PDA

View Full Version : Need help with conficker worm!!!!



dallak
2010-11-01, 17:17
Can someone help with a worm problem? I have attached two screen shots that I get from my McAffee when it detects this worm. Have tried combofix, sopho, kk; no success!

dallak
2010-11-01, 17:31
Could I keep getting infected from our network here at work?

dallak
2010-11-01, 18:12
I know you do not work on corporate computers. This is my personal laptop that I use sometimes at work.

peku006
2010-11-08, 20:48
Hi dallak

Please read this

BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Thanks peku006

dallak
2010-11-08, 21:29
when I double click on dds.scr on my desktop this is part of what I get: Any suggestions?

MZ   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n    @       L
      4  
.code    PEC2FO .rsrc   S Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;y*U2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7K*gB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%#ɚxu C1y4jST)<H]nwPmq*?>?244 i)mK᪆*+:@C
N>t-dDS[.^ݏ|@ِtP\R-TqLAu\hcD4fi]6nl
o@AFGo*=ܔ|Hϗ~'VR
`m۟IͬK1Ux>ARC)^M.!5 ?S& vjulB礪`2vb'
J:%Æ5,
h2*3g/C\.2wiL*%g𞁇ji]f˓@U?*@.H0߽$UwGBݜԣb]jڞe
)l Lz?j,Bћw`UE[ԃPFW'
Ӛ𜤊*h2QNY2ע:ڏ"5_:fyfƈɘ2V" Gx ys{[ "}g+Zqp=sA
0 Nİ"fC0:m4g3 %۹ά͢
<WqW0Y],AlBw$
]agH(aIyց>(D P5Z{qR9*.r)791;rT5X{ ; 1
಴X*0fTq{ 00|-_
۾%h;s?8PVz^Po?&%fKx_IPzPHi@l0Y!)ߵl=*M3| kY6m&鼦 qO͖hCܾ*1=K1
T 5BIk>yI~v +:`
60-npvpT^ }}LJqScs!
FcZ4qkh/g↎5i/>!J$^`S$(]4*\Vɶq9DK3v:32XEղB7Žbk.K{ ɱ滝v8]e Mp92S -4!/M[#C~*`"_Ǥ*Q*9hm!I獚b ;)!ƿfWJriK̦#BϚʱv߬qNU_5&΢Z׽ S .tP7i^ țvSQ!`[@7z35dD@tqToehK$w!cDzXCUUY3P+O"%x&1IxMoh*}od6#$"~IXڷl既ΔֿUFIo`C&K49.!+(ʯ%0'g "By;OAwdž<.ªYŜlJǐ=v0/5mjtwu.5g"*[/~|6}Nnf9<?Sт &.0BY D{NhٽFrqi0sl򥥼4!;x*xug3eZrjN#h=s`U=c*a]Ĵu{*\ ։Ja)cpjJjW)nۧVB\k0:T6i͗***|H [Tu5oPE#^
)MU\ N/Kt!yc-
֒Ī,eH/C!yI<&PK
*gMefF
* XBc O 0BmBh9t腗u'j]nėz#
*2{+X21z
~S=|auO'ў#pgm5;_vfVu6sh*_~d2;]|R'_U
m@G?])[B+;$x44=Q(b ۗ[@UёyZ$$qBb΂zٸskrY- d5UXI(*ygkJB64ZG7b'XSIҾ]AI@HmHCXR@dM,M 7|J |HPMoO=;2ow/zi]&dTO/E-߇B?)~d#*.ʉAn

Any suggestions?

peku006
2010-11-08, 21:36
what operating system do you currently use? XP or Vista or Windows 7?

dallak
2010-11-08, 22:13
Peku,

thanks for your help. I am running XP. I have had new developments just today with my computer.

Everything I try to run locks up my hard drive I can't even open Task Manager. My only option is to power down and re-start. Outlook freezes up, Internet Explorer too.

I did download dds by saving as scan.com. It opens the DOS window and begins to work, the dots make it over to the right hand side of the window and then my computer freezes. I can't get it or anything to work for some reason today.

Any ideas?

thanks

peku006
2010-11-09, 09:46
Hi dallak

Ok........lets try this

RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT
Click Continue at the disclaimer screen
Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
Copy & paste the contents of both logs in your next replyIf info.txt is not minimized, it will be found at C:\RSIT.

To post in next reply:
Contents of both logs from RSIT

Thanks peku006

dallak
2010-11-09, 21:59
peku,

Too much text to cut and paste so I made each into a pdf file that I have attached. Hope that works.

Thanks, again!

peku006
2010-11-09, 22:27
Hi dallak

Please do not use pdf-files ,use multiple posts

dallak
2010-11-09, 22:32
info.txt logfile of random's system information tool 1.08 2010-11-09 13:51:09

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe Acrobat 9 Pro Extended - English, Franais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{205A5182-EFC8-4C25-B61D-C164F8FF4048}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{205A5182-EFC8-4C25-B61D-C164F8FF4048}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FileOpen Client-->MsiExec.exe /X{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
IMSdesign-->MsiExec.exe /I{794CF459-3579-4E07-A01C-F2BDCF20A065}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Dynamics GP 10.0-->"C:\WINDOWS\Downloaded Installations\{896DCCC7-9749-4DD6-BAEF-49F9A9CEE295}\Setup.exe" /n{896DCCC7-9749-4DD6-BAEF-49F9A9CEE295}
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft Streets & Trips 2008-->MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
OCR Software by I.R.I.S. 12.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ROSA6.1-->MsiExec.exe /I{C3E97B9D-119C-48D0-B4B4-E5A15C650023}
ROSA72-->MsiExec.exe /I{60B3AE6A-C981-438C-91B0-B3D6ECEA2BA0}
SAPI Wrapper-->MsiExec.exe /I{96172E04-BB14-45F6-A77B-8EE7A421B903}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2124261)-->"C:\WINDOWS\$NtUninstallKB2124261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2290570)-->"C:\WINDOWS\$NtUninstallKB2290570$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976323)-->"C:\WINDOWS\$NtUninstallKB976323$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SHARP AR-351/355/451/455 Series PCL Printer Driver-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\ush2.isu -cC:\WINDOWS\system32\ush2.dll
Sharpdesk-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0AEF384B-610F-4309-8DA3-91834FE4E80E} /l1033
SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
SolidWorks eDrawings 2010-->MsiExec.exe /I{AFEA2EBC-E0CA-4A0D-BAB6-03B663B753AD}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sophos confic-a Cleanup Tool-->MsiExec.exe /I{2c557f98-ef74-4a1e-a856-9df2f633b41f}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Terminal Services Web Client-->rundll32 advpack.dll,LaunchINFSection C:\Inetpub\wwwroot\TSWeb\setup.inf,DefaultUninstall,,
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Accessibility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BCA8D15-BCB6-421E-9654-238B43456A4F} /l1033
TOSHIBA Fn-esse-->C:\WINDOWS\UnInst32.exe Fn-esse.UNI
TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE} /l1033
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} /l1033
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1033
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 8.0 x86 Runtime Setup Package-->MsiExec.exe /I{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Total Protection Service

======System event log======

Computer Name: JOHN
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 21348
Source Name: Print
Time Written: 20100802151605.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 3
Message: Printer Auto Microsoft Office Document Image Writer on WAYNE was deleted.

Record Number: 21347
Source Name: Print
Time Written: 20100802151604.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 4
Message: Printer Auto Microsoft Office Document Image Writer on WAYNE is pending deletion.

