Solved Need help to remove Netbt.Sys virus, following the 8 steps

Status
Not open for further replies.
B

bonmotwang

Posts: 28   +0
Norton reported Netbt.sys virus.
So I followed the 8 steps. but with DDS, I only got DDS.txt, and I won't be able to close it after scan.
But anyway, I need my computer to be cleaned.
Thank you!
 

Attachments

  • mbam-log-2010-11-04 (10-14-25).txt
    1,005 bytes · Views: 0
  • gmer.log
    12.6 KB · Views: 0
  • DDS.txt
    21.3 KB · Views: 0
Welcome aboard
yahooo.gif


Please, observe forum's rules: https://www.techspot.com/vb/topic154928.html
 
Sorry, Here are the logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5034

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

04/11/2010 10:14:25 AM
mbam-log-2010-11-04 (10-14-25).txt

Scan type: Quick scan
Objects scanned: 156321
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

===============================================
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-11-04 12:45:51
Windows 6.0.6002 Service Pack 2
Running: pd7wmbf0.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kwryrpob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sectors 195371339 (+1): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHTS721010G9SA00_________________________MCZIC14V#4&2f17976&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Processes - GMER 1.0.15 ----

Process wscstub.exe (*** hidden *** ) 4492

---- EOF - GMER 1.0.15 ----

===================================================

DDS (Ver_10-11-03.01) - NTFSx86
Run by Paul at 13:15:31.86 on 04/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1377 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IPSSVC.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\VMSnap3.exe
C:\Windows\Domino.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Altium Designer Winter 09\dxp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Users\Paul\AppData\Local\Temp\BA4.tmp\MBR.DAT
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\taskeng.exe
C:\Users\Paul\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uStart Page = about:blank
uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [Domino] c:\windows\Domino.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [gemstrmw] c:\windows\system32\gemstrmw.exe /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Gemplus Reader Resource Manager] c:\program files\icbcebanktools\gemplus\gemsafe libraries\bin\RRMSVR.exe
mRun: [RegTool] c:\program files\icbcebanktools\gemplus\gemsafe libraries\bin\RegTool.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\vip.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_popup.pl?1&4&04.00.05.04&unknown&unknown&http://www.seaeagle.com/vp/375fc.asp
DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://bonmot.spaces.live.com/PhotoUpload/VistaMsnPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd ACGina
mASetup: aetsprov - c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-24 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-11-1 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-24 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-10-20 13744]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-4-24 16688]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-24 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys [2010-9-24 339504]
R2 altio;altio;c:\program files\altium designer winter 09\system\drivers\altio.sys [2004-5-31 3200]
R2 hios6;hios6;c:\windows\system32\drivers\HIOS6.SYS [2010-1-15 15899]
R2 hwhios6;hwhios6;c:\windows\system32\drivers\HWHIOS6.SYS [2010-1-15 7144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-3 304464]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-2 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2006-12-14 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-7-1 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]
R3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\drivers\Chip_smc.sys [2007-10-26 14336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-3 20952]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2007-4-3 14592]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 136176]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\drivers\icd2w2k.sys [2004-3-22 12427]
S2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\drivers\icd2w2kl.sys [2004-3-22 16556]
S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2008-7-13 6656]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-10-15 87336]
S3 GD_USB;USB Chip Service;c:\windows\system32\drivers\Chip_usb.sys [2010-10-2 12672]
S3 GKeyUSB;GKeyUSB;c:\windows\system32\drivers\gkeyusb.sys [2005-5-19 71040]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\drivers\htcusbmdmv32.sys [2007-1-29 97280]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-6-10 28672]
S3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\drivers\mqb2all.sys [2007-10-19 15960]
S3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\realicebulk.sys [2007-4-5 12160]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-5-12 475136]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2010-11-04 02:54:17 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2010-11-01 16:27:33 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
2010-10-24 21:48:58 -------- d-----w- c:\program files\iPod
2010-10-24 21:48:44 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-24 21:48:43 -------- d-----w- c:\program files\iTunes
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-10-24 21:47:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-10-24 21:34:58 -------- d-----w- c:\program files\Bonjour
2010-10-14 20:14:39 624056 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.285\mframe.dll
2010-10-14 20:14:39 312768 ----a-w- c:\program files\internet explorer\pplite\plugin\1.0.0.285\ppp.dll
2010-10-13 21:58:05 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 21:58:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 21:56:09 531968 ----a-w- c:\windows\system32\comctl32.dll

