72DABBCD}" = protocol=6 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
    "{B329F73C-13C9-4D4B-AE92-4C74A4E0876E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B425E41A-DCC5-4FFD-A9D2-D315E55340E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{B516804F-9F9D-48EF-9D70-7601FE068246}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all professional 4\backup4all.exe |
    "{B57E7EF3-60C9-4E8A-B518-BBDF0C4CA574}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all professional 4\b4acmd.exe |
    "{B598CB3E-F6FE-4497-9E7D-FF5CF36CFBC7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B5E3F7CC-1B03-44C2-928D-02A7A8534ACE}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all professional 4\b4acmd.exe |
    "{BA7DB8EB-5EC0-4394-9E90-48EA2D7613B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BC3C02C5-BA2C-4DA5-8B0A-9F97CB406567}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
    "{BE2D3CDE-C9D6-4E0C-857C-526B6B0FF960}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{BEE8A843-3718-471F-A129-31E8A2977025}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BF88F834-FD0C-4FF3-941D-AA69A086F320}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C420AD73-C287-4CAA-867C-CF597ED92A39}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C5FDFADA-2BA8-4855-8C55-1946D0C74777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{C7B679F2-A14B-4A36-A1B4-E96622DB484A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CB06B9AE-1073-49B9-AE5E-9479C38A6F87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CB60F445-B2A7-4653-853F-9353AA82D7C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CC733629-25A8-4E82-8207-30C248903A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{CE6A8A04-0211-4E4E-8AA7-57DFFA1F4CB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D1BCE77B-7E88-47BE-900B-6D9726AC266A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D446A514-6E48-45CD-A4DA-20183E54D21C}" = protocol=6 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
    "{D51A03C8-FD58-4EC5-8808-DD2C16209BA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D57E336D-9D84-4821-9BA9-22F08554CA39}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
    "{D620DA31-F2D6-479C-8DA9-E28F77C4EF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D67DBA24-88B2-4268-B8C7-53AC8670B68B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{D8B1AE7A-ABED-4BE2-8157-527A432046F2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
    "{D96BF01B-90A9-402E-BFD6-C3472655C8DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{DBA083B3-627C-4309-8648-CDC9FA85092C}" = protocol=6 | dir=in | app=c:\program files\aliwangwang\aliim.exe |
    "{DBBE416E-BD1A-4A49-9DC8-D2B740BDD58D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{DC14512E-46FC-49C1-951E-7BF82DA63A80}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{DCCADD30-ACA4-426F-938D-49105ED59C5B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
    "{E008B7EB-22E6-49A2-8EA6-43889C7BCF60}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E1ECA794-C047-4159-9261-229C5D824B65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E371840F-4B5A-4DA2-AFCD-95E34D5BDA87}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
    "{E39FBD18-890E-4B10-B8FE-D94C08E776B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E49B2A85-CDE4-470E-938C-F82E90187BAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EC32FA6D-3817-4C52-976B-1AD39A85FE73}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{EF3354E8-54CF-4CE2-9283-63F85D19F5B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F4DC9C3D-4826-410D-B68C-1CD2E4087F50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F4E29F81-3CAC-4FB3-A873-E414769BE5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F6208807-6EEF-4D4B-A774-2F3C8847EFD9}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe |
    "{F650D1D4-EEFE-48C6-B6A9-0F6FF08C672A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F86778A8-19CE-42D9-B422-7EDD87E771C2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F91D5B25-1403-47CD-9177-33A0534DBB67}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{FA103A6C-F9F0-4AFB-9021-6E976B05722E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{FB09E603-E201-4A01-9414-CC63D5C07EC3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
    "{FDC1528A-78D5-4F3E-A552-A80BDE3B2032}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{FEF3081F-B90D-4711-9F67-C0F642C4C9EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{099F4F94-FB5B-4232-80EE-C36841085648}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
    "TCP Query User{13C0A27E-C840-4D03-B6D6-385C69980F45}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
    "TCP Query User{14CDC0B3-A012-415E-BC88-157D28171664}C:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe |
    "TCP Query User{2032AFC2-9C35-4345-AE45-1248D571B150}C:\temp\testdll\server.exe" = protocol=6 | dir=in | app=c:\temp\testdll\server.exe |