Record Number: 21346
Source Name: Print
Time Written: 20100802151604.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 21345
Source Name: Print
Time Written: 20100802151604.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 21344
Source Name: Print
Time Written: 20100802151602.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: JOHN
Event Code: 8226
Message:
Record Number: 4853
Source Name: NSSDK.MfpifValidator.1
Time Written: 20100319072547.000000-300
Event Type: error
User:

Computer Name: JOHN
Event Code: 8226
Message:
Record Number: 4852
Source Name: NSSDK.MfpifValidator.1
Time Written: 20100319072547.000000-300
Event Type: error
User:

Computer Name: JOHN
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 4847
Source Name: Userenv
Time Written: 20100319072501.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 4841
Source Name: AutoEnrollment
Time Written: 20100319072449.000000-300
Event Type: error
User:

Computer Name: JOHN
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 4840
Source Name: Userenv
Time Written: 20100319072449.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin;C:\Program Files\HP\Digital Imaging\bin\Qt\Qt 4.3.3;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SDImgTemp"=C:\Program Files\Sharp\Sharpdesk\Temp
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

dallak
2010-11-09, 22:33
Logfile of random's system information tool 1.08 (written by random/random)
Run by john at 2010-11-09 13:50:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (6%) free of 38 GB
Total RAM: 1014 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:05 PM, on 11/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\Indexer.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Documents and Settings\john\Desktop\RSIT.exe
C:\Program Files\trend micro\john.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802124422.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3088490069-4257833259-2970441322-2631\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-3088490069-4257833259-2970441322-2631\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 (User '?')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280770706517
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280770671086
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SmithEng.local
O17 - HKLM\Software\..\Telephony: DomainName = SmithEng.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SmithEng.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SmithEng.local
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--
End of file - 14142 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\Managed VirusScan\VScan\ScriptSn.20100802124422.dll [2009-12-15 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-07-15 1077322]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"IndexTray"=C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [2005-11-05 106496]
"Indexer"=C:\Program Files\Sharp\Sharpdesk\Indexer.exe [2005-11-05 184320]
"SharpTray"=C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [2005-11-05 32768]
"TypeRegChecker"=C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe [2005-11-05 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [2010-07-23 476480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe"="C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe"="C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-09 13:50:37 ----D---- C:\Program Files\trend micro
2010-11-09 13:50:34 ----D---- C:\rsit
2010-11-08 13:53:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-08 13:52:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-08 13:51:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-14 12:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 12:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 12:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 12:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 12:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 12:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 12:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 11:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 11:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-09 13:50:37 ----RD---- C:\Program Files
2010-11-09 13:10:14 ----SD---- C:\WINDOWS\Tasks
2010-11-09 13:10:14 ----D---- C:\WINDOWS\system32
2010-11-09 07:43:21 ----D---- C:\WINDOWS\Prefetch
2010-11-09 00:35:28 ----D---- C:\WINDOWS\security
2010-11-08 15:19:44 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-08 14:56:25 ----D---- C:\WINDOWS\Temp
2010-11-08 14:26:27 ----SHD---- C:\WINDOWS\CSC
2010-11-08 14:26:16 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-11-08 14:26:10 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-11-08 14:25:46 ----D---- C:\WINDOWS\system32\DLA
2010-11-08 13:53:10 ----D---- C:\WINDOWS\system32\drivers
2010-11-08 07:46:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-08 07:41:32 ----D---- C:\WINDOWS
2010-11-05 12:50:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-04 10:21:43 ----D---- C:\Sharpdesk Desktop
2010-11-03 14:52:34 ----SD---- C:\Documents and Settings\john\Application Data\Microsoft
2010-11-01 14:36:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-14 14:15:14 ----D---- C:\WINDOWS\system32\wbem
2010-10-14 14:09:57 ----D---- C:\Program Files\Internet Explorer
2010-10-14 14:09:57 ----D---- C:\Config.Msi
2010-10-14 12:05:52 ----HD---- C:\WINDOWS\inf
2010-10-14 12:05:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 12:05:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-14 12:05:36 ----A---- C:\WINDOWS\imsins.BAK
2010-10-14 12:04:54 ----D---- C:\WINDOWS\WinSxS
2010-10-14 12:04:12 ----SHD---- C:\WINDOWS\Installer
2010-10-14 11:58:15 ----D---- C:\WINDOWS\ie8updates
2010-10-14 11:51:53 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-12-15 214664]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-12-15 55304]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-28 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-12-29 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2009-12-15 79816]
R3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2009-12-15 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2010-05-31 6608512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-16 28800]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
S2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
S2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2009-12-15 34248]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EngineServer;EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 McShield;McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-15 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-23 282824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-09-01 79360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

peku006
2010-11-10, 11:01
Hi dallak

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

dallak
2010-11-11, 00:09
peku,

sorry again, but my computer locks up tight every time I try to run combofix. I get to the disclaimer screen, click 'yes' and then no blue box, just nothing. Have to power off my computer. I even unistalled McAfee and turned Windows firewall off. No luck.

I was able to run combofix earlier this year when another moderator from Spybot was helping me on a different issue. It cleared up my problem at that time.

Anything more we can do on this issue?

Thanks,

John

peku006
2010-11-11, 10:22
Hi John

Please try running it in Safe Mode (restart computer and tap F8 before Windows loads).

Thanks peku006

dallak
2010-11-11, 16:03
peku,

Sorry to say but even in safe mode combofix locks up my computer. I even downloaded combofix again and ran it in safe mode and it still froze up.

I am really worried, I really prefer not to have to format my system.

Any more ideads?

Thanks,

John in Minnesota

peku006
2010-11-11, 16:13
Hi John

Lets try this.......

Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

Thanks peku006

dallak
2010-11-11, 18:20
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 10:19:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541040G9SA00 rev.MB2OC60R
Running: gmer.exe; Driver: C:\DOCUME~1\john\LOCALS~1\Temp\fgtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6C53EBF]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] mwyujbz <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@DisplayName Driver Shell
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz@Description Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\mwyujbz\Parameters@ServiceDll C:\WINDOWS\system32\mxpcivny.dll
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@DisplayName Driver Shell
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz@Description Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\mwyujbz\Parameters@ServiceDll C:\WINDOWS\system32\mxpcivny.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\acaptuser32.dll

---- EOF - GMER 1.0.15 ----


peku,

some of the files with mxpcivny.dll are like what McAfee would find, I am sure you can tell what is good and what is bad.

Thanks, again,

John

peku006
2010-11-11, 19:32
Hi John

First, please delete your copy of ComboFix, and re-download it.Rename it while saving the download to commy.exe and save it to your Desktop.
Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it

Let me know how it goes.

dallak
2010-11-12, 16:03
peku,

Thank you for your patience! I downloaded exactly as you instructed and tried to run it in both regular and safe mode. Same results as before; computer locks up after the disclaimer screen.

Is there anything else I can try?

Thanks,

John

peku006
2010-11-12, 16:40
Hi John
we can continue with mbam

Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006

dallak
2010-11-12, 18:08
peku,

MB found 2 infections of conficker. Neither were in C:\System Volume Information. I had them removed, re-started the computer. Is it possible that I could keep getting re-infected with this when I hook up to the network at work? Our internet (emails) is wireless but I sometimes access Microsoft Dynamics and one other drive on the network when I am here.

thanks.