==================== Find3M ====================

2010-10-02 15:16:24 5632 ----a-w- c:\windows\system32\ChipCo.dll
2010-10-02 15:16:02 4608 ----a-w- c:\windows\system32\R5CoInst.dll
2010-09-23 04:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 16:24:12 185 ----a-w- c:\windows\system32\msblcd32.dll
2010-09-22 16:23:06 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-22 16:23:05 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2010-09-22 16:23:04 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-22 16:23:03 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 13:18:19.90 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
2010/11/04 22:12:32.0443 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/04 22:12:32.0443 ================================================================================
2010/11/04 22:12:32.0443 SystemInfo:
2010/11/04 22:12:32.0443
2010/11/04 22:12:32.0443 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/04 22:12:32.0443 Product type: Workstation
2010/11/04 22:12:32.0443 ComputerName: T60P-PAUL
2010/11/04 22:12:32.0443 UserName: Paul
2010/11/04 22:12:32.0443 Windows directory: C:\Windows
2010/11/04 22:12:32.0443 System windows directory: C:\Windows
2010/11/04 22:12:32.0443 Processor architecture: Intel x86
2010/11/04 22:12:32.0443 Number of processors: 2
2010/11/04 22:12:32.0443 Page size: 0x1000
2010/11/04 22:12:32.0443 Boot type: Normal boot
2010/11/04 22:12:32.0443 ================================================================================
2010/11/04 22:12:34.0752 Initialize success
2010/11/04 22:12:46.0561 ================================================================================
2010/11/04 22:12:46.0561 Scan started
2010/11/04 22:12:46.0561 Mode: Manual;
2010/11/04 22:12:46.0561 ================================================================================
2010/11/04 22:12:48.0636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/04 22:12:48.0698 ADIHdAudAddService (a51ea92451897824c5c7474a160af773) C:\Windows\system32\drivers\ADIHdAud.sys
2010/11/04 22:12:48.0870 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/04 22:12:48.0932 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/04 22:12:49.0010 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/04 22:12:49.0135 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/04 22:12:49.0198 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/04 22:12:49.0244 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/11/04 22:12:49.0291 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/04 22:12:49.0400 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
2010/11/04 22:12:49.0432 aliide (63fe281d76c5703f97bc37483db78b51) C:\Windows\system32\drivers\aliide.sys
2010/11/04 22:12:49.0541 altio (5e90a956526086634547bf8093feb699) C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
2010/11/04 22:12:49.0697 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/04 22:12:49.0728 amdide (654044212c625a4582797b42d4b1bd89) C:\Windows\system32\drivers\amdide.sys
2010/11/04 22:12:49.0759 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/04 22:12:49.0790 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/04 22:12:49.0931 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/04 22:12:49.0946 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/04 22:12:49.0993 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/04 22:12:50.0040 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/04 22:12:50.0118 athr (044dcfc10b9144725b0e59ac319759e3) C:\Windows\system32\DRIVERS\athr.sys
2010/11/04 22:12:50.0336 atikmdag (107d6792a9473b9bfb553b0465460564) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/04 22:12:50.0555 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/04 22:12:50.0695 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
2010/11/04 22:12:50.0898 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/04 22:12:50.0945 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/04 22:12:51.0023 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/04 22:12:51.0148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/04 22:12:51.0179 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/04 22:12:51.0226 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/04 22:12:51.0272 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/04 22:12:51.0319 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/04 22:12:51.0444 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/04 22:12:51.0491 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/11/04 22:12:51.0678 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/04 22:12:51.0740 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2010/11/04 22:12:51.0803 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2010/11/04 22:12:51.0850 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/11/04 22:12:52.0006 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys
2010/11/04 22:12:52.0146 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/04 22:12:52.0193 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/04 22:12:52.0240 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/04 22:12:52.0349 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/04 22:12:52.0427 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/04 22:12:52.0458 cmdide (ed46b460be318f2411c609dd6f318991) C:\Windows\system32\drivers\cmdide.sys
2010/11/04 22:12:52.0520 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/04 22:12:52.0645 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/04 22:12:52.0692 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/04 22:12:52.0754 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2010/11/04 22:12:52.0926 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/04 22:12:52.0973 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/04 22:12:53.0051 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/04 22:12:53.0176 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/04 22:12:53.0238 e1express (d72ecf252cbeb50c05d9c7f20216e6d0) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/11/04 22:12:53.0378 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/04 22:12:53.0456 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/04 22:12:53.0566 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/04 22:12:53.0722 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/04 22:12:53.0878 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/04 22:12:54.0065 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/04 22:12:54.0127 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/04 22:12:54.0174 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/04 22:12:54.0361 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/04 22:12:54.0424 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/04 22:12:54.0580 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/04 22:12:54.0720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/04 22:12:54.0892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/04 22:12:54.0970 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\Windows\system32\drivers\ftdibus.sys
2010/11/04 22:12:55.0126 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\Windows\system32\drivers\ftser2k.sys
2010/11/04 22:12:55.0188 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/04 22:12:55.0250 GDBaseSmc (63f6337e5681281b4045d62bb18376c0) C:\Windows\system32\DRIVERS\Chip_smc.sys
2010/11/04 22:12:55.0297 GD_USB (6a12406427710afa7d22c5514d279326) C:\Windows\system32\DRIVERS\Chip_usb.sys
2010/11/04 22:12:55.0438 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/11/04 22:12:55.0516 GKeyUSB (115727ce4e5eef3b63f0947b80eddcb4) C:\Windows\system32\Drivers\GKeyUSB.sys
2010/11/04 22:12:55.0828 Hardlock (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
2010/11/04 22:12:56.0233 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
2010/11/04 22:12:56.0826 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/04 22:12:57.0341 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/04 22:12:57.0559 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/04 22:12:57.0606 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/04 22:12:57.0700 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/04 22:12:57.0762 hios6 (3c1a9314a699b0f25d72fee310dd9dec) C:\Windows\system32\drivers\hios6.sys
2010/11/04 22:12:57.0949 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/04 22:12:58.0027 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/04 22:12:58.0121 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/11/04 22:12:58.0246 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/11/04 22:12:58.0308 HtcUsbMdmV32 (f0ddf6b55ea5912d8fcfdfda4dabee49) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
2010/11/04 22:12:58.0370 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/11/04 22:12:58.0480 hwhios6 (5c609ba1f03419de095a8435c179816b) C:\Windows\system32\drivers\hwhios6.sys
2010/11/04 22:12:58.0542 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/04 22:12:58.0573 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/04 22:12:58.0651 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/04 22:12:58.0916 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/04 22:12:58.0979 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/04 22:12:59.0072 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2010/11/04 22:12:59.0197 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
2010/11/04 22:12:59.0338 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/04 22:12:59.0400 intelide (c12012c570bcf4b31f36200afa2b4f88) C:\Windows\system32\drivers\intelide.sys
2010/11/04 22:12:59.0447 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/04 22:12:59.0494 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/04 22:12:59.0650 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/04 22:12:59.0728 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/04 22:12:59.0884 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2010/11/04 22:12:59.0962 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/04 22:13:00.0040 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/04 22:13:00.0180 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/04 22:13:00.0227 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/04 22:13:00.0274 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/04 22:13:00.0320 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/04 22:13:00.0367 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/11/04 22:13:00.0539 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/04 22:13:00.0648 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
2010/11/04 22:13:00.0866 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\Windows\system32\DRIVERS\libusb0.sys
2010/11/04 22:13:00.0929 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/04 22:13:01.0163 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/04 22:13:01.0194 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/04 22:13:01.0210 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/04 22:13:01.0256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/04 22:13:01.0319 LUMDriver (ca020db361524d1182138efeaa8cf8f3) C:\Windows\system32\drivers\LUMDriver.sys
2010/11/04 22:13:01.0444 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
2010/11/04 22:13:01.0475 MCUSBICD2 (2fef6ae3573ca301a25e6f8a790bba12) C:\Windows\system32\Drivers\icd2w2k.sys
2010/11/04 22:13:01.0553 MCUSBICD2LDR (3896e3f4842711d774ee08e7192f3dd6) C:\Windows\system32\Drivers\icd2w2kl.sys
2010/11/04 22:13:01.0662 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/11/04 22:13:01.0709 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/04 22:13:01.0818 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/04 22:13:01.0880 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/04 22:13:02.0005 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/04 22:13:02.0114 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/04 22:13:02.0161 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/04 22:13:02.0208 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/04 22:13:02.0317 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/04 22:13:02.0395 MQB2ALL (112e5f13a76c2eb023eb074f87c033ed) C:\Windows\system32\Drivers\MQB2ALL.sys
2010/11/04 22:13:02.0458 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/04 22:13:02.0567 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/04 22:13:02.0629 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/04 22:13:02.0692 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/04 22:13:02.0770 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/04 22:13:02.0863 msahci (0a37a1ba8afe084899bf82eef923daea) C:\Windows\system32\drivers\msahci.sys
2010/11/04 22:13:02.0926 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/04 22:13:02.0988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/04 22:13:03.0035 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/04 22:13:03.0160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/04 22:13:03.0222 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/04 22:13:03.0253 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/04 22:13:03.0300 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/04 22:13:03.0362 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/04 22:13:03.0472 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/04 22:13:03.0518 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/04 22:13:03.0581 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/04 22:13:03.0690 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
2010/11/04 22:13:03.0768 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
2010/11/04 22:13:03.0940 NCBULK (2c737e8cd61bafbc122e28f89d1cc71c) C:\Windows\system32\drivers\RealICEBulk.sys
2010/11/04 22:13:04.0018 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/04 22:13:04.0174 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/04 22:13:04.0220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/04 22:13:04.0267 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/04 22:13:04.0330 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/04 22:13:04.0439 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/04 22:13:04.0486 netbt (84a40a677c9bdaa8cbec53490e9f8194) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/04 22:13:04.0501 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/04 22:13:04.0564 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/04 22:13:04.0642 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/04 22:13:04.0751 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2010/11/04 22:13:04.0798 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/04 22:13:04.0891 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/04 22:13:05.0047 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/04 22:13:05.0094 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/04 22:13:05.0125 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/04 22:13:05.0172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/04 22:13:05.0203 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/04 22:13:05.0390 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/04 22:13:05.0453 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2010/11/04 22:13:05.0515 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/04 22:13:05.0624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/04 22:13:05.0718 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/04 22:13:05.0749 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/04 22:13:05.0812 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/04 22:13:05.0968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/04 22:13:06.0217 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/04 22:13:06.0264 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
2010/11/04 22:13:06.0311 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/04 22:13:06.0467 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
2010/11/04 22:13:06.0514 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/04 22:13:06.0560 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2010/11/04 22:13:06.0670 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/04 22:13:06.0810 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/04 22:13:06.0888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/04 22:13:07.0013 R300 (107d6792a9473b9bfb553b0465460564) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/04 22:13:07.0169 R5BaseSmc (96fced4cc0a1cce9198ccd3243e098ca) C:\Windows\system32\DRIVERS\smccard.sys
2010/11/04 22:13:07.0200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/04 22:13:07.0262 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/04 22:13:07.0340 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/04 22:13:07.0450 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/04 22:13:07.0528 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/04 22:13:07.0606 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/04 22:13:07.0730 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/04 22:13:07.0777 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/04 22:13:07.0855 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/04 22:13:07.0996 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/04 22:13:08.0074 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/04 22:13:08.0120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/04 22:13:08.0183 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/04 22:13:08.0323 Sentinel (4b926f60ccce0c410591c66446675496) C:\Windows\System32\Drivers\SENTINEL.SYS
2010/11/04 22:13:08.0354 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/04 22:13:08.0417 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2010/11/04 22:13:08.0557 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/04 22:13:08.0635 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/11/04 22:13:08.0729 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/04 22:13:08.0760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/04 22:13:08.0916 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\Windows\system32\DRIVERS\Apsx86.sys
2010/11/04 22:13:09.0025 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/04 22:13:09.0072 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/04 22:13:09.0228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/04 22:13:09.0290 smihlp (30f3bd4007ac9916b18a79a4c2985a08) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2010/11/04 22:13:09.0368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/04 22:13:09.0509 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2010/11/04 22:13:09.0509 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2010/11/04 22:13:09.0524 sptd - detected Locked file (1)
2010/11/04 22:13:09.0634 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS
2010/11/04 22:13:09.0727 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS
2010/11/04 22:13:09.0805 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/04 22:13:09.0868 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/04 22:13:09.0914 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/04 22:13:09.0961 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/04 22:13:10.0070 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/04 22:13:10.0195 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS
2010/11/04 22:13:10.0320 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS
2010/11/04 22:13:10.0398 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/11/04 22:13:10.0476 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS
2010/11/04 22:13:10.0601 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
2010/11/04 22:13:10.0679 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/04 22:13:10.0772 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/04 22:13:10.0835 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/04 22:13:10.0975 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/04 22:13:11.0116 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/04 22:13:11.0256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/04 22:13:11.0303 TcUsb (a54b8fc62db00c018eafafb47d00511e) C:\Windows\system32\Drivers\tcusb.sys
2010/11/04 22:13:11.0365 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/04 22:13:11.0396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/04 22:13:11.0521 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/04 22:13:11.0584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/04 22:13:11.0662 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\Windows\system32\DRIVERS\ApsHM86.sys
2010/11/04 22:13:11.0724 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2010/11/04 22:13:11.0849 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
2010/11/04 22:13:11.0927 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/04 22:13:11.0989 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/04 22:13:12.0052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/04 22:13:12.0192 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
2010/11/04 22:13:12.0223 TVTI2C (c254bff0a928ea7d5ccdc2522d56fd01) C:\Windows\system32\DRIVERS\Tvti2c.sys
2010/11/04 22:13:12.0317 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/04 22:13:12.0504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/04 22:13:12.0551 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/04 22:13:12.0598 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/04 22:13:12.0722 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/04 22:13:12.0785 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/11/04 22:13:12.0832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/04 22:13:12.0910 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/04 22:13:13.0034 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/04 22:13:13.0066 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/04 22:13:13.0128 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/04 22:13:13.0159 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/11/04 22:13:13.0190 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/04 22:13:13.0315 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/04 22:13:13.0362 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/11/04 22:13:13.0424 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/04 22:13:13.0565 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/04 22:13:13.0596 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/04 22:13:13.0643 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/04 22:13:13.0705 viaide (9fa7c28d7088058cc9796008812f40e5) C:\Windows\system32\drivers\viaide.sys
2010/11/04 22:13:13.0830 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/04 22:13:13.0892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/04 22:13:14.0002 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/04 22:13:14.0111 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/04 22:13:14.0189 vvftav303 (b952b84bf21c13027258a3f027511dda) C:\Windows\system32\drivers\vvftav303.sys
2010/11/04 22:13:14.0329 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/04 22:13:14.0392 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 22:13:14.0407 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/04 22:13:14.0470 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/04 22:13:14.0610 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/04 22:13:14.0719 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/11/04 22:13:14.0906 WinDriver6 (032793a8e6288c4c60ff30542eeab22b) C:\Windows\system32\drivers\windrvr6.sys
2010/11/04 22:13:15.0000 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2010/11/04 22:13:15.0140 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/04 22:13:15.0234 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/04 22:13:15.0265 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/04 22:13:15.0328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/04 22:13:15.0452 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/11/04 22:13:15.0546 ================================================================================
2010/11/04 22:13:15.0546 Scan finished
2010/11/04 22:13:15.0546 ================================================================================
2010/11/04 22:13:15.0562 Detected object count: 2
2010/11/04 22:13:54.0203 netbt (84a40a677c9bdaa8cbec53490e9f8194) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/04 22:14:01.0956 Backup copy found, using it..
2010/11/04 22:14:02.0034 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
2010/11/04 22:14:02.0050 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure
2010/11/04 22:14:02.0050 Locked file(sptd) - User select action: Skip
2010/11/04 22:14:23.0609 Deinitialize success
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 8743CTO
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 181):
0x8283C000 \SystemRoot\system32\ntkrnlpa.exe
0x82809000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x807B1000 \SystemRoot\system32\drivers\klmdb.sys
0x82E0B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E8A000 \SystemRoot\System32\Drivers\spkh.sys
0x82F8B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82F94000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82FBA000 \SystemRoot\system32\drivers\acpi.sys
0x82E00000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C3000 \SystemRoot\system32\drivers\pci.sys
0x807EA000 \SystemRoot\System32\drivers\partmgr.sys
0x82E08000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AE02000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AE0C000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE1B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AE65000 \SystemRoot\system32\drivers\intelide.sys
0x8AE6C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AE7A000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8AEA7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8AEAE000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AEBE000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AF86000 \SystemRoot\system32\drivers\atapi.sys
0x8AF8E000 \SystemRoot\system32\drivers\ataport.SYS
0x8AFAC000 \SystemRoot\system32\drivers\msahci.sys
0x8AFB5000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B008000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
0x8B05E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B06E000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
0x8B09B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B0A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B206000 \SystemRoot\system32\drivers\ndis.sys
0x8B311000 \SystemRoot\system32\drivers\msrpc.sys
0x8B33C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B115000 \SystemRoot\System32\drivers\tcpip.sys
0x8B377000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B518000 \SystemRoot\system32\drivers\volsnap.sys
0x8B551000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8B559000 \SystemRoot\System32\Drivers\spldr.sys
0x8B561000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8B57D000 \SystemRoot\System32\Drivers\mup.sys
0x8B58C000 \SystemRoot\System32\drivers\ecache.sys
0x8B5B3000 \SystemRoot\system32\drivers\disk.sys
0x8B5C4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5E5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8F2D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F2DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FE04000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x904DC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9057D000 \SystemRoot\System32\drivers\watchdog.sys
0x8F2EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90589000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x90602000 \SystemRoot\system32\DRIVERS\athr.sys
0x906F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x906FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9073C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9074B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9075E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90769000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x907A0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x907A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x907AD000 \SystemRoot\system32\drivers\tpm.sys
0x907BB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x907BF000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x907C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x907DB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x905C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F378000 \SystemRoot\system32\DRIVERS\storport.sys
0x907E1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F3B9000 \SystemRoot\system32\drivers\windrvr6.sys
0x8F3E9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x907EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B392000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x905EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B3B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B3C9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90806000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x9088F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9089F000 \SystemRoot\system32\DRIVERS\smccard.sys
0x908A3000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x908AE000 \SystemRoot\system32\DRIVERS\Chip_smc.sys
0x908B2000 \SystemRoot\system32\DRIVERS\psadd.sys
0x908B8000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x908BF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x908C1000 \SystemRoot\system32\DRIVERS\ks.sys
0x908EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x908F5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90902000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90937000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90948000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x909A2000 \SystemRoot\system32\drivers\portcls.sys
0x909CF000 \SystemRoot\system32\drivers\drmk.sys
0x90C00000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90C3D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90D40000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8B3DE000 \SystemRoot\system32\drivers\modem.sys
0x90DF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x909F4000 \SystemRoot\System32\Drivers\Null.SYS
0x907F7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B3EB000 \SystemRoot\System32\drivers\vga.sys
0x91006000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91027000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9102F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91037000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91042000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91050000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91059000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9106F000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
0x910C8000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x910ED000 \SystemRoot\system32\DRIVERS\smb.sys
0x91101000 \SystemRoot\system32\drivers\afd.sys
0x91149000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9117B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91191000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9119F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x911B2000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x911B8000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0x911D7000 \SystemRoot\System32\Drivers\tcusb.sys
0x911E2000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0x9200E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9204A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92054000 \??\C:\Windows\system32\drivers\LUMDriver.sys
0x92057000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x92059000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
0x920B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x92112000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9212F000 \SystemRoot\system32\drivers\csc.sys
0x9218A000 \SystemRoot\System32\Drivers\dfsc.sys
0x92600000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0x9267F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
0x9272B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92738000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x82050000 \SystemRoot\System32\win32k.sys
0x921A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x921AB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82270000 \SystemRoot\System32\TSDDD.dll
0x82290000 \SystemRoot\System32\cdd.dll
0x822A0000 \SystemRoot\System32\ATMFD.DLL
0x921BA000 \SystemRoot\system32\drivers\luafv.sys
0x921D5000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x921E5000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0x8F200000 \SystemRoot\system32\drivers\spsys.sys
0x8F2B0000 \SystemRoot\system32\DRIVERS\irda.sys
0x921EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA3E0C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA3E36000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA3E40000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA3E53000 \SystemRoot\system32\drivers\HTTP.sys
0xA3EC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3EDD000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA3EF6000 \SystemRoot\system32\drivers\mrxdav.sys
0xA3F17000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3F36000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3F6F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3F87000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3FAF000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3E00000 \??\C:\Windows\system32\drivers\Haspnt.sys
0x92000000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xA3FFD000 \??\C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
0xA5005000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA50AF000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA50D7000 \SystemRoot\System32\Drivers\hios6.SYS
0xA50DB000 \SystemRoot\System32\Drivers\hwhios6.SYS
0xA50DD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA50E1000 \SystemRoot\system32\drivers\peauth.sys
0xA51BF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA51C9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA51D5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA51DD000 \??\C:\Windows\system32\drivers\mbam.sys
0xA51E1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA9407000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0xA945E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
0xA95AC000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
0x770C0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
620 csrss.exe
672 csrss.exe
680 C:\Windows\System32\wininit.exe
716 C:\Windows\System32\services.exe
744 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
936 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\ibmpmsvc.exe
1024 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\Ati2evxx.exe
1188 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\audiodg.exe
1396 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\SLsvc.exe
1520 C:\Windows\System32\svchost.exe
1572 C:\Windows\System32\Ati2evxx.exe
1740 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1756 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\spoolsv.exe
1636 C:\Windows\System32\svchost.exe
256 C:\Windows\System32\IPSSVC.EXE
388 C:\Windows\System32\AEADISRV.EXE
424 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
596 C:\Program Files\Bonjour\mDNSResponder.exe
2132 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
2156 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2276 C:\Windows\System32\svchost.exe
2316 C:\Windows\System32\svchost.exe
2372 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2420 C:\Windows\System32\TPHDEXLG.exe
2444 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2468 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2484 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2544 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2608 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
2620 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
2644 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2692 C:\Windows\System32\svchost.exe
2732 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
2748 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2772 C:\Windows\System32\SearchIndexer.exe
2844 C:\Windows\System32\drivers\XAudio.exe
2928 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3044 dllhost.exe
3216 WmiPrvSE.exe
3548 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
2600 C:\Windows\System32\dwm.exe
3648 C:\Windows\explorer.exe
3776 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3472 C:\Windows\System32\taskeng.exe
3056 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
1160 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
4040 C:\Windows\System32\TpShocks.exe
2200 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
2824 C:\Windows\System32\rundll32.exe
2064 C:\Windows\VMSnap3.exe
1048 C:\Windows\Domino.exe
1116 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2404 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1272 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
3624 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
3520 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2832 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2904 C:\Windows\System32\svchost.exe
2860 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
468 C:\Program Files\iTunes\iTunesHelper.exe
3724 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
4124 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4132 C:\Program Files\Windows Sidebar\sidebar.exe
1384 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5364 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5900 C:\Program Files\Windows Sidebar\sidebar.exe
4256 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4464 C:\Program Files\iPod\bin\iPodService.exe
4576 C:\Windows\System32\svchost.exe
3880 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3660 C:\Program Files\Internet Explorer\iexplore.exe
1928 C:\Program Files\Internet Explorer\iexplore.exe
4312 taskeng.exe
3840 C:\Windows\System32\taskeng.exe
4424 C:\Users\Paul\Desktop\MBRCheck.exe
5648 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9fb00000 (NTFS)

PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC14V

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4817FAF96F14CBF594C990462C84B082E5E3F140


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Good. We just killed a rootkit, but your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 8743CTO
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 180):
0x8284E000 \SystemRoot\system32\ntkrnlpa.exe
0x8281B000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067A000 \SystemRoot\system32\PSHED.dll
0x8068B000 \SystemRoot\system32\BOOTVID.dll
0x80693000 \SystemRoot\system32\CLFS.SYS
0x806D4000 \SystemRoot\system32\CI.dll
0x82E0A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E89000 \SystemRoot\System32\Drivers\spji.sys
0x82F8A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82F93000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82FB9000 \SystemRoot\system32\drivers\acpi.sys
0x82E00000 \SystemRoot\system32\drivers\msisadrv.sys
0x807B4000 \SystemRoot\system32\drivers\pci.sys
0x807DB000 \SystemRoot\System32\drivers\partmgr.sys
0x807EA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807ED000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AE0A000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE19000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AE63000 \SystemRoot\system32\drivers\intelide.sys
0x8AE6A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AE78000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8AEA5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8AEAC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AEBC000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AF84000 \SystemRoot\system32\drivers\atapi.sys
0x8AF8C000 \SystemRoot\system32\drivers\ataport.SYS
0x8AFAA000 \SystemRoot\system32\drivers\msahci.sys
0x8AFB3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B003000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
0x8B059000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B069000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
0x8B096000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B09F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B207000 \SystemRoot\system32\drivers\ndis.sys
0x8B312000 \SystemRoot\system32\drivers\msrpc.sys
0x8B33D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B110000 \SystemRoot\System32\drivers\tcpip.sys
0x8B378000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B407000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B517000 \SystemRoot\system32\drivers\volsnap.sys
0x8B550000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8B558000 \SystemRoot\System32\Drivers\spldr.sys
0x8B560000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8B57C000 \SystemRoot\System32\Drivers\mup.sys
0x8B58B000 \SystemRoot\System32\drivers\ecache.sys
0x8B5B2000 \SystemRoot\system32\drivers\disk.sys
0x8B5C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8F4D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F4DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9000A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x906E2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90783000 \SystemRoot\System32\drivers\watchdog.sys
0x8F4EE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9078F000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8FA0C000 \SystemRoot\system32\DRIVERS\athr.sys
0x8FAFD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FB08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FB46000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FB55000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FB68000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FB73000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FBAA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FBAC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FBB7000 \SystemRoot\system32\drivers\tpm.sys
0x8FBC5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FBC9000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x8FBCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FBE5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x907C6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F57B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FBEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F5BC000 \SystemRoot\system32\drivers\windrvr6.sys
0x8B393000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B3AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F5EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B3CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B3E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90806000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x9088F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9089F000 \SystemRoot\system32\DRIVERS\smccard.sys
0x908A3000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x908AE000 \SystemRoot\system32\DRIVERS\Chip_smc.sys
0x908B2000 \SystemRoot\system32\DRIVERS\psadd.sys
0x908B8000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x908BF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x908C1000 \SystemRoot\system32\DRIVERS\ks.sys
0x908EB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x908F5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90902000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90937000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90948000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x909A2000 \SystemRoot\system32\drivers\portcls.sys
0x909CF000 \SystemRoot\system32\drivers\drmk.sys
0x90C0D000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90C4A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90E0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x90EBE000 \SystemRoot\system32\drivers\modem.sys
0x90ECB000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0x90F22000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0x90F41000 \SystemRoot\System32\Drivers\tcusb.sys
0x90F4C000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0x9220B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVEX15.SYS
0x92359000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9237E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.035\NAVENG.SYS
0x92392000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9239B000 \SystemRoot\System32\Drivers\Null.SYS
0x923A2000 \SystemRoot\System32\Drivers\Beep.SYS
0x923A9000 \SystemRoot\System32\drivers\vga.sys
0x923B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x923D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x923DE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x923E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x923F1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92200000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90F56000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90F6C000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
0x90FC5000 \SystemRoot\system32\DRIVERS\smb.sys
0x90D4D000 \SystemRoot\system32\drivers\afd.sys
0x90D95000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90FD9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90FEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90DC7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E00000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x9960E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9964A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x99654000 \??\C:\Windows\system32\drivers\LUMDriver.sys
0x99657000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x99659000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys
0x996B4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x99712000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9972F000 \SystemRoot\system32\drivers\csc.sys
0x9978A000 \SystemRoot\System32\Drivers\dfsc.sys
0x9A80E000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0x9A88D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys
0x9A939000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F400000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xA6470000 \SystemRoot\System32\win32k.sys
0x9A946000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A950000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA6690000 \SystemRoot\System32\TSDDD.dll
0xA66B0000 \SystemRoot\System32\cdd.dll
0xA66C0000 \SystemRoot\System32\ATMFD.DLL
0x9A95F000 \SystemRoot\system32\drivers\luafv.sys
0x9A97A000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0x9A98A000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0x9A994000 \SystemRoot\system32\DRIVERS\irda.sys
0x9A9B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A9C2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A9EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x997A1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB60D000 \SystemRoot\system32\drivers\spsys.sys
0xAB6BD000 \SystemRoot\system32\drivers\HTTP.sys
0xAB72A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB747000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB760000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB781000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB7A0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB7D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x997B4000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD00F000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD05D000 \??\C:\Windows\system32\drivers\Haspnt.sys
0xAD081000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0xAD09D000 \??\C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys
0xAD09E000 \??\C:\Windows\system32\drivers\hardlock.sys
0xAD148000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAD170000 \SystemRoot\System32\Drivers\hios6.SYS
0xAD174000 \SystemRoot\System32\Drivers\hwhios6.SYS
0xAD176000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE806000 \SystemRoot\system32\drivers\peauth.sys
0xAE8E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE8EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE8FA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE902000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE918000 \??\C:\Windows\system32\drivers\mbam.sys
0x77670000 \Windows\System32\ntdll.dll