    "TCP Query User{2B7411D1-074D-4B68-80D3-9EB1A12B8F5E}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
    "TCP Query User{2F9B390E-A628-431E-8077-F354501D669F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{37EA397D-3776-444E-BBF7-9487E85FAFAD}C:\java\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\java\eclipse\eclipse.exe |
    "TCP Query User{43375BD2-6B09-4669-8BF5-517C6ACCE9CD}C:\temp\socket\server\debug\server.exe" = protocol=6 | dir=in | app=c:\temp\socket\server\debug\server.exe |
    "TCP Query User{6B739A28-CFB8-4EEC-B327-7F49845C0D8C}C:\program files\easymule\emule.exe" = protocol=6 | dir=in | app=c:\program files\easymule\emule.exe |
    "TCP Query User{6FAD55F9-F1CB-4F6F-B8FF-8A7DFA9C747F}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
    "TCP Query User{733EE1B3-C7FE-474C-B66B-A1176614770F}C:\java\wtk23\bin\emulator.exe" = protocol=6 | dir=in | app=c:\java\wtk23\bin\emulator.exe |
    "TCP Query User{76731764-A3DB-4005-B5C9-A8199CDF73C2}C:\temp\sword\registration tools\pose\emulator.exe" = protocol=6 | dir=in | app=c:\temp\sword\registration tools\pose\emulator.exe |
    "TCP Query User{83A0E01C-2427-4304-A536-54CFF019A59E}C:\mentorgraphics\licensing\lmgrd.exe" = protocol=6 | dir=in | app=c:\mentorgraphics\licensing\lmgrd.exe |
    "TCP Query User{8CB56657-A75E-4396-BDB8-1A5C9F5B6B09}C:\program files\altium designer winter 09\dxp.exe" = protocol=6 | dir=in | app=c:\program files\altium designer winter 09\dxp.exe |
    "TCP Query User{91CED359-5CF4-40A9-97B9-129A93EF1BFA}C:\downloads\flashget_19873_1.exe" = protocol=6 | dir=in | app=c:\downloads\flashget_19873_1.exe |
    "TCP Query User{A29D57AE-997F-46D9-809D-C40D246CDCE1}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
    "TCP Query User{B5466EFE-5AE6-4BDE-AAAA-B43808B34DF8}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
    "TCP Query User{DCC451E9-D086-4B0F-8B6A-36BA5FF0B98D}C:\green\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\green\pplive\pplive.exe |
    "TCP Query User{E8FA0D47-3E22-487C-B136-A42712CCB950}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "TCP Query User{FA14C366-D52A-441B-AF66-EFD3FA6CF045}C:\java\wtk23\bin\zayit.exe" = protocol=6 | dir=in | app=c:\java\wtk23\bin\zayit.exe |
    "UDP Query User{0AB6AB39-88EF-4A36-8C43-69190D0495B2}C:\temp\sword\registration tools\pose\emulator.exe" = protocol=17 | dir=in | app=c:\temp\sword\registration tools\pose\emulator.exe |
    "UDP Query User{186F99C6-D3E4-468E-85AA-40BC705B74D5}C:\program files\altium designer winter 09\dxp.exe" = protocol=17 | dir=in | app=c:\program files\altium designer winter 09\dxp.exe |
    "UDP Query User{2D279A5F-5496-4358-9C2E-6412B6CDF80A}C:\green\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\green\pplive\pplive.exe |
    "UDP Query User{3268075C-A7B7-4F19-A402-3E6F6C6DF6C5}C:\mentorgraphics\licensing\lmgrd.exe" = protocol=17 | dir=in | app=c:\mentorgraphics\licensing\lmgrd.exe |
    "UDP Query User{3CE39B41-7046-44D2-B53A-297A18198EE2}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
    "UDP Query User{3E28196E-5347-4055-B86E-F44A03C0603A}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
    "UDP Query User{49B89C63-188D-4074-AD86-E36A83D7DB74}C:\program files\easymule\emule.exe" = protocol=17 | dir=in | app=c:\program files\easymule\emule.exe |
    "UDP Query User{542C1639-ED3A-4C42-ABBF-C05F0EE7A5A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{63EFD024-410E-412C-86BB-CE83853AEB79}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
    "UDP Query User{82A2275D-0D70-4317-AE8B-BB1816767D02}C:\java\wtk23\bin\emulator.exe" = protocol=17 | dir=in | app=c:\java\wtk23\bin\emulator.exe |
    "UDP Query User{8A6C703B-BD9C-4C7C-BC94-EE8A5901444F}C:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe |
    "UDP Query User{8C96D000-321E-4287-B42C-2BBD64238D77}C:\downloads\flashget_19873_1.exe" = protocol=17 | dir=in | app=c:\downloads\flashget_19873_1.exe |
    "UDP Query User{923E4DF6-0051-4B1A-8EC8-F1739F074D04}C:\java\wtk23\bin\zayit.exe" = protocol=17 | dir=in | app=c:\java\wtk23\bin\zayit.exe |
    "UDP Query User{BDADF24C-700E-42C9-BBBE-74962C35D26E}C:\temp\testdll\server.exe" = protocol=17 | dir=in | app=c:\temp\testdll\server.exe |
    "UDP Query User{BE087175-E9AD-4376-9775-FE1F554FA41E}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
    "UDP Query User{CF5CDF6A-044A-4E33-9B07-E1B11E45AF16}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "UDP Query User{D53B9E49-0A1F-4A14-B129-F9A47B57A675}C:\java\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\java\eclipse\eclipse.exe |
    "UDP Query User{DE199120-9072-4AF3-8D62-6FA3D5BA454B}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
    "UDP Query User{DE7CCA86-7634-4EDF-A0FA-6C581EAE2047}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
    "UDP Query User{FD6F0F56-8C15-4C31-9EE0-DE32E9143A5C}C:\temp\socket\server\debug\server.exe" = protocol=17 | dir=in | app=c:\temp\socket\server\debug\server.exe |
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.