John





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 9:58:40 AM
mbam-log-2010-11-12 (09-58-40).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 255385
Time elapsed: 46 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\john\Local Settings\temp\NOD58B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.

peku006
2010-11-12, 19:20
Hi dallak

Is it possible that I could keep getting re-infected with this when I hook up to the network at work? Our internet (emails) is wireless but I sometimes access Microsoft Dynamics and one other drive on the network when
I do not think that it is possible

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Thanks peku006

dallak
2010-11-12, 20:39
kaspersky website must be down. I will try again later. anywhere else I can get it?

dallak
2010-11-12, 21:12
peku006, can you navigate to

http://support.kaspersky.com/downloads/utils/tdsskiller.zip ?

dallak
2010-11-12, 21:18
I found 2.4.1.0 on Softpedia.com. I will use that.

dallak
2010-11-12, 21:19
ran it; no threats found.


John

dallak
2010-11-12, 22:50
forgot this I was able to get the newest version from kaspersky finally.



2010/11/12 14:51:49.0507 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/12 14:51:49.0507 ================================================================================
2010/11/12 14:51:49.0507 SystemInfo:
2010/11/12 14:51:49.0507
2010/11/12 14:51:49.0507 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/12 14:51:49.0507 Product type: Workstation
2010/11/12 14:51:49.0507 ComputerName: JOHN
2010/11/12 14:51:49.0507 UserName: john
2010/11/12 14:51:49.0507 Windows directory: C:\WINDOWS
2010/11/12 14:51:49.0507 System windows directory: C:\WINDOWS
2010/11/12 14:51:49.0507 Processor architecture: Intel x86
2010/11/12 14:51:49.0507 Number of processors: 2
2010/11/12 14:51:49.0507 Page size: 0x1000
2010/11/12 14:51:49.0507 Boot type: Normal boot
2010/11/12 14:51:49.0507 ================================================================================
2010/11/12 14:51:49.0788 Initialize success
2010/11/12 14:51:52.0347 ================================================================================
2010/11/12 14:51:52.0347 Scan started
2010/11/12 14:51:52.0347 Mode: Manual;
2010/11/12 14:51:52.0347 ================================================================================
2010/11/12 14:51:53.0891 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/12 14:51:53.0907 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/12 14:51:53.0969 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/12 14:51:54.0016 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/12 14:51:54.0063 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/12 14:51:54.0172 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/12 14:51:54.0312 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/12 14:51:54.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/12 14:51:54.0406 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/12 14:51:54.0453 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/12 14:51:54.0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/12 14:51:54.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/12 14:51:54.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/12 14:51:54.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/12 14:51:55.0077 C-Dilla (4ff76600b4ca68376b80af1683799c60) C:\WINDOWS\system32\drivers\CDANT.SYS
2010/11/12 14:51:55.0357 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/12 14:51:55.0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/12 14:51:55.0482 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/12 14:51:55.0498 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/12 14:51:55.0560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/12 14:51:55.0685 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/12 14:51:55.0857 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/12 14:51:55.0919 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/12 14:51:55.0950 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/12 14:51:55.0966 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/12 14:51:55.0997 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/12 14:51:56.0028 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/12 14:51:56.0044 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/12 14:51:56.0059 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/12 14:51:56.0075 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/12 14:51:56.0106 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/12 14:51:56.0184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/12 14:51:56.0309 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/12 14:51:56.0340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/12 14:51:56.0387 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/12 14:51:56.0465 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/12 14:51:56.0512 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/12 14:51:56.0543 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/12 14:51:56.0621 e1express (da1d21bb7d9b06c64275564f8e86c94e) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/12 14:51:56.0683 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/12 14:51:56.0730 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/12 14:51:56.0871 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/12 14:51:56.0886 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/12 14:51:56.0902 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/12 14:51:56.0933 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/12 14:51:56.0949 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/12 14:51:57.0011 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/12 14:51:57.0027 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/12 14:51:57.0058 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/12 14:51:57.0151 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/12 14:51:57.0292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/12 14:51:57.0401 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/12 14:51:57.0463 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/12 14:51:57.0713 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/12 14:51:57.0885 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/12 14:51:57.0931 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/12 14:51:57.0963 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/12 14:51:57.0978 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/12 14:51:58.0025 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/12 14:51:58.0041 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/12 14:51:58.0056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/12 14:51:58.0119 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/12 14:51:58.0119 Suspicious service (NoAccess): jxrdfklf
2010/11/12 14:51:58.0150 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/12 14:51:58.0165 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/12 14:51:58.0197 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/12 14:51:58.0243 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/12 14:51:58.0306 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/11/12 14:51:58.0337 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/11/12 14:51:58.0353 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/12 14:51:58.0399 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/12 14:51:58.0431 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/12 14:51:58.0477 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/12 14:51:58.0493 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/12 14:51:58.0540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/12 14:51:58.0649 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/12 14:51:58.0789 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/12 14:51:58.0821 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/12 14:51:58.0852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/12 14:51:58.0899 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/12 14:51:58.0930 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/12 14:51:58.0945 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/12 14:51:58.0961 Suspicious service (NoAccess): mwyujbz
2010/11/12 14:51:58.0977 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/12 14:51:59.0008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/12 14:51:59.0070 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/12 14:51:59.0101 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/12 14:51:59.0117 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/12 14:51:59.0133 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/12 14:51:59.0195 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/12 14:51:59.0257 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/11/12 14:51:59.0601 NETw5x32 (3bdc90d9b12b685944f2b0896af5413c) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/11/12 14:52:00.0084 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/12 14:52:00.0131 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/12 14:52:00.0162 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2010/11/12 14:52:00.0193 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/12 14:52:00.0271 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/12 14:52:00.0349 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/12 14:52:00.0381 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/12 14:52:00.0427 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/12 14:52:00.0443 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/12 14:52:00.0505 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/12 14:52:00.0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/12 14:52:00.0568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/12 14:52:00.0583 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/12 14:52:00.0615 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/12 14:52:00.0661 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/12 14:52:00.0833 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/12 14:52:00.0849 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/12 14:52:00.0880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/12 14:52:00.0942 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/12 14:52:01.0114 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/12 14:52:01.0161 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/12 14:52:01.0176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/12 14:52:01.0192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/12 14:52:01.0223 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/12 14:52:01.0239 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/12 14:52:01.0317 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/12 14:52:01.0348 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/12 14:52:01.0379 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/12 14:52:01.0441 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/12 14:52:01.0473 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/11/12 14:52:01.0488 Suspicious service (NoAccess): riphdxo
2010/11/12 14:52:01.0504 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/11/12 14:52:01.0597 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/12 14:52:01.0644 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/12 14:52:01.0691 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/12 14:52:01.0753 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/12 14:52:01.0785 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/12 14:52:01.0816 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/12 14:52:01.0847 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/12 14:52:01.0987 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/12 14:52:02.0112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/12 14:52:02.0143 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/12 14:52:02.0206 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/12 14:52:02.0299 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/12 14:52:02.0346 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/12 14:52:02.0377 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/12 14:52:02.0518 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/12 14:52:02.0549 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
2010/11/12 14:52:02.0627 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/12 14:52:02.0689 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/11/12 14:52:02.0752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/12 14:52:02.0783 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/12 14:52:02.0799 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/12 14:52:02.0877 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/12 14:52:02.0955 TPwSav (9ffffb4c5b06c7b75e8159f1106006ac) C:\WINDOWS\system32\Drivers\TPwSav.sys
2010/11/12 14:52:02.0986 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/12 14:52:03.0048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/12 14:52:03.0126 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/12 14:52:03.0204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/12 14:52:03.0220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/12 14:52:03.0282 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/12 14:52:03.0345 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/12 14:52:03.0376 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/12 14:52:03.0423 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/12 14:52:03.0469 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/12 14:52:03.0532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/12 14:52:03.0579 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/12 14:52:03.0688 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/11/12 14:52:03.0828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/12 14:52:03.0906 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/12 14:52:03.0969 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/12 14:52:04.0265 ================================================================================
2010/11/12 14:52:04.0265 Scan finished
2010/11/12 14:52:04.0265 ================================================================================

peku006
2010-11-13, 10:54
Hi John

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

How's the computer running now? Any problems?