Processes (total 93):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
592 csrss.exe
644 csrss.exe
652 C:\Windows\System32\wininit.exe
688 C:\Windows\System32\services.exe
716 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\lsass.exe
752 C:\Windows\System32\lsm.exe
900 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\ibmpmsvc.exe
988 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\Ati2evxx.exe
1168 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\audiodg.exe
1332 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\Ati2evxx.exe
1624 C:\Windows\System32\svchost.exe
1800 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
2040 C:\Windows\System32\spoolsv.exe
384 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\IPSSVC.EXE
1960 C:\Windows\System32\AEADISRV.EXE
232 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
2060 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
2080 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2436 C:\Windows\System32\svchost.exe
2460 C:\Windows\System32\svchost.exe
2544 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2584 C:\Windows\System32\TPHDEXLG.exe
2596 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2692 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2732 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2812 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2880 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
2964 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3084 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3092 C:\Windows\System32\taskeng.exe
3128 C:\Windows\System32\svchost.exe
3180 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3192 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3208 C:\Windows\System32\taskeng.exe
3232 dllhost.exe
3340 C:\Windows\System32\dwm.exe
3368 C:\Windows\explorer.exe
3500 C:\Windows\System32\SearchIndexer.exe
3572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3664 C:\Windows\System32\drivers\XAudio.exe
3812 C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
3016 WmiPrvSE.exe
788 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
3584 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
1164 C:\Windows\System32\TpShocks.exe
2624 C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
3688 C:\Windows\System32\rundll32.exe
160 C:\Windows\VMSnap3.exe
2832 C:\Windows\Domino.exe
2088 C:\Program Files\Analog Devices\Core\smax4pnp.exe
4044 C:\Program Files\Windows Live\Mail\wlmail.exe
3628 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
728 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
1744 C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
4032 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3160 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
3464 C:\Program Files\iTunes\iTunesHelper.exe
4276 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4480 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4620 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
4676 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4720 C:\Windows\System32\svchost.exe
4772 C:\Program Files\Windows Sidebar\sidebar.exe
4924 C:\Windows\System32\svchost.exe
5368 C:\Program Files\Common Files\Lenovo\BMGR\bmgr32.exe
5508 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5560 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5660 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5716 C:\Program Files\Windows Sidebar\sidebar.exe
5824 WmiPrvSE.exe
4596 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4784 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5316 C:\Program Files\iPod\bin\iPodService.exe
5676 C:\Program Files\Internet Explorer\iexplore.exe
5080 C:\Users\Paul\Desktop\MBRCheck.exe
5428 C:\Program Files\Internet Explorer\iexplore.exe
5184 C:\Users\Paul\Desktop\MBRCheck.exe
5256 C:\Windows\System32\conime.exe
4556 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`9fb00000 (NTFS)

PhysicalDrive0 Model Number: HTS721010G9SA00, Rev: MCZIC14V

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Good job :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
The ComboFix was running OK. and restarted the computer, and started running, preparing report ... after a while, I got blue screen!
Now my laptop is restarted. what happened?
 
It may happen sometimes on infected computers.
Try to re-run Combofix.
If still a problem, run it from Safe Mode.
 
Rerun Combofix. it worked this time, and i got the report. but i cannot run any program any more. I got "Illegal operation attempted on a registry key that has been marked for deletion".
 
ComboFix 10-11-04.01 - Paul 05/11/2010 0:21.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1907 [GMT -4:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\readme.txt
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\msblcd32.dll
c:\windows\system32\secustat.dat
c:\windows\system32\zlibwapi.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 04:35 . 2010-11-05 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-04 02:54 . 2010-11-04 02:54 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-01 16:27 . 2010-11-01 16:27 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
2010-10-24 21:48 . 2010-10-24 21:48 -------- d-----w- c:\program files\iPod
2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\program files\iTunes
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-24 21:41 . 2010-10-24 21:41 -------- d-----w- c:\program files\Apple Software Update
2010-10-24 21:34 . 2010-10-24 21:35 -------- d-----w- c:\program files\Bonjour
2010-10-14 20:14 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\ppp.dll
2010-10-14 20:14 . 2010-09-20 07:48 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\mframe.dll
2010-10-13 21:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 21:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 21:56 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 02:16 . 2009-10-10 02:04 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-10-02 15:16 . 2010-10-02 15:16 12672 ----a-w- c:\windows\system32\drivers\Chip_usb.sys
2010-10-02 15:16 . 2007-10-27 00:38 5632 ----a-w- c:\windows\system32\ChipCo.dll
2010-10-02 15:16 . 2007-10-27 00:38 14336 ----a-w- c:\windows\system32\drivers\Chip_smc.sys
2010-10-02 15:16 . 2007-10-27 00:37 4608 ----a-w- c:\windows\system32\R5CoInst.dll
2010-10-02 15:16 . 2007-10-27 00:37 31744 ----a-w- c:\windows\system32\drivers\eps2kt1.sys
2010-10-02 15:16 . 2007-04-03 10:32 14592 ----a-w- c:\windows\system32\drivers\smccard.sys
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 16:23 . 2009-02-16 19:53 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-22 16:23 . 2010-09-22 16:23 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2010-09-22 16:23 . 2000-05-22 20:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-22 16:23 . 2002-12-20 21:02 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 22:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-12-28 03:26 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-01-17 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 243248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 558368]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2007-06-29 24576]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
"Gemplus Reader Resource Manager"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe" [2007-10-08 77824]
"RegTool"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe" [2008-01-21 172032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-09 02:44 89600 ------w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ FREEIME.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FreeSnap.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FreeSnap.lnk
backup=c:\windows\pss\FreeSnap.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2008-01-11 06:20 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2006-12-13 19:10 2614848 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-01-11 06:21 124248 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-01-11 06:21 144728 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-09-01 14:47 606208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-09-20 07:48 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regtool]
2006-09-28 20:45 122880 ------w- c:\program files\Gemplus\GemSafe Libraries\BIN\RegTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-25 03:35 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-03-04 14:34 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 D12TEST;D12TEST.Sys PDIUSBD12 Bulk IO test driver;c:\windows\system32\Drivers\D12TEST.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\Drivers\icd2w2k.sys [2004-03-22 12427]
R2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\Drivers\icd2w2kl.sys [2004-03-22 16556]
R3 Alidevice;Alidevice; [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 GD_USB;USB Chip Service;c:\windows\system32\DRIVERS\Chip_usb.sys [2010-10-02 12672]
R3 GKeyUSB;GKeyUSB;c:\windows\system32\Drivers\GKeyUSB.sys [2005-05-19 71040]
R3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2007-01-29 97280]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-10 28672]
R3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\Drivers\MQB2ALL.sys [2007-10-19 15960]
R3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
R3 qcusbser;Qualcomm Diagnostic Port;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 721904]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 altio;altio;c:\program files\Altium Designer Winter 09\System\Drivers\altio.sys [2004-05-31 3200]
S2 hios6;hios6; [x]
S2 hwhios6;hwhios6; [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-09 11152]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\DRIVERS\Chip_smc.sys [2010-10-02 14336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2010-10-02 14592]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2006-10-31 19:30 73728 ----a-w- c:\windows\System32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

2010-11-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:29]

2009-10-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:29]

2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\vip.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 00:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\windows\system32\aetsprov.dll

- - - - - - - > 'Explorer.exe'(4976)
c:\windows\System32\netshell.dll
.
Completion time: 2010-11-05 00:42:30
ComboFix-quarantined-files.txt 2010-11-05 04:42

Pre-Run: 16,185,450,496 bytes free
Post-Run: 15,252,971,520 bytes free

- - End Of File - - 68BCACFB89D4066F40B375CADDBAAB22
 
bonmotwang said:
Rerun Combofix. it worked this time, and i got the report. but i cannot run any program any more. I got "Illegal operation attempted on a registry key that has been marked for deletion".
Click to expand...

After restart, this problem is gone. Thanks.
How about the report? Is my computer clean now?
 
Uninstall Reg TOOL PC Errors Fix and RegCure
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

====================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job


DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix is running. While doing that. One question here: I am using emule to download from internet. While emule is running, Malwarebytes keeps detecting attacking from many other IPs. Is it normal?
 
All I can say is that P2P programs are the "best" ways to reinfect your computer.

My bed time is coming, so I'll catch you tomorrow.
 
ComboFix 10-11-04.01 - Paul 05/11/2010 9:26.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.3070.1950 [GMT -4:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\Tasks\RegCure Program Check.job"
"c:\windows\Tasks\RegCure.job"
.

((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.

2010-11-05 13:39 . 2010-11-05 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 13:39 . 2010-11-05 13:39 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2010-11-05 12:57 . 2010-11-05 13:40 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-11-04 02:54 . 2010-11-04 02:54 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-01 16:27 . 2010-11-01 16:27 -------- d-----w- c:\windows\system32\Project Outputs for Free Documents
2010-10-24 21:48 . 2010-10-24 21:48 -------- d-----w- c:\program files\iPod
2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-24 21:48 . 2010-10-24 21:51 -------- d-----w- c:\program files\iTunes
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2010-10-24 21:47 . 2010-10-24 21:47 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2010-10-24 21:41 . 2010-10-24 21:41 -------- d-----w- c:\program files\Apple Software Update
2010-10-24 21:34 . 2010-10-24 21:35 -------- d-----w- c:\program files\Bonjour
2010-10-14 20:14 . 2010-09-25 05:44 312768 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\ppp.dll
2010-10-14 20:14 . 2010-09-20 07:48 624056 ----a-w- c:\program files\Internet Explorer\PPLite\plugin\1.0.0.285\mframe.dll
2010-10-13 21:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 21:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 21:56 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-05 02:16 . 2009-10-10 02:04 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-10-02 15:16 . 2010-10-02 15:16 12672 ----a-w- c:\windows\system32\drivers\Chip_usb.sys
2010-10-02 15:16 . 2007-10-27 00:38 5632 ----a-w- c:\windows\system32\ChipCo.dll
2010-10-02 15:16 . 2007-10-27 00:38 14336 ----a-w- c:\windows\system32\drivers\Chip_smc.sys
2010-10-02 15:16 . 2007-10-27 00:37 4608 ----a-w- c:\windows\system32\R5CoInst.dll
2010-10-02 15:16 . 2007-10-27 00:37 31744 ----a-w- c:\windows\system32\drivers\eps2kt1.sys
2010-10-02 15:16 . 2007-04-03 10:32 14592 ----a-w- c:\windows\system32\drivers\smccard.sys
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 16:23 . 2009-02-16 19:53 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-09-22 16:23 . 2010-09-22 16:23 124688 ----a-w- c:\windows\system32\MSWINSCK.OCX
2010-09-22 16:23 . 2000-05-22 20:58 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-09-22 16:23 . 2002-12-20 21:02 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 22:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2009-12-28 03:26 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-01-17 58416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 243248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 558368]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2007-06-29 24576]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
"Gemplus Reader Resource Manager"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe" [2007-10-08 77824]
"RegTool"="c:\program files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe" [2008-01-21 172032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-09 02:44 89600 ------w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ FREEIME.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FreeSnap.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FreeSnap.lnk
backup=c:\windows\pss\FreeSnap.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2008-01-11 06:20 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2006-12-13 19:10 2614848 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2008-01-11 06:21 124248 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2008-01-11 06:21 144728 ------w- c:\progra~1\THINKV~2\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
2009-09-01 14:47 606208 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-09-20 07:48 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regtool]
2006-09-28 20:45 122880 ------w- c:\program files\Gemplus\GemSafe Libraries\BIN\RegTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-25 03:35 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-03-04 14:34 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

R2 D12TEST;D12TEST.Sys PDIUSBD12 Bulk IO test driver;c:\windows\system32\Drivers\D12TEST.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 136176]
R2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);c:\windows\system32\Drivers\icd2w2k.sys [2004-03-22 12427]
R2 MCUSBICD2LDR;Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS);c:\windows\system32\Drivers\icd2w2kl.sys [2004-03-22 16556]
R3 Alidevice;Alidevice; [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 GD_USB;USB Chip Service;c:\windows\system32\DRIVERS\Chip_usb.sys [2010-10-02 12672]
R3 GKeyUSB;GKeyUSB;c:\windows\system32\Drivers\GKeyUSB.sys [2005-05-19 71040]
R3 HtcUsbMdmV32;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV32.sys [2007-01-29 97280]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-06-10 28672]
R3 MQB2ALL;NEC Electronics MINICUBE2 USB Interface;c:\windows\system32\Drivers\MQB2ALL.sys [2007-10-19 15960]
R3 NCBULK;MPLAB HS USB client driver;c:\windows\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
R3 qcusbser;Qualcomm Diagnostic Port;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2007-03-18 475136]
R3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\Drivers\usbVM303.sys [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-31 721904]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys [2010-10-19 353840]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 altio;altio;c:\program files\Altium Designer Winter 09\System\Drivers\altio.sys [2004-05-31 3200]
S2 hios6;hios6; [x]
S2 hwhios6;hwhios6; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-09 11152]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-14 569344]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 GDBaseSmc;USB Chip Holder Service;c:\windows\system32\DRIVERS\Chip_smc.sys [2010-10-02 14336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2010-10-02 14592]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
2006-10-31 19:30 73728 ----a-w- c:\windows\System32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

2010-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 20:04]

2010-11-04 c:\windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: com.cn\mybank.icbc
Trusted Zone: com.cn\vip.icbc
Trusted Zone: com.cn\www.icbc
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: RedEyeQuote - hxxps://www.redeyeondemand.com/RedEyeQuote.cab
DPF: {03290DF3-5034-11D0-BC8C-524153480000} - hxxps://www.dpt-fast.com/stlview/astlview2005.dpt
DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://bug.udoco.cn/qualitycenter/Spider80.ocx
DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://b2c.icbc.com.cn/icbc/GDReadPub.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxps://mybank.icbc.com.cn/icbc/NetSign.dll
DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab
DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} - hxxps://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} - hxxps://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll
DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} - hxxps://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 09:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\windows\system32\aetsprov.dll
.
Completion time: 2010-11-05 09:45:14
ComboFix-quarantined-files.txt 2010-11-05 13:45
ComboFix2.txt 2010-11-05 04:42

Pre-Run: 14,826,782,720 bytes free
Post-Run: 14,674,567,168 bytes free

- - End Of File - - CEBC51F39FBCEE31E9B9F01A061852A0
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 05/11/2010 11:51:08 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.66 Gb Total Space | 13.72 Gb Free Space | 15.83% Space Free | Partition Type: NTFS

Computer Name: T60P-PAUL | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/12/03 17:44:42 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/11 01:39:08 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/21 15:28:22 | 000,172,032 | ---- | M] () -- C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe
PRC - [2007/11/22 15:09:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2007/10/16 18:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2007/10/08 16:17:58 | 000,077,824 | ---- | M] (Gemplus) -- C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe
PRC - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/10 10:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/05/31 19:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/03/09 14:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 13:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 14:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/17 14:01:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/14 02:13:02 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006/12/14 02:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/12/14 01:59:04 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/12/14 00:46:08 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/12/13 14:52:44 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/12/08 22:45:48 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2006/11/28 13:30:00 | 000,243,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/11/20 01:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/07/18 16:15:18 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VMSnap3.exe
PRC - [2006/07/04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/06/28 19:52:40 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/06/28 19:52:40 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/14 15:40:36 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/15 07:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/10/12 23:39:07 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/06/19 00:51:28 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/11 01:39:08 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/16 18:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/09/26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/05/31 19:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/02 14:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006/12/14 02:11:14 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/12/14 00:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/12/13 14:52:44 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/11/20 01:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbVM303.sys -- (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uagp35.sys -- (uagp35)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sisagp.sys -- (sisagp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\qcusbser.sys -- (qcusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\D12TEST.sys -- (D12TEST)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x)
DRV - [2010/10/19 16:36:22 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101103.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/02 11:16:24 | 000,014,336 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Chip_smc.sys -- (GDBaseSmc)
DRV - [2010/10/02 11:16:24 | 000,012,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Chip_usb.sys -- (GD_USB)
DRV - [2010/10/02 11:16:02 | 000,014,592 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smccard.sys -- (R5BaseSmc)
DRV - [2010/09/30 19:15:52 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.057\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/30 19:15:51 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101104.057\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/27 00:07:59 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:07:59 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/09 23:03:23 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2010/01/08 16:28:38 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)
DRV - [2009/12/03 17:45:24 | 000,230,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/10/31 00:35:35 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/02 14:21:38 | 000,195,424 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/06/10 09:51:48 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/05/11 10:13:32 | 000,958,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/02/16 23:48:35 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/10/10 00:21:28 | 000,050,704 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/09/26 22:16:26 | 000,215,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/19 03:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 01:55:24 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/01/11 02:20:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2007/10/19 00:23:44 | 000,015,960 | ---- | M] (NEC Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mqb2all.sys -- (MQB2ALL)
DRV - [2007/10/16 18:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 18:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/10/04 16:14:44 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/06/21 17:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/21 17:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/05/31 19:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/08 05:55:33 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/05/08 05:13:12 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/05/08 05:13:12 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/05/08 05:13:12 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/24 12:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2007/04/05 12:08:16 | 000,012,160 | ---- | M] (PLX Technology, Inc. (visit www.PlxTech.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\realicebulk.sys -- (NCBULK)
DRV - [2007/03/30 03:46:00 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/03/18 18:06:32 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007/02/27 14:20:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/02/27 14:20:00 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/02/19 01:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/01/29 12:32:40 | 000,097,280 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcusbmdmv32.sys -- (HtcUsbMdmV32) HTC Proprietary USB Driver (PID 0B03)
DRV - [2006/12/22 11:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 11:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/22 11:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/12/21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/08 22:37:20 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2006/11/28 16:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vstazl3.sys -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1g60i32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/08/30 06:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2006/05/18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/05/19 13:18:50 | 000,071,040 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gkeyusb.sys -- (GKeyUSB)
DRV - [2005/03/29 14:19:58 | 000,015,899 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HIOS6.SYS -- (hios6)
DRV - [2004/05/31 16:20:04 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Program Files\Altium Designer Winter 09\System\Drivers\altio.sys -- (altio)
DRV - [2004/03/22 02:43:00 | 000,016,556 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\icd2w2kl.sys -- (MCUSBICD2LDR) Microchip MPLAB ICD 2 Firmware Loader Driver (ICD2W2KL.SYS)
DRV - [2004/03/22 02:43:00 | 000,012,427 | ---- | M] (Microchip Technology, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\icd2w2k.sys -- (MCUSBICD2) Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS)
DRV - [2004/01/13 10:25:58 | 000,007,144 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\HWHIOS6.SYS -- (hwhios6)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/01 10:44:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/09 23:07:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/05 01:31:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Gemplus Reader Resource Manager] C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RRMSVR.exe (Gemplus)
O4 - HKLM..\Run: [gemstrmw] C:\Windows\System32\gemstrmw.exe (Gemplus)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RegTool] C:\Program Files\ICBCEbankTools\Gemplus\GemSafe Libraries\BIN\RegTool.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download by easyMule - C:\Program Files\easyMule\IE2EM.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([mybank.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([vip.icbc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: com.cn ([www.icbc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {03290DF3-5034-11D0-BC8C-524153480000} https://www.dpt-fast.com/stlview/astlview2005.dpt (StlView Control)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MT...&unknown&http://www.seaeagle.com/vp/375fc.asp (MetaStreamCtl Class)
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} https://b2c.icbc.com.cn/icbc/newperbank/certInStall.dll (InfosecCertInstall Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} http://bug.udoco.cn/qualitycenter/Spider80.ocx (Loader Class v2)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} https://b2c.icbc.com.cn/icbc/GDReadPub.cab (GDGetTokenInfo Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://img.alipay.com/download/2121/aliedit.cab (EditCtrl Class)
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} https://mybank.icbc.com.cn/icbc/NetSign.dll (Reg Error: Key error.)
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} https://b2c.icbc.com.cn/icbc/newperbank/AXSafeControls.cab (AxInputControl Class)
O16 - DPF: {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} https://mybank.icbc.com.cn/icbc/ICBCPKCheck.cab (ICBCOCX Public Key Check)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://bonmot.spaces.live.com/PhotoUpload/VistaMsnPUplden-ca.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://vip.icbc.com.cn/icbc/newperbank/AxSafeControls.cab (AxSubmitControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab (Creative Toolbox Plug-in)
O16 - DPF: {C35D7AE1-0865-4A30-BF07-29FA29324155} https://mybank.icbc.com.cn/icbc/perbank/GDSetLET.dll (CSetLET Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA215190-98B2-47DE-AE24-DA95481DFFBA} https://mybank.icbc.com.cn/icbc/perbank/AxUSBKey.CAB (AxUSBKey Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: RedEyeQuote https://www.redeyeondemand.com/RedEyeQuote.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 11:49:13 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/11/05 09:45:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/05 09:19:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/05 09:18:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/05 08:57:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2010/11/04 23:43:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/04 23:43:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/04 23:43:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/04 23:43:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/04 23:41:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/04 23:06:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\NTBR_CD
[2010/11/04 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\tdsskiller
[2010/11/04 00:31:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
[2010/11/03 22:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/01 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\Project Outputs for Free Documents
[2010/10/24 17:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/24 17:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/24 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/24 17:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/24 17:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

========== Files - Modified Within 30 Days ==========

[2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/11/05 11:38:39 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 11:38:39 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 11:14:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 10:40:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 10:14:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 09:55:33 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 09:55:32 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 09:55:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/05 09:55:16 | 000,025,312 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/11/05 09:55:16 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/11/05 09:54:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 08:59:29 | 416,338,079 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/05 01:31:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/04 23:35:27 | 003,903,125 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
[2010/11/04 23:04:45 | 002,565,432 | ---- | M] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
[2010/11/04 22:10:52 | 000,080,384 | ---- | M] () -- C:\Users\Paul\Desktop\MBRCheck.exe
[2010/11/04 22:10:09 | 001,213,675 | ---- | M] () -- C:\Users\Paul\Desktop\tdsskiller.zip
[2010/11/04 16:36:02 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job
[2010/11/04 13:29:10 | 000,000,395 | ---- | M] () -- C:\Windows\CAMDXP.INI
[2010/11/04 00:31:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe
[2010/11/04 00:23:01 | 003,777,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/04 00:04:28 | 000,294,912 | ---- | M] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\Windows\MBR.exe
[2010/10/25 16:02:29 | 005,411,840 | ---- | M] () -- C:\Users\Paul\Desktop\sp580w.exe
[2010/10/21 10:14:50 | 000,033,002 | ---- | M] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chw
[2010/10/20 11:07:18 | 000,001,208 | ---- | M] () -- C:\Users\Paul\ViewMate.cfg
[2010/10/14 22:02:00 | 008,713,599 | ---- | M] () -- C:\Users\Paul\Desktop\EverProS1000V141Install.zip
[2010/10/14 15:57:54 | 000,000,161 | ---- | M] () -- C:\Windows\M1000.INI
[2010/10/14 03:05:57 | 000,000,410 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/10/11 21:13:10 | 000,934,702 | ---- | M] () -- C:\Users\Paul\Desktop\der188.pdf
[2010/10/06 23:39:24 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