Thanks peku006

dallak
2010-11-13, 16:17
peku006,

I left my computer at work this weekend. I will run this first thing Monday morning. For fun, I ran Malwarebytes again and it found one instance of Conficker. Don't remember where, I saved the log and will post it Monday too. Otherwise computer seems to run OK. Still curious why it won't let me run Combofix. Hope you have a great weekend. By the way, I made a small donation to Spybot yesterday. Thanks for all your time!

John

dallak
2010-11-15, 18:38
peku066,

I have about had it with this computer. Kaspersky won't run either. Get this error when trying to download the database:

The program is starting. Please wait...
Updates source is selected: http://www.kaspersky.com
File download: packages/kos-extras.jar
null

null



Also, a window pops up with the following:

Error: License has expired!



Now what????????????

Thanks.

peku006
2010-11-15, 18:45
Hi John

Lets try this...

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic


Please post fresh dds.txt log too
Thanks peku006

dallak
2010-11-15, 21:41
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6266834ed7e40346839d2e7695571ca7
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-15 05:48:19
# local_time=2010-11-15 11:48:19 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 425036 425036 0 0
# compatibility_mode=8192 67108863 100 0 8163536 8163536 0 0
# scanned=82210
# found=0
# cleaned=0
# scan_time=3200

dallak
2010-11-15, 21:45
Logfile of random's system information tool 1.08 (written by random/random)
Run by John at 2010-11-15 13:47:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (13%) free of 38 GB
Total RAM: 1014 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:15 PM, on 11/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
C:\Program Files\Sharp\Sharpdesk\Indexer.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\john\Desktop\RSIT.exe
C:\Program Files\trend micro\John.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.*
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280770706517
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280770671086
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SmithEng.local
O17 - HKLM\Software\..\Telephony: DomainName = SmithEng.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SmithEng.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SmithEng.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EngineServer - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - Unknown owner - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

--
End of file - 13687 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-07-15 1077322]
"ZoomingHook"=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"TCtryIOHook"=C:\WINDOWS\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"IndexTray"=C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [2005-11-05 106496]
"Indexer"=C:\Program Files\Sharp\Sharpdesk\Indexer.exe [2005-11-05 184320]
"SharpTray"=C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [2005-11-05 32768]
"TypeRegChecker"=C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe [2005-11-05 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe /LOGON []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe"="C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe"="C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-15 09:59:25 ----A---- C:\WINDOWS\system32\drivers\ctnius.sys
2010-11-15 09:02:39 ----RD---- C:\32788R22FWJFW
2010-11-12 14:51:49 ----A---- C:\TDSSKiller.2.4.7.0_12.11.2010_14.51.49_log.txt
2010-11-12 13:20:26 ----A---- C:\TDSSKiller.2.4.1.0_12.11.2010_13.20.26_log.txt
2010-11-09 13:50:37 ----D---- C:\Program Files\trend micro
2010-11-09 13:50:34 ----D---- C:\rsit
2010-11-08 13:53:10 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-08 13:52:52 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-08 13:51:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2010-11-15 13:00:05 ----SD---- C:\WINDOWS\Tasks
2010-11-15 13:00:05 ----D---- C:\WINDOWS\system32
2010-11-15 13:00:02 ----SHD---- C:\System Volume Information
2010-11-15 13:00:02 ----D---- C:\WINDOWS\system32\Restore
2010-11-15 11:33:35 ----D---- C:\WINDOWS\Temp
2010-11-15 10:38:03 ----D---- C:\WINDOWS\Prefetch
2010-11-15 09:59:25 ----D---- C:\WINDOWS\system32\drivers
2010-11-15 09:59:24 ----RSD---- C:\WINDOWS\Fonts
2010-11-15 09:12:04 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-15 09:08:11 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-11-15 09:08:05 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2010-11-15 09:08:04 ----SHD---- C:\WINDOWS\CSC
2010-11-15 09:08:02 ----D---- C:\WINDOWS\system32\DLA
2010-11-15 09:02:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-15 08:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2010-11-15 08:56:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-15 07:49:48 ----D---- C:\WINDOWS\network diagnostic
2010-11-12 15:24:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-12 14:48:38 ----D---- C:\WINDOWS\java
2010-11-12 13:26:55 ----D---- C:\Sharpdesk Desktop
2010-11-12 10:04:51 ----D---- C:\WINDOWS\Registration
2010-11-12 10:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-11-12 07:51:23 ----D---- C:\WINDOWS\security
2010-11-11 10:39:48 ----SD---- C:\Documents and Settings\john\Application Data\Microsoft
2010-11-10 15:34:48 ----RD---- C:\Program Files
2010-11-10 14:43:36 ----SHD---- C:\WINDOWS\Installer
2010-11-10 14:43:36 ----D---- C:\Config.Msi
2010-11-10 14:40:30 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-08 07:46:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-08 07:41:32 ----D---- C:\WINDOWS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-12-15 55304]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-01-28 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-12-29 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2010-05-31 6608512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-16 28800]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 bitvkxy;bitvkxy; C:\WINDOWS\System32\drivers\ctnius.sys [2010-11-15 54016]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
S2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
S2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
S2 EngineServer;EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe /ServiceStart []
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-15 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-09-01 79360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

dallak
2010-11-15, 21:46
peku,

For some reason, RSIT is not generating an info.txt file when I run it.


John

dallak
2010-11-15, 23:27
peku,

How come everytime I re-boot my computer and then run Malwarbytes it finds a copy of conficker in C:\windows\system32??????

I have been disconnected from our network since Friday.

Is it hiding somewhere and re-installs automatically on re-boot?

If I run MB after it removes the file, then it does not find it again. But if I run it after re-boot, then it finds it. Here is the last MB log after re-boot.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 3:27:37 PM
mbam-log-2010-11-15 (15-27-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 258018
Time elapsed: 46 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.

peku006
2010-11-16, 10:11
Hi John

Ok ... we have to find it

RootRepeal - Rootkit Detector

Download RootRepeal from the following location and save it to your desktop.

Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)
Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)
Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)

Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

Click the OK button
Check the box for your main system drive (Usually C:), and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running

When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Thanks peku006

dallak
2010-11-16, 18:20
peku,

Here is the report. The scan only took about 5 minutes. Let me know if it shows anything.

Thanks,

John




ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/11/16 10:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ctnius.sys
Image Path: ctnius.sys
Address: 0xF770C000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA89C7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\john\local settings\temp\~dffc5b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Hidden Services
-------------------
Service Name: dalgz
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: jxrdfklf
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: mwyujbz
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: njznx
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: riphdxo
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Service Name: ykxkeb
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

==EOF==

peku006
2010-11-16, 19:05
Hi John

yes there is something.....

Please download Rooter Rootkit Detector (http://eric.71.mespages.googlepages.com/Rooter.exe) to your Desktop

Doubleclick it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive% (usually C:\Rooter.txt.
Post the report for me to see.


Thanks peku006

dallak
2010-11-16, 19:30
peku,

here is the log.


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 14 Stepping 8, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.6.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:4 Go )
D:\ [CD_Rom]
.
Scan : 11:31.57
Path : C:\Documents and Settings\john\Desktop\Rooter.exe
User : John ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (888)
______ \??\C:\WINDOWS\system32\csrss.exe (936)
______ \??\C:\WINDOWS\system32\winlogon.exe (964)
______ C:\WINDOWS\system32\services.exe (1008)
______ C:\WINDOWS\system32\lsass.exe (1020)
______ C:\WINDOWS\system32\svchost.exe (1200)
______ C:\WINDOWS\system32\svchost.exe (1288)
______ C:\WINDOWS\System32\svchost.exe (1328)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1388)
______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1420)
______ C:\WINDOWS\system32\svchost.exe (1572)
______ C:\WINDOWS\system32\svchost.exe (1620)
______ C:\WINDOWS\system32\spoolsv.exe (1960)
______ C:\WINDOWS\system32\svchost.exe (2024)
______ C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (252)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (304)
______ C:\WINDOWS\system32\DVDRAMSV.exe (432)
______ C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (476)
______ C:\WINDOWS\system32\inetsrv\inetinfo.exe (532)
______ C:\Program Files\Java\jre6\bin\jqs.exe (724)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1444)
______ C:\WINDOWS\System32\svchost.exe (1476)
______ C:\WINDOWS\System32\svchost.exe (1512)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (1532)
______ C:\WINDOWS\system32\svchost.exe (1680)
______ c:\Toshiba\IVP\swupdate\swupdtmr.exe (1692)
______ C:\WINDOWS\Explorer.EXE (384)
______ C:\WINDOWS\System32\alg.exe (2116)
______ C:\WINDOWS\system32\igfxtray.exe (2276)
______ C:\WINDOWS\system32\hkcmd.exe (2332)
______ C:\WINDOWS\system32\igfxpers.exe (2340)
______ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (2360)
______ C:\WINDOWS\System32\DLA\DLACTRLW.EXE (2388)
______ C:\Program Files\Apoint2K\Apoint.exe (2432)
______ C:\WINDOWS\AGRSMMSG.exe (2500)
______ C:\Program Files\Toshiba\Tvs\TvsTray.exe (2540)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (2560)
______ C:\WINDOWS\system32\TPSMain.exe (2584)
______ C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (2592)
______ C:\WINDOWS\system32\ZoomingHook.exe (2608)
______ C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (2616)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (2624)
______ C:\WINDOWS\system32\TCtrlIOHook.exe (2632)
______ C:\WINDOWS\system32\TDispVol.exe (2644)
______ C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (2700)
______ C:\Program Files\Sharp\Sharpdesk\IndexTray.exe (2712)
______ C:\Program Files\Sharp\Sharpdesk\Indexer.exe (2732)
______ C:\Program Files\Apoint2K\Apntex.exe (2736)
______ C:\Program Files\Sharp\Sharpdesk\SharpTray.exe (2760)
______ C:\WINDOWS\system32\TPSBattM.exe (2772)
______ C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe (2808)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2816)
______ C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (3152)
______ C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (3164)
______ C:\WINDOWS\system32\ctfmon.exe (3176)
______ C:\WINDOWS\system32\RAMASST.exe (3276)
______ C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe (3304)
______ C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (2476)
______ C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (3120)
______ C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (352)
______ C:\Program Files\Internet Explorer\iexplore.exe (840)
______ C:\Program Files\Internet Explorer\iexplore.exe (3480)
______ C:\Program Files\Internet Explorer\iexplore.exe (2696)
______ C:\WINDOWS\system32\dllhost.exe (3356)
______ C:\WINDOWS\system32\inetsrv\DavCData.exe (3632)
______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(3284)
______ C:\Documents and Settings\john\Desktop\Rooter.exe (5160)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:39810322944)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:32.06
.
C:\Rooter$\Rooter_1.txt - (16/11/2010 | 11:32.06)

peku006
2010-11-16, 19:59
Hi John

Please download MBRCheck by ad_13 (http://ad13.geekstogo.com/MBRCheck.exe) and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

Thanks peku006

dallak
2010-11-16, 21:09
peku, here it is, thanks! Please advise.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7C0C000 \WINDOWS\system32\KDCOM.DLL
0xF7B1C000 \WINDOWS\system32\BOOTVID.dll
0xF770C000 ipukke.sys
0xF76BD000 ACPI.sys
0xF7C0E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF76AC000 pci.sys
0xF771C000 isapnp.sys
0xF772C000 ohci1394.sys
0xF773C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B20000 compbatt.sys
0xF7B24000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7CD4000 pciide.sys
0xF798C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF768E000 pcmcia.sys
0xF774C000 MountMgr.sys
0xF766F000 ftdisk.sys
0xF7C10000 dmload.sys
0xF7649000 dmio.sys
0xF7B28000 ACPIEC.sys
0xF7CD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7994000 PartMgr.sys
0xF775C000 VolSnap.sys
0xF7631000 atapi.sys
0xF776C000 disk.sys
0xF777C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7611000 fltmgr.sys
0xF75FF000 sr.sys
0xF75E9000 DRVMCDB.SYS
0xF778C000 PxHelp20.sys
0xF75D2000 KSecDD.sys
0xF7545000 Ntfs.sys
0xF7518000 NDIS.sys
0xF74FE000 Mup.sys
0xF779C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF78DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7343000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF732F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7307000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF72C9000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF6C7B000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF7A1C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C57000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A24000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C2F000 \SystemRoot\system32\drivers\tifm21.sys
0xF6C1B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7BF0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7A2C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6C02000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78FC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7C30000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF790C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF791C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6BDF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7CE3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7C38000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7AAC000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF74D6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF780C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF781C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BB7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF782C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7ACC000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF6B87000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF783C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7C3A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B01000 \SystemRoot\system32\DRIVERS\update.sys
0xF74BA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF784C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA3B3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA38F000 \SystemRoot\system32\drivers\portcls.sys
0xF786C000 \SystemRoot\system32\drivers\drmk.sys
0xF787C000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF7AEC000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF788C000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA27C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7C44000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF797C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7C6A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E34000 \SystemRoot\System32\Drivers\Null.SYS
0xF7C6C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79C4000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF79CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79D4000 \SystemRoot\System32\drivers\vga.sys
0xF7C6E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C70000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAA223000 \SystemRoot\System32\Drivers\meiudf.sys
0xAA212000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF79DC000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79E4000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C04000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA1FF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1A6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF77AC000 \SystemRoot\system32\drivers\mfetdik.sys
0xAA158000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA130000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77BC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA06E000 \SystemRoot\System32\drivers\afd.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6B73000 \SystemRoot\System32\Drivers\TPwSav.sys
0xAA043000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF77DC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9FD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77EC000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79EC000 \SystemRoot\System32\Drivers\tcusb.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7BC8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F4000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D66000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA0A0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7DC4000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA9E55000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA9ED3000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7CA4000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7CA6000 \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
0xF7A54000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA9E3D000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9E27000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF7A6C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9E7F000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA9F83000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9EDF000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xA9BA2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7C14000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA9A32000 \SystemRoot\system32\DRIVERS\srv.sys
0xA960D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA99BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A0C000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA922A000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA93CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8AFE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
872 C:\WINDOWS\system32\smss.exe
936 csrss.exe
960 C:\WINDOWS\system32\winlogon.exe
1004 C:\WINDOWS\system32\services.exe
1016 C:\WINDOWS\system32\lsass.exe
1208 C:\WINDOWS\system32\svchost.exe
1276 svchost.exe
1316 C:\WINDOWS\system32\svchost.exe
1372 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1408 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1444 svchost.exe
1628 svchost.exe
1880 C:\WINDOWS\system32\spoolsv.exe
300 svchost.exe
344 C:\WINDOWS\system32\drivers\CDANTSRV.EXE
132 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
472 C:\WINDOWS\system32\DVDRAMSV.exe
524 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
572 C:\WINDOWS\system32\inetsrv\inetinfo.exe
640 C:\Program Files\Java\jre6\bin\jqs.exe
664 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
692 C:\WINDOWS\system32\svchost.exe
732 C:\WINDOWS\system32\svchost.exe
772 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1064 C:\WINDOWS\system32\svchost.exe
1240 C:\Toshiba\IVP\swupdate\swupdtmr.exe
1588 alg.exe
564 C:\WINDOWS\explorer.exe
1984 C:\WINDOWS\system32\igfxtray.exe
2008 C:\WINDOWS\system32\hkcmd.exe
2016 C:\WINDOWS\system32\igfxpers.exe
2116 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2124 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2140 C:\Program Files\Apoint2K\Apoint.exe
2148 C:\WINDOWS\agrsmmsg.exe
2176 C:\Program Files\Toshiba\Tvs\TvsTray.exe
2200 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
2208 C:\WINDOWS\system32\TPSMain.exe
2224 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
2244 C:\WINDOWS\system32\ZoomingHook.exe
2420 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
2436 C:\Program Files\Toshiba\TouchPad\TPTray.exe
2444 C:\WINDOWS\system32\TCtrlIOHook.exe
2580 C:\WINDOWS\system32\TDispVol.exe
2692 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2832 C:\WINDOWS\system32\TPSBattM.exe
2836 C:\Program Files\SHARP\Sharpdesk\IndexTray.exe
2852 C:\Program Files\Apoint2K\ApntEx.exe
2864 C:\Program Files\SHARP\Sharpdesk\Indexer.exe
3000 C:\Program Files\SHARP\Sharpdesk\SharpTray.exe
3252 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3744 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3752 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3760 C:\WINDOWS\system32\ctfmon.exe
3900 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
3912 C:\WINDOWS\system32\RAMASST.exe
2308 C:\Program Files\Internet Explorer\iexplore.exe
2356 C:\Program Files\Internet Explorer\iexplore.exe
3032 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
884 C:\Documents and Settings\john\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541040G9SA00, Rev: MB2OC60R