========== Files Created - No Company Name ==========

[2010/11/04 23:43:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/04 23:43:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/04 23:43:27 | 000,088,064 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/04 23:43:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/04 23:43:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/04 23:35:28 | 003,903,125 | R--- | C] () -- C:\Users\Paul\Desktop\ComboFix.exe
[2010/11/04 23:04:40 | 002,565,432 | ---- | C] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
[2010/11/04 22:10:52 | 000,080,384 | ---- | C] () -- C:\Users\Paul\Desktop\MBRCheck.exe
[2010/11/04 22:09:59 | 001,213,675 | ---- | C] () -- C:\Users\Paul\Desktop\tdsskiller.zip
[2010/11/04 12:06:29 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 00:04:24 | 000,294,912 | ---- | C] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
[2010/10/25 16:02:30 | 005,411,840 | ---- | C] () -- C:\Users\Paul\Desktop\sp580w.exe
[2010/10/21 10:14:50 | 000,033,002 | ---- | C] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chw
[2010/10/21 10:03:14 | 000,352,783 | ---- | C] () -- C:\Users\Paul\Desktop\iCanDoIt_SB.chm
[2010/10/14 22:02:02 | 008,713,599 | ---- | C] () -- C:\Users\Paul\Desktop\EverProS1000V141Install.zip
[2010/10/14 15:57:54 | 000,000,161 | ---- | C] () -- C:\Windows\M1000.INI
[2010/10/11 21:13:09 | 000,934,702 | ---- | C] () -- C:\Users\Paul\Desktop\der188.pdf
[2010/10/02 11:16:24 | 000,012,672 | ---- | C] () -- C:\Windows\System32\drivers\Chip_usb.sys
[2010/10/02 11:04:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\gwscm.dll
[2010/10/01 23:39:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2010/10/01 23:39:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2010/10/01 23:39:43 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2010/10/01 23:39:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\RootCert.dll
[2010/10/01 23:39:42 | 000,106,496 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2010/10/01 23:39:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ICBCQPK_HH.dll
[2010/10/01 23:39:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\certInStall.dll
[2010/10/01 23:39:42 | 000,091,520 | ---- | C] () -- C:\Windows\System32\icbc_bhdc2vdv.dll
[2010/10/01 23:39:42 | 000,091,520 | ---- | C] () -- C:\Windows\System32\icbc_bhdc1vdv.dll
[2010/10/01 23:39:42 | 000,054,656 | ---- | C] () -- C:\Windows\System32\icbc_gdgetdv.dll
[2010/10/01 23:39:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\GDSetLET.dll
[2010/05/12 09:43:54 | 000,000,410 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/10 12:40:42 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\Temptable.xml
[2010/04/20 23:59:07 | 000,007,616 | -HS- | C] () -- C:\ProgramData\RJAhr0NY5OVC
[2010/03/02 15:07:51 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2010/02/10 12:16:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\MPMapTrace.dll
[2010/02/10 11:41:16 | 000,364,544 | ---- | C] () -- C:\Windows\System32\mpPathan.dll
[2009/11/12 10:43:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/11 01:37:14 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009/10/31 00:35:35 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/12 00:27:58 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
[2009/10/09 22:05:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/26 11:48:31 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2009/09/14 11:59:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\EASYZUSBMULTI.DLL
[2009/09/14 11:59:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DDSCON.DLL
[2009/08/20 22:36:16 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
[2009/07/21 11:16:23 | 000,086,016 | ---- | C] () -- C:\Windows\System32\jcutilHUAUKLCD.dll
[2009/07/21 11:16:23 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jcutilTdrUKLCD.dll
[2009/03/28 00:53:08 | 000,002,290 | ---- | C] () -- C:\Windows\Palm OS Emulator.ini
[2009/02/16 23:48:35 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009/02/16 15:53:49 | 000,193,024 | ---- | C] () -- C:\Windows\System32\co2c40en.dll
[2009/02/16 15:53:49 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009/02/16 15:53:48 | 000,953,344 | ---- | C] () -- C:\Windows\System32\pg32.dll
[2009/01/07 18:14:04 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2008/11/15 13:54:01 | 004,804,608 | ---- | C] () -- C:\Users\Paul\AppData\Local\filesync.metadata
[2008/04/06 22:16:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UnblkPIN.dll
[2008/04/06 22:16:00 | 000,389,175 | ---- | C] () -- C:\Windows\System32\RsaFun.dll
[2008/04/06 22:16:00 | 000,282,734 | ---- | C] () -- C:\Windows\System32\NPCard.dll
[2008/04/06 22:16:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\jcutilHUAUK.dll
[2008/04/06 22:16:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\jcinpublic.dll
[2008/04/06 22:16:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcutilgem101101.dll
[2008/04/06 22:15:58 | 000,262,208 | ---- | C] () -- C:\Windows\System32\GPKPCSC.dll
[2008/04/06 22:15:58 | 000,241,758 | ---- | C] () -- C:\Windows\System32\GPKPIN.dll
[2008/04/06 22:15:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hmukchk.dll
[2008/04/06 22:15:57 | 000,184,320 | ---- | C] () -- C:\Windows\System32\GdApi.dll
[2008/04/06 22:15:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CEA_Crypt.dll
[2008/04/06 22:15:57 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ChangPIN.dll
[2008/04/06 22:15:57 | 000,022,016 | ---- | C] () -- C:\Windows\System32\GEMPIN01.dll
[2008/02/22 08:42:27 | 000,000,044 | ---- | C] () -- C:\Windows\liveup.ini
[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/17 20:00:50 | 000,000,395 | ---- | C] () -- C:\Windows\CAMDXP.INI
[2007/12/06 22:27:14 | 000,000,216 | ---- | C] () -- C:\Windows\mercury.ini
[2007/11/01 11:39:27 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/31 14:24:11 | 000,000,021 | ---- | C] () -- C:\Windows\iar2ice.ini
[2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007/10/31 14:19:59 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007/10/31 14:19:59 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007/10/31 14:19:59 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007/10/31 14:05:18 | 000,000,764 | ---- | C] () -- C:\Windows\cw23.INI
[2007/10/31 14:04:58 | 000,001,187 | ---- | C] () -- C:\Windows\ew23.INI
[2007/10/26 20:54:29 | 000,114,688 | ---- | C] () -- C:\Windows\System32\GDSPKLib.dll
[2007/10/26 20:54:29 | 000,053,248 | ---- | C] () -- C:\Windows\System32\GDInitLib.dll
[2007/10/26 20:38:08 | 000,012,928 | ---- | C] () -- C:\Windows\System32\drivers\chip_usb.sys.bak
[2007/10/26 20:38:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\ChipCo.dll
[2007/10/26 20:37:12 | 000,031,744 | ---- | C] () -- C:\Windows\System32\drivers\eps2kt1.sys
[2007/10/26 20:37:12 | 000,004,608 | ---- | C] () -- C:\Windows\System32\R5CoInst.dll
[2007/10/20 15:21:55 | 000,000,029 | ---- | C] () -- C:\Windows\IDE.INI
[2007/10/07 20:25:38 | 000,000,600 | ---- | C] () -- C:\Users\Paul\AppData\Local\PUTTY.RND
[2007/09/12 23:02:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\GDReadPub.dll
[2007/07/13 11:43:19 | 000,000,000 | ---- | C] () -- C:\Windows\HT-IDE3000.INI
[2007/06/22 13:25:37 | 000,000,000 | ---- | C] () -- C:\Windows\SetID.INI
[2007/06/09 17:27:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2007/05/12 22:30:05 | 000,131,072 | ---- | C] () -- C:\Windows\System32\vmcoinst_zc0301plh.dll
[2007/05/09 04:10:20 | 000,146,944 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/09 01:04:30 | 000,000,510 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/08 05:29:09 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/03/29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/09 17:32:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/12/14 14:14:16 | 000,025,312 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2006/12/14 14:14:10 | 000,000,480 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/08 19:04:32 | 000,023,040 | ---- | C] () -- C:\Windows\System32\jcidGEM102.dll
[2006/10/08 19:03:28 | 000,027,136 | ---- | C] () -- C:\Windows\System32\jcinGEM102.dll
[2006/09/05 14:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2006/08/11 16:47:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\jcinHUAUK.dll
[2006/08/11 16:47:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jcidHUAUK.dll
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/05 10:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jcinGD84.dll
[2003/10/15 12:29:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcidGEM101.dll
[2003/10/09 12:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcidGD84.dll
[2003/09/17 17:12:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\jcinTHTFUK.dll
[2003/09/17 17:10:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jcidTHTFUK.dll
[2003/09/17 16:02:42 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jcidWATCHK.dll
[2003/09/17 15:34:24 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jcinWATCHK.dll
[2003/07/03 18:28:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jcinGEM101.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/11/16 13:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\System32\DrRw40.dll

========== LOP Check ==========

[2010/04/21 11:55:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\3Dconnexion
[2009/05/15 09:20:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AeroSnapApp
[2007/05/09 02:27:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Altium2004
[2009/02/13 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AltiumDesigner6
[2010/11/05 11:49:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AltiumDesignerWinter09
[2008/05/24 14:12:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\App Launcher Gadget
[2008/07/16 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Autodesk
[2010/02/26 18:06:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Azureus
[2010/02/28 21:44:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DassaultSystemes
[2007/06/09 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DWGeditor
[2010/07/05 11:51:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\EDrawings
[2007/05/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FlashGet
[2010/02/28 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FlashgetSetup
[2007/05/14 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GlobalSCAPE
[2009/11/14 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IM
[2007/05/08 12:04:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2009/01/03 10:47:11 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LEGO Company
[2008/06/14 08:51:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Lenovo
[2009/10/04 20:21:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Luxology
[2010/10/01 13:11:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Microchip
[2007/12/09 12:56:58 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MySQL
[2007/06/08 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
[2010/02/08 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nordic Semiconductors ASA
[2007/06/04 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
[2007/05/12 13:45:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2010/04/24 23:48:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPlive
[2010/01/11 10:02:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPLiveVA
[2010/04/19 16:29:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PPStream
[2007/05/31 14:32:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Radmin
[2008/12/27 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\sldIM
[2009/10/28 02:00:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Softland
[2009/11/11 01:40:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tencent
[2010/05/11 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Tific
[2010/02/26 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2007/09/18 15:42:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\VoipStunt
[2010/08/13 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\VSO
[2010/10/07 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
[2010/11/05 09:53:10 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/04 16:36:02 | 000,000,390 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{08E3C5B6-698E-4B74-BB2F-18B5C7D629F8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/09/18 16:35:58 | 000,001,272 | ---- | M] () -- C:\bar.emf
[2009/09/25 22:26:18 | 000,000,888 | ---- | M] () -- C:\bholog.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/09 19:32:55 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/11/05 09:45:15 | 000,022,077 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/12/03 12:34:00 | 000,000,037 | ---- | M] () -- C:\crypt.bat
[2007/05/08 05:23:31 | 000,001,264 | ---- | M] () -- C:\drivez.log
[2010/11/05 09:54:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 13:44:42 | 000,016,480 | ---- | M] () -- C:\hope.otp
[2007/10/31 14:26:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/16 23:40:36 | 000,102,947 | ---- | M] () -- C:\LICENSE.TXT
[2009/02/17 09:49:22 | 000,000,547 | ---- | M] () -- C:\mentor.lic
[2008/12/04 16:36:52 | 000,000,549 | ---- | M] () -- C:\mentor.lic.bak
[2009/02/15 15:45:27 | 000,312,320 | ---- | M] (EFA Team) -- C:\MentorKG.exe
[2008/11/26 04:37:38 | 001,601,536 | ---- | M] () -- C:\mgcld.EXE
[2008/12/02 03:32:14 | 001,564,672 | ---- | M] (Mentor Graphics) -- C:\MGLS.DLL
[2010/03/05 17:06:09 | 000,006,084 | ---- | M] () -- C:\MPUsbSIn.log
[2007/10/31 14:26:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/06 22:19:10 | 000,000,000 | ---- | M] () -- C:\netsign_debuginfo.txt
[2010/11/05 09:54:38 | 3533,348,864 | -HS- | M] () -- C:\pagefile.sys
[2008/08/08 10:21:24 | 1073,741,824 | -H-- | M] () -- C:\pfsvoddata.bbv
[2008/02/05 10:41:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/03/04 14:45:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/02/05 10:41:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/03/04 14:45:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/05/08 05:13:02 | 000,000,053 | ---- | M] () -- C:\syslevel.lgl
[2010/11/04 22:14:23 | 000,071,820 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_04.11.2010_22.12.32_log.txt
[2007/08/06 00:16:51 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/09 22:45:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/21 00:03:52 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/21 13:24:31 | 000,000,352 | -HS- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/04 23:35:27 | 003,903,125 | R--- | M] () -- C:\Users\Paul\Desktop\ComboFix.exe
[2010/11/04 22:10:52 | 000,080,384 | ---- | M] () -- C:\Users\Paul\Desktop\MBRCheck.exe
[2010/11/04 23:04:45 | 002,565,432 | ---- | M] () -- C:\Users\Paul\Desktop\NTBR_CD.exe
[2010/11/05 11:49:16 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/11/04 00:04:28 | 000,294,912 | ---- | M] () -- C:\Users\Paul\Desktop\pd7wmbf0.exe
[2010/10/25 16:02:29 | 005,411,840 | ---- | M] () -- C:\Users\Paul\Desktop\sp580w.exe
[2010/11/04 00:31:03 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/10/10 18:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2006/11/02 08:36:17 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/05/10 15:12:51 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/05/10 15:12:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/05/10 15:12:21 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/11/02 08:37:02 | 000,000,402 | -HS- | M] () -- C:\Users\Paul\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/10/12 00:27:58 | 000,000,016 | ---- | M] () -- C:\ProgramData\.7486160831680234
[2008/07/12 10:49:11 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/21 00:41:19 | 000,007,616 | -HS- | M] () -- C:\ProgramData\RJAhr0NY5OVC

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Files - Unicode (All) ==========
[2010/08/27 23:44:51 | 000,000,000 | ---D | M](C:\Users\Paul\Desktop\??) -- C:\Users\Paul\Desktop\探亲
[2010/04/11 20:58:22 | 000,000,000 | ---D | C](C:\Users\Paul\Desktop\??) -- C:\Users\Paul\Desktop\探亲
[2007/06/16 00:21:04 | 000,000,000 | ---D | M](C:\Users\Paul\Favorites\????(??THUMBXP)) -- C:\Users\Paul\Favorites\手机论坛(宣传THUMBXP)

< End of report >
 
OTL Extras logfile created on: 05/11/2010 11:51:08 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.66 Gb Total Space | 13.72 Gb Free Space | 15.83% Space Free | Partition Type: NTFS