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


Done!

peku006
2010-11-16, 22:11
Hi John

Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.

Files to delete:
C:\WINDOWS\system32\mxpcivny.dll

Drivers to delete:
jxrdfklf
mwyujbz
riphdxo

In the avenger window, click the Paste Script from Clipboard, http://img220.imageshack.us/img220/8923/pastets4.png button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log your next reply.

Thanks peku006

dallak
2010-11-16, 22:47
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\mxpcivny.dll" not found!
Deletion of file "C:\WINDOWS\system32\mxpcivny.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "jxrdfklf" deleted successfully.
Driver "mwyujbz" deleted successfully.
Driver "riphdxo" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

peku006
2010-11-16, 23:25
Hi John

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png


next...
download a fresh copy of Combofix and save it to your desktop and try to run it.

Thanks peku006

dallak
2010-11-18, 00:31
peku,

sorry for taking so long to reply, I was out of the office. I got a little farther with combofix. Got the blue screen, got the 3 lines of text where it tells you it could take 10 minutes or longer to scan depending on how infected your computer is. Cursor goes back to the left and starts blinking but it gets stuck there. I waited a very long time and my only course is to power down the computer again. Can't open task manager or any program. Can't shut down combofix either. I did the removal first like you told me too. I tried it in safe mode with the same result.

combofix took care of my problem last time you guys helped me. Would be nice if we can figure out a way to get it to run.

let me know your thoughts, thanks again!!!!!!!!!!!!!

John

peku006
2010-11-18, 10:41
Hi John

OK..but I'm not quite sure why combofix is not working, I need more "information"

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

:regfind
jxrdfklf
mwyujbz
riphdxo


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

I'd like you to check a file for Viruses.

Go to VirusTotal (http://www.virustotal.com) or Jotti's (http://virusscan.jotti.org/)

C:\WINDOWS\system32\drivers\ctnius.sys

Copy/Paste file into the white Upload a file box.
Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
After a while, a window will open, with details of what the scans found.
Copy and Paste results in your next reply.

Please reply with

SystemLook.txt along with the jotti's results

Thanks peku006

dallak
2010-11-18, 19:45
I am working on the virus check. Here is systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 11:45 on 18/11/2010 by John
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AgereSoftModem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aha154x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78u2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AliIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApfiltrService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Arp1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3350p]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASCTRM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atmarpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\audstub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-Dilla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-DillaSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CFSvcs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Changer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac960nt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dalgz]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLABOIOM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLACDBHM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLADResN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAIFS_M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAOPIOM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAPoolM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLARTL_N]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDFAM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDF_M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmboot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmload]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dpti2o]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVMCDB]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVNDDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DVD-RAM_Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e1express]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EngineServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EPSON_PM_RPCV4_01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FdRedir]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileDisk2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fips]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ftdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Imapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ini910u]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ip6Fw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lbd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\meiudf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\myAgtSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdevio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETw5x32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIC1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\njznx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ParVdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIDump]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRELI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2hib]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ptilink]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql12160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Raspti]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redbook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimVSerPort]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTMODEM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RoxLiveShare9]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Simbad]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smihlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SolidWorks Licensing Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SONYPVU1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sparrow]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splitter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Srv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StillCam]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swmidi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Swupdtmr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc810]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBiosDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tifm21]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPwSav]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tvs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ultra]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhareut]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VolSnap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vxd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDICA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wdmaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykxkeb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{67F17C15-BFAA-4FFE-A787-A71449028CC8}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}]


========== regfind ==========

Searching for "jxrdfklf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem

FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger

Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS

Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov

BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz

ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JXRDFKLF]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JXRDFKLF\0000]
"Service"="jxrdfklf"

Searching for "mwyujbz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem

FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger

Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS

Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov

BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz

ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MWYUJBZ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MWYUJBZ\0000]
"Service"="mwyujbz"

Searching for "riphdxo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem

FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger

Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS

Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov

BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc mwyujbz jxrdfklf riphdxo dalgz

ykxkeb njznx vhareut"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RIPHDXO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RIPHDXO\0000]
"Service"="riphdxo"

-= EOF =-

dallak
2010-11-18, 19:51
either conficker won't let me navigate to either site or both sites are down. Get the screen that IE cannot display the webpage for both sites.

dallak
2010-11-18, 19:53
tried both with Firefox and it says it can't locate the servers.

peku006
2010-11-19, 09:59
Hi John
ok......we can check that file later

will continue with this........

1. Download the FixDownadup.exe file from here (http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe)
2. Save the file to a convenient location, such as your Windows desktop.

NOTE : If you are on a network or if you have a full-time connection to the Internet, disconnect the computer to the network or to the Internet connection.

3. Close all the running programs.

4. Locate the file that you just downloaded.
5. Double-click the FixDownadup.exe file to start the removal tool.
6. Click Start to begin the process, and then allow the tool to run.

NOTE: If you have any problems when you run the tool, or it does nor appear to remove the threat, restart the computer in Safe mode and run the tool again.

7. Restart the computer.
8. Run the removal tool again to ensure that the system is clean.
9. Install patch for the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (http://www.securityfocus.com/bid/31874/solution) by choosing your operating system.
10. If you are on a network or if you have a full-time connection to the Internet, reconnect the computer to the network or to the Internet connection.

after that run mbam again

Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006

dallak
2010-11-19, 20:04
peku006,

This is very frustrating. Ran fixdownadup as you instructed (twice). Worm wouldn't let me navigate to symantec so I had to download it from another computer. It detected something, so I ran it again. Then for fun I attempted to navigate to Symantec and it worked. But less than an hour later, I was unable to navigate to these sites and MB picked up an infection again. It's lurking and regenerating!!! Aliens in my computer!!!!!!!!!! Here are MB log and fixdownadup log.

HELP!!!!!!!!!!!!!!!!!!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/19/2010 11:48:34 AM
mbam-log-2010-11-19 (11-48-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 259140
Time elapsed: 1 hour(s), 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.



Here is fixdownadup log:


Symantec W32.Downadup Removal Tool 1.1.0.7
process: svchost.exe, thread: 0000015C (terminated)
process: svchost.exe, thread: 00000F90 (terminated)
process: svchost.exe, thread: 00000A9C (terminated)
process: svchost.exe, thread: 00000FE0 (terminated)
process: svchost.exe, thread: 00000944 (terminated)
process: svchost.exe, thread: 0000080C (terminated)
process: svchost.exe, thread: 00000700 (terminated)
process: svchost.exe, thread: 000001F4 (terminated)
process: svchost.exe (terminated)


ERROR: Can't change ACL/permissions for file C:\Documents and Settings\john kallas\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db; file not scanned

ERROR: Can't change ACL/permissions for file C:\Documents and Settings\john kallas\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow; file not scanned

registry: HKLM\system\CurrentControlSet\Services\BITS: Start (value set to 0x00000003 (3))
registry: HKLM\system\CurrentControlSet\Services\wuauserv: Start (value set to 0x00000002 (2))
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC}\AutoStart (value set to "")

W32.Downadup has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 81528
The number of deleted threat files: 0
The number of threat processes terminated: 1
The number of threat threads terminated: 8
The number of registry entries fixed: 3

The system requires a reboot but was not rebooted.
To clean up all remnants of the threat from the system it must be rebooted.

peku006
2010-11-20, 09:14
Hi John
yeah ,it comes back

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).


Thanks peku006

dallak
2010-11-20, 23:51
I will do this first thing, Monday.

Thanks!

dallak
2010-11-23, 20:11
Peku006, sorry for taking so long, I have been away from the office. Here is the OTS log. Had to splint into two posts. Let me know if you see anything unusual.

[code]
OTS logfile created on: 11/23/2010 12:08:55 PM - Run 1
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\john\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.08 Gb Total Space | 4.51 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN
Current User Name: john
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
acrotray.exe -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
inetinfo.exe -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
e_s40rp7.exe -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
isuspm.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
tdispvol.exe -> C:\WINDOWS\system32\TDispVol.exe -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
tptray.exe -> C:\Program Files\Toshiba\TouchPad\TPTray.exe -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
tctrliohook.exe -> C:\WINDOWS\system32\TCtrlIOHook.exe -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
ceekey.exe -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
tvstray.exe -> C:\Program Files\Toshiba\Tvs\TvsTray.exe -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation)
s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
sharptray.exe -> C:\Program Files\SHARP\Sharpdesk\SharpTray.exe -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
indexer.exe -> C:\Program Files\SHARP\Sharpdesk\Indexer.exe -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
indextray.exe -> C:\Program Files\SHARP\Sharpdesk\IndexTray.exe -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
dlactrlw.exe -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
padexe.exe -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
swupdtmr.exe -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
zoominghook.exe -> C:\WINDOWS\system32\ZoomingHook.exe -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
tpsmain.exe -> C:\WINDOWS\system32\TPSMain.exe -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
tpsbattm.exe -> C:\WINDOWS\system32\TPSBattM.exe -> [2005/05/31 19:16:24 | 000,045,056 | ---- | M] (TOSHIBA Corporation)
smoothview.exe -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
cfsvcs.exe -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
toscdspd.exe -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
ramasst.exe -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
dvdramsv.exe -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
cdantsrv.exe -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
tdispvol.dll -> C:\WINDOWS\system32\TDispVol.dll -> [2002/03/03 06:40:00 | 000,045,056 | ---- | M] ()

[Win32 Services - Safe List]
(RoxLiveShare9) LiveShare P2P Server 9 [Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found
(PEVSystemStart) PEVSystemStart [Auto | Stopped] -> C:\conremoval\PEV.cfx -> File not found
(myAgtSvc) McAfee Virus and Spyware Protection Service [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> File not found
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(EngineServer) EngineServer [Auto | Stopped] -> C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -> File not found
(SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -> [2010/09/01 10:23:24 | 000,079,360 | ---- | M] (SolidWorks)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/15 15:02:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.)
(W3SVC) World Wide Web Publishing [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
(SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
(IISADMIN) IIS Admin [Auto | Running] -> C:\WINDOWS\system32\inetsrv\inetinfo.exe -> [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped] -> C:\Program Files\WinPcap\rpcapd.exe -> [2007/11/06 14:22:26 | 000,092,792 | ---- | M] (CACE Technologies)
(EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Auto | Running] -> C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION)
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation )
(EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation)
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation)
(Swupdtmr) Swupdtmr [Auto | Running] -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2005/07/12 19:14:42 | 000,040,960 | ---- | M] ()
(CFSvcs) ConfigFree Service [Auto | Running] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
(DVD-RAM_Service) DVD-RAM_Service [Auto | Running] -> C:\WINDOWS\system32\DVDRAMSV.exe -> [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
(C-DillaSrv) C-DillaSrv [Auto | Running] -> C:\WINDOWS\system32\drivers\CDANTSRV.EXE -> [2001/09/10 21:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd)

[Driver Services - Safe List]
(smihlp) SMI helper driver [Kernel | Auto | Stopped] -> C:\Program Files\Protector Suite QL\smihlp.sys -> File not found
(Lbd) Lbd [File_System | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\Lbd.sys -> File not found
(FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -> File not found
(FdRedir) FdRedir [File_System | Auto | Stopped] -> C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\john\LOCALS~1\Temp\catchme.sys -> File not found
(NETw5x32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw5x32.sys -> [2010/05/31 12:58:35 | 006,608,512 | ---- | M] (Intel Corporation)
(mfetdik) McAfee Inc. mfetdik [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfetdik.sys -> [2009/12/15 14:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.)
(nm) Network Monitor Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 12:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2007/12/11 23:34:40 | 000,242,320 | ---- | M] (Intel Corporation)
(NPF) NetGroup Packet Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\npf.sys -> [2007/11/06 14:22:06 | 000,034,064 | ---- | M] (CACE Technologies)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2005/12/29 14:21:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2005/12/16 17:40:32 | 000,028,800 | ---- | M] (UPEK Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2005/12/09 18:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.)
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\w39n51.sys -> [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel Corporation)
(TPwSav) Common Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPwSav.sys -> [2005/12/01 12:55:24 | 000,011,264 | ---- | M] (TOSHIBA )
(Tvs) TOSHIBA Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Tvs.sys -> [2005/11/30 13:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation)
(tifm21) tifm21 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tifm21.sys -> [2005/11/30 12:12:36 | 000,162,560 | ---- | M] (Texas Instruments)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/10/06 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/10/06 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/10/06 07:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/10/06 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/10/06 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/10/06 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/10/06 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 05:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 14:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 14:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(meiudf) meiudf [File_System | System | Running] -> C:\WINDOWS\system32\drivers\meiudf.sys -> [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.)
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Apfiltr.sys -> [2004/11/15 18:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.)
(TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tbiosdrv.sys -> [2003/06/11 10:53:22 | 000,006,867 | ---- | M] ()
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Netdevio.sys -> [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
(C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CDANT.SYS -> [2001/09/10 21:09:46 | 000,057,392 | ---- | M] (Macrovision)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: Main\\"Start Page" -> http://www.google.com/webhp?rls=ig ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\: "ProxyOverride" -> 192.168.1.*;127.0.0.*;192.168.0.*;192.168.2.* ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\john\Application Data\Mozilla\FireFox\Profiles\8kgpj2zy.default\prefs.js ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/11/18 11:53:37 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/11/23 11:48:34 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\john\Application Data\Mozilla\Extensions -> [2010/11/18 11:53:45 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
No name found -> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\8kgpj2zy.default\extensions\staged-xpis -> [2010/11/18 11:53:50 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/05/03 15:14:07 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/03 15:14:08 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/07/27 09:06:07 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/10/06 07:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acrobat Assistant 8.0" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008/06/12 01:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated)
"CeEKEY" -> C:\Program Files\Toshiba\E-KEY\CeEKey.exe [C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe] -> [2005/12/01 13:13:42 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.)
"DLA" -> C:\WINDOWS\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/10/06 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions)
"Indexer" -> C:\Program Files\Sharp\Sharpdesk\Indexer.exe ["C:\Program Files\Sharp\Sharpdesk\Indexer.exe"] -> [2005/11/05 19:34:44 | 000,184,320 | ---- | M] (SHARP CORPORATION)
"IndexTray" -> C:\Program Files\Sharp\Sharpdesk\IndexTray.exe ["C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"] -> [2005/11/05 19:32:54 | 000,106,496 | ---- | M] (SHARP CORPORATION)
"IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation)
"MVS Splash" -> C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ["C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON] -> File not found
"PadTouch" -> C:\Program Files\Toshiba\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> [2005/07/15 12:52:42 | 001,077,322 | ---- | M] (TOSHIBA)
"Pinger" -> c:\toshiba\ivp\ism\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
"SharpTray" -> C:\Program Files\Sharp\Sharpdesk\SharpTray.exe ["C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"] -> [2005/11/05 19:47:24 | 000,032,768 | ---- | M] (SHARP CORPORATION)
"SmoothView" -> C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation)
"TCtryIOHook" -> C:\WINDOWS\System32\TCtrlIOHook.exe [TCtrlIOHook.exe] -> [2005/12/05 16:50:22 | 000,028,672 | ---- | M] (TOSHIBA)
"TDispVol" -> C:\WINDOWS\System32\TDispVol.exe [TDispVol.exe] -> [2005/12/27 19:34:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
"TPNF" -> C:\Program Files\Toshiba\TouchPad\TPTray.exe [C:\Program Files\TOSHIBA\TouchPad\TPTray.exe] -> [2005/12/13 18:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.)
"TPSMain" -> C:\WINDOWS\System32\TPSMain.exe [TPSMain.exe] -> [2005/05/31 19:16:44 | 000,282,624 | ---- | M] (TOSHIBA Corporation)
"Tvs" -> C:\Program Files\Toshiba\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation)
"TypeRegChecker" -> C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe ["C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"] -> [2005/11/05 19:35:22 | 000,057,344 | ---- | M] (SHARP CORPORATION)
"ZoomingHook" -> C:\WINDOWS\System32\ZoomingHook.exe [ZoomingHook.exe] -> [2005/06/06 11:58:44 | 000,024,576 | ---- | M] (TOSHIBA)
< Run [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ISUSPM" -> C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation)
"TOSCDSPD" -> C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe -> [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< john Startup Folder > -> C:\Documents and Settings\john\Start Menu\Programs\Startup ->
< john kallas Startup Folder > -> C:\Documents and Settings\john kallas\Start Menu\Programs\Startup ->
< johnk Startup Folder > -> C:\Documents and Settings\johnk\Start Menu\Programs\Startup ->
< McAfeeMVSUser Startup Folder > -> C:\Documents and Settings\McAfeeMVSUser\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found
< Software Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\\"NoResolveSearch" -> [1] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Backward Links -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
Cached Snapshot of Page -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008/06/11 21:42:44 | 000,345,480 | ---- | M] (Adobe Systems Incorporated)
Similar Pages -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
Translate into English -> C:\Program Files\Google\GoogleToolbar1.dll [res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html] -> [2005/12/29 13:51:51 | 000,720,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Sun Java Console] -> [2010/04/12 16:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 18 domain(s) found. ->
//about.htm/ .[myui] -> Trusted sites ->
//Exclude.htm/ .[myui] -> Trusted sites ->
//LanguageSelection.htm/ .[myui] -> Trusted sites ->
//Message.htm/ .[myui] -> Trusted sites ->
//MyAgttryCmd.htm/ .[myui] -> Trusted sites ->
//MyAgttryNag.htm/ .[myui] -> Trusted sites ->
//MyNotification.htm/ .[myui] -> Trusted sites ->
//NOCLessUpdate.htm/ .[myui] -> Trusted sites ->
//quarantine.htm/ .[myui] -> Trusted sites ->
//ScanNow.htm/ .[myui] -> Trusted sites ->
//strings.vbs/ .[myui] -> Trusted sites ->
//Template.htm/ .[myui] -> Trusted sites ->
//Update.htm/ .[myui] -> Trusted sites ->
//VirFound.htm/ .[myui] -> Trusted sites ->
www_isqft.com [https] -> Trusted sites ->
*_mcafee.com [http] -> Trusted sites ->
*_mcafee.com [https] -> Trusted sites ->
betavscan_mcafeeasap.com [http] -> Trusted sites ->
betavscan_mcafeeasap.com [https] -> Trusted sites ->
vs_mcafeeasap.com [http] -> Trusted sites ->
vs_mcafeeasap.com [https] -> Trusted sites ->
www_mcafeeasap.com [http] -> Trusted sites ->
www_mcafeeasap.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
www_isqft.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4819 domain(s) found. ->
www_isqft.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4818 domain(s) found. ->
www_isqft.com [https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\] > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/sites/production/ieawsdc32.cab [Microsoft Office Template and Media Control] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab [Windows Live Safety Center Base Module] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280770706517 [WUWebControl Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280770671086 [MUWebControl Class] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.254 ->
Domain -> SmithEng.local ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/1000 PL Network Connection) ->
{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}\\DhcpNameServer -> 192.168.1.254 (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2005/11/28 15:51:04 | 000,135,168 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> File not found
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe [C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe] -> File not found
"C:\Program Files\HP\HP Software Update\hpwucli.exe" -> C:\Program Files\HP\HP Software Update\hpwucli.exe [C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe] -> File not found
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> [2008/04/13 18:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
"D:\setup\hpznui01.exe" -> D:\setup\hpznui01.exe [D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 16:33:08 | 000,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" -> C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent] -> File not found
"C:\Program Files\SHARP\Sharpdesk\FTPServer.exe" -> C:\Program Files\SHARP\Sharpdesk\FTPServer.exe [C:\Program Files\SHARP\Sharpdesk\FTPServer.exe:*:Enabled:Network Scanner Tool] -> [2005/11/05 19:04:26 | 000,688,128 | ---- | M] (SHARP CORPORATION)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2005/03/17 19:37:26 | 000,151,552 | ---- | M] (TOSHIBA Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> [2004/11/03 17:06:34 | 000,462,848 | ---- | M] (TOSHIBA Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-231871864-4208583636-2575965058-1167\SOFTWARE\Classes\<extension>\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

dallak
2010-11-23, 20:12
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:42 | 000,642,048 | ---- | C] (OldTimer Tools)
conremoval -> C:\conremoval -> [2010/11/19 16:17:22 | 000,000,000 | --SD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/11/19 14:04:48 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/11/19 14:04:48 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/11/19 14:04:48 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/11/19 14:04:48 | 000,031,232 | ---- | C] (NirSoft)
Qoobox -> C:\Qoobox -> [2010/11/19 14:04:36 | 000,000,000 | ---