Computer Name: T60P-PAUL | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C91A7F-2832-4FED-A193-A482E42870C4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{058044B2-4AB4-4BB7-92D4-153D0A069B60}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{084E189F-CE0E-4021-9B9C-098B95101214}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{204360C8-4145-4CFA-995D-84C05B20690D}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{36314F92-65CD-43D7-BCB5-65474E22B44F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4303B49F-B507-4011-8C7A-524281CFC1F7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44B40FBE-3732-4C96-9823-BE3C212FCBC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48B21167-245B-4758-BB53-2942B63E987F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DAE64FE-39A3-41B7-BB3F-C3AEF8C10882}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5E839C1B-997A-4261-ABFE-E3FEC1D3FB04}" = lport=7553 | protocol=6 | dir=in | name=emule tcp |
"{7132B6CF-0A86-424E-AEFF-3D65F39E68F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7FBC4DE7-8498-40D1-B0D7-4E900F1B8E40}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{932D6046-B71B-498C-919C-D81BEC03DE56}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9916ACFA-DD20-4EF0-AEBC-6C4701E5B2E2}" = lport=7563 | protocol=17 | dir=in | name=emule udp |
"{9A357ED6-DC4D-40DB-BC66-E36DE95E73D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AB781A36-9827-4E6B-8288-EE72EED59547}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE2D1464-7725-4388-A701-66C2405E17E6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DD0CE62D-F03F-4005-8E26-D4090F90FF0C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF95E72A-16F9-40AC-8D5B-343165F4CE0F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E4E296-C015-4088-8142-10E93180EDF6}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{01D38775-0FD4-49C3-84B0-22C09734B5A1}" = protocol=6 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{0271EA39-2AFC-42DE-921E-03EE32E76DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02C15982-1811-4281-B208-847379EE428B}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all professional 4\backup4all.exe |
"{0723892B-D61D-4879-9D93-2BC2E8B6AD2C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{0737C413-9352-4A6C-9D60-67169968A476}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{088A66B9-A799-4D3A-AA61-67494FA24A48}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{098EFC1E-9609-48BC-AC0B-9B33E96770B7}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{11AB0502-CA26-4E5A-9463-03725D079CD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13DB5195-13A1-4555-91D9-5662BEE90C32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15BADEC3-3EDD-4D9A-B374-15B0F6C18EC3}" = protocol=17 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{177B58E3-3F79-4C55-9179-D8953E3FE029}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A276A72-2F47-47C8-B838-4CCA8A3BAEDB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C02F26C-C67E-467B-A968-25C5C633E435}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C4E174F-6E94-46A7-85D6-C39E4D752ABF}" = protocol=17 | dir=in | app=c:\program files\aliwangwang\aliim.exe |
"{1DFAB063-7D78-4045-B744-9A405D6E9843}" = protocol=17 | dir=in | app=c:\program files\ppliveva\crashupload.exe |
"{1E6BD409-8E71-4FD1-8C88-737E09281C37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1EC3E8FF-0E82-46C5-BEDC-9F3DA252BA31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F03EC84-EE2F-4832-8C24-39DA1443F9B9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{230F3CBB-26A1-4EDE-AB58-32330FFDE06E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24676578-D72F-4473-8754-B9E064314521}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{24B200CE-BC16-4936-ADC5-866FC3423895}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28C64E69-E7DF-4B64-A180-3E9383FA846D}" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{2C20DD8D-EA88-452C-82E7-F2F5964713CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D9E92F4-2314-4321-8690-8E86A68197BC}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{30382777-C883-4AD7-ACE4-3F9492516BFE}" = protocol=17 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
"{30C360FC-E8E2-45C8-8880-57E74ECA654E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31F4BED9-7AA2-400F-86CE-E2C17920A2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32D2AFA4-C277-4C41-AACA-F9DDA950CA1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3591958B-D37F-458C-9396-04E39DFA195A}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{366CAD6D-7E68-4BAC-AC03-E2B897FE9BDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37FD0568-169D-4158-8BD5-8DC2C0829015}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{399B2170-96EF-4CD9-8A15-774D86F3ACBD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B359866-EA86-4EBD-9313-128F2F4CBEF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C54B604-8D29-4AD0-AC1F-BD745665A803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E5A9E59-CE4A-4C5B-AB97-6616F02D896F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42032143-B310-48AF-8A96-7CAE42DB0F0E}" = protocol=6 | dir=in | app=c:\program files\ppliveva\download.exe |
"{43997170-A820-4C65-ADCA-9520794ECAE8}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{46F6171A-EC1D-4446-BC74-A9D462B573E6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe |
"{496A68D6-9266-4F36-839C-067C467C617A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C2F7C64-5715-45F2-9B78-0BB936F3DD61}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{4D14E678-BC9B-4795-B35D-5B3C8E21C09D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D22019C-10E3-46D4-BFFB-5F9956706EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D89A6E2-A54E-4615-99F2-70F6B8ED60D0}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe |
"{4DE6EBEB-6A58-4C45-806E-1D49AE523EDB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F44EB37-C17A-4308-AC47-CB0DE9E79D4B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{539EEF6A-3B22-42A1-91E0-A6FBB3A85EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54CED8C3-08ED-4C9F-9CAA-99CA070CBC24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57B0975B-A473-41AB-A406-492AF7B9FB32}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58828CBC-8057-4581-938A-578C4AB80028}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A3CA6DB-A414-41C8-AEAD-01D8D78C27DF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5AB6CD37-87C1-42A0-A003-577943BB77BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DAFBA06-F5E8-4585-A308-A9F9FC3F781C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DF9D9BE-8B98-4A40-9966-1BF4919AB916}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{675573BC-0D8E-43AD-8D2F-53EFD9791767}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B15CA74-B663-439C-A028-CD07F2B806C9}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{6C7FAAB9-2ABD-46BE-B1F0-41025FEB2E67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E115240-FF4B-4BB1-AC0C-2F8E325C38E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EE309D2-C85B-4157-A92B-53AF75499F25}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7064E125-BC28-49B9-928C-F657302C811F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{741695BD-0635-42A4-9BA9-3959A7E4802F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79C283F3-DEC0-4C3E-A784-E31A37C7B6C2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B893C96-D41E-4619-B454-899DED94C0F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C81741D-6C80-4C70-9691-7A653FB150DB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7EEDEBFD-A64A-4E33-97B6-21C8982DF130}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{807071FF-16F5-4931-BFEF-8F47DD720096}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{822C4341-5B12-4C7D-A9C5-F6CD687A7769}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{84FE82F2-5CBC-474C-9F62-D249CB8F903B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{865F9F34-4E6A-4F55-A850-E7EAF734EC41}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe |
"{877710E1-7C11-40D9-B3D7-B9F67D6369DB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8802B7A8-6E44-49D2-8D5C-4B2A4B8F9397}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{89AE6A80-B047-407B-B9C8-4AC33BEE8371}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90BD5CA5-2587-4B60-9D00-7A75BE4495A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{942123DD-AC6F-4212-88A8-948781728706}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94FAF415-F7ED-41F6-8912-BCFFCC0899DD}" = protocol=17 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{952B41C3-BC86-4B7E-B35E-4704E8C32C1C}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{96511A6B-6A89-438A-A306-04EB737AAEC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9675CAD0-772C-4AB3-9486-0434078878EE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{98348DC0-3251-4C77-9521-4A09D15AB601}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{993790F6-9432-482A-B65B-2736D7C6F71B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{994388CD-56E5-4894-8626-B4671CA55FF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AF56249-F575-406F-AD14-24AD63B45DD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9FF59C96-16A5-45D9-AD57-6754FD6B168E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A098F88F-1189-45CC-8AAD-DC2C482D2B9A}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
"{A150A68C-9274-4D22-9A2B-FB9186787253}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{A4786A77-F44A-45B0-BC46-0DC4866488EF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ACB8DF31-117A-4A74-8124-8911A2BBCC07}" = protocol=6 | dir=in | app=c:\program files\ppliveva\downloadprogress.exe |
"{AEA3EFB4-F2AB-4414-95F2-F83C72DABBCD}" = protocol=6 | dir=in | app=c:\program files\voipstunt.com\voipstunt\voipstunt.exe |
"{B329F73C-13C9-4D4B-AE92-4C74A4E0876E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B425E41A-DCC5-4FFD-A9D2-D315E55340E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B516804F-9F9D-48EF-9D70-7601FE068246}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all professional 4\backup4all.exe |
"{B57E7EF3-60C9-4E8A-B518-BBDF0C4CA574}" = protocol=17 | dir=in | app=c:\program files\softland\backup4all professional 4\b4acmd.exe |
"{B598CB3E-F6FE-4497-9E7D-FF5CF36CFBC7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5E3F7CC-1B03-44C2-928D-02A7A8534ACE}" = protocol=6 | dir=in | app=c:\program files\softland\backup4all professional 4\b4acmd.exe |
"{BA7DB8EB-5EC0-4394-9E90-48EA2D7613B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC3C02C5-BA2C-4DA5-8B0A-9F97CB406567}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{BE2D3CDE-C9D6-4E0C-857C-526B6B0FF960}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEE8A843-3718-471F-A129-31E8A2977025}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BF88F834-FD0C-4FF3-941D-AA69A086F320}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C420AD73-C287-4CAA-867C-CF597ED92A39}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5FDFADA-2BA8-4855-8C55-1946D0C74777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7B679F2-A14B-4A36-A1B4-E96622DB484A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB06B9AE-1073-49B9-AE5E-9479C38A6F87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB60F445-B2A7-4653-853F-9353AA82D7C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC733629-25A8-4E82-8207-30C248903A46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE6A8A04-0211-4E4E-8AA7-57DFFA1F4CB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1BCE77B-7E88-47BE-900B-6D9726AC266A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D446A514-6E48-45CD-A4DA-20183E54D21C}" = protocol=6 | dir=in | app=c:\program files\ppliveva\flvpick.exe |
"{D51A03C8-FD58-4EC5-8808-DD2C16209BA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D57E336D-9D84-4821-9BA9-22F08554CA39}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe |
"{D620DA31-F2D6-479C-8DA9-E28F77C4EF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D67DBA24-88B2-4268-B8C7-53AC8670B68B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8B1AE7A-ABED-4BE2-8157-527A432046F2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe |
"{D96BF01B-90A9-402E-BFD6-C3472655C8DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBA083B3-627C-4309-8648-CDC9FA85092C}" = protocol=6 | dir=in | app=c:\program files\aliwangwang\aliim.exe |
"{DBBE416E-BD1A-4A49-9DC8-D2B740BDD58D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC14512E-46FC-49C1-951E-7BF82DA63A80}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{DCCADD30-ACA4-426F-938D-49105ED59C5B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe |
"{E008B7EB-22E6-49A2-8EA6-43889C7BCF60}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1ECA794-C047-4159-9261-229C5D824B65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E371840F-4B5A-4DA2-AFCD-95E34D5BDA87}" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"{E39FBD18-890E-4B10-B8FE-D94C08E776B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E49B2A85-CDE4-470E-938C-F82E90187BAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC32FA6D-3817-4C52-976B-1AD39A85FE73}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF3354E8-54CF-4CE2-9283-63F85D19F5B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4DC9C3D-4826-410D-B68C-1CD2E4087F50}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F4E29F81-3CAC-4FB3-A873-E414769BE5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6208807-6EEF-4D4B-A774-2F3C8847EFD9}" = protocol=17 | dir=in | app=c:\program files\ppliveva\download.exe |
"{F650D1D4-EEFE-48C6-B6A9-0F6FF08C672A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F86778A8-19CE-42D9-B422-7EDD87E771C2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F91D5B25-1403-47CD-9177-33A0534DBB67}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FA103A6C-F9F0-4AFB-9021-6E976B05722E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB09E603-E201-4A01-9414-CC63D5C07EC3}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe |
"{FDC1528A-78D5-4F3E-A552-A80BDE3B2032}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FEF3081F-B90D-4711-9F67-C0F642C4C9EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{099F4F94-FB5B-4232-80EE-C36841085648}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{13C0A27E-C840-4D03-B6D6-385C69980F45}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"TCP Query User{14CDC0B3-A012-415E-BC88-157D28171664}C:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe" = protocol=6 | dir=in | app=c:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe |
"TCP Query User{2032AFC2-9C35-4345-AE45-1248D571B150}C:\temp\testdll\server.exe" = protocol=6 | dir=in | app=c:\temp\testdll\server.exe |
"TCP Query User{2B7411D1-074D-4B68-80D3-9EB1A12B8F5E}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{2F9B390E-A628-431E-8077-F354501D669F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{37EA397D-3776-444E-BBF7-9487E85FAFAD}C:\java\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\java\eclipse\eclipse.exe |
"TCP Query User{43375BD2-6B09-4669-8BF5-517C6ACCE9CD}C:\temp\socket\server\debug\server.exe" = protocol=6 | dir=in | app=c:\temp\socket\server\debug\server.exe |
"TCP Query User{6B739A28-CFB8-4EEC-B327-7F49845C0D8C}C:\program files\easymule\emule.exe" = protocol=6 | dir=in | app=c:\program files\easymule\emule.exe |
"TCP Query User{6FAD55F9-F1CB-4F6F-B8FF-8A7DFA9C747F}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"TCP Query User{733EE1B3-C7FE-474C-B66B-A1176614770F}C:\java\wtk23\bin\emulator.exe" = protocol=6 | dir=in | app=c:\java\wtk23\bin\emulator.exe |
"TCP Query User{76731764-A3DB-4005-B5C9-A8199CDF73C2}C:\temp\sword\registration tools\pose\emulator.exe" = protocol=6 | dir=in | app=c:\temp\sword\registration tools\pose\emulator.exe |
"TCP Query User{83A0E01C-2427-4304-A536-54CFF019A59E}C:\mentorgraphics\licensing\lmgrd.exe" = protocol=6 | dir=in | app=c:\mentorgraphics\licensing\lmgrd.exe |
"TCP Query User{8CB56657-A75E-4396-BDB8-1A5C9F5B6B09}C:\program files\altium designer winter 09\dxp.exe" = protocol=6 | dir=in | app=c:\program files\altium designer winter 09\dxp.exe |
"TCP Query User{91CED359-5CF4-40A9-97B9-129A93EF1BFA}C:\downloads\flashget_19873_1.exe" = protocol=6 | dir=in | app=c:\downloads\flashget_19873_1.exe |
"TCP Query User{A29D57AE-997F-46D9-809D-C40D246CDCE1}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"TCP Query User{B5466EFE-5AE6-4BDE-AAAA-B43808B34DF8}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"TCP Query User{DCC451E9-D086-4B0F-8B6A-36BA5FF0B98D}C:\green\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\green\pplive\pplive.exe |
"TCP Query User{E8FA0D47-3E22-487C-B136-A42712CCB950}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{FA14C366-D52A-441B-AF66-EFD3FA6CF045}C:\java\wtk23\bin\zayit.exe" = protocol=6 | dir=in | app=c:\java\wtk23\bin\zayit.exe |
"UDP Query User{0AB6AB39-88EF-4A36-8C43-69190D0495B2}C:\temp\sword\registration tools\pose\emulator.exe" = protocol=17 | dir=in | app=c:\temp\sword\registration tools\pose\emulator.exe |
"UDP Query User{186F99C6-D3E4-468E-85AA-40BC705B74D5}C:\program files\altium designer winter 09\dxp.exe" = protocol=17 | dir=in | app=c:\program files\altium designer winter 09\dxp.exe |
"UDP Query User{2D279A5F-5496-4358-9C2E-6412B6CDF80A}C:\green\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\green\pplive\pplive.exe |
"UDP Query User{3268075C-A7B7-4F19-A402-3E6F6C6DF6C5}C:\mentorgraphics\licensing\lmgrd.exe" = protocol=17 | dir=in | app=c:\mentorgraphics\licensing\lmgrd.exe |
"UDP Query User{3CE39B41-7046-44D2-B53A-297A18198EE2}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{3E28196E-5347-4055-B86E-F44A03C0603A}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{49B89C63-188D-4074-AD86-E36A83D7DB74}C:\program files\easymule\emule.exe" = protocol=17 | dir=in | app=c:\program files\easymule\emule.exe |
"UDP Query User{542C1639-ED3A-4C42-ABBF-C05F0EE7A5A5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{63EFD024-410E-412C-86BB-CE83853AEB79}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"UDP Query User{82A2275D-0D70-4317-AE8B-BB1816767D02}C:\java\wtk23\bin\emulator.exe" = protocol=17 | dir=in | app=c:\java\wtk23\bin\emulator.exe |
"UDP Query User{8A6C703B-BD9C-4C7C-BC94-EE8A5901444F}C:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe" = protocol=17 | dir=in | app=c:\users\paul\appdata\local\microsoft\windows\temporary internet files\content.ie5\tg4jdv6c\qq2009sp5_installer[1].exe |
"UDP Query User{8C96D000-321E-4287-B42C-2BBD64238D77}C:\downloads\flashget_19873_1.exe" = protocol=17 | dir=in | app=c:\downloads\flashget_19873_1.exe |
"UDP Query User{923E4DF6-0051-4B1A-8EC8-F1739F074D04}C:\java\wtk23\bin\zayit.exe" = protocol=17 | dir=in | app=c:\java\wtk23\bin\zayit.exe |
"UDP Query User{BDADF24C-700E-42C9-BBBE-74962C35D26E}C:\temp\testdll\server.exe" = protocol=17 | dir=in | app=c:\temp\testdll\server.exe |
"UDP Query User{BE087175-E9AD-4376-9775-FE1F554FA41E}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"UDP Query User{CF5CDF6A-044A-4E33-9B07-E1B11E45AF16}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{D53B9E49-0A1F-4A14-B129-F9A47B57A675}C:\java\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\java\eclipse\eclipse.exe |
"UDP Query User{DE199120-9072-4AF3-8D62-6FA3D5BA454B}C:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\orbixd.exe |
"UDP Query User{DE7CCA86-7634-4EDF-A0FA-6C581EAE2047}C:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b19\intel_a\code\bin\cnext.exe |
"UDP Query User{FD6F0F56-8C15-4C31-9EE0-DE32E9143A5C}C:\temp\socket\server\debug\server.exe" = protocol=17 | dir=in | app=c:\temp\socket\server\debug\server.exe |
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Panos Panay, Microsoft's Chief Product Officer, steps down after nearly 20 years
Replies
2
Views
284
sorten
S
midian182
Facebook to remove the News tab in US and Australia as company shifts its focus
Replies
6
Views
173
erickmendes
erickmendes
Shawn Knight
Unity CEO John Riccitiello resigns following fee controversy
Replies
9
Views
388
Sir Sparkles
Sir Sparkles

Latest posts

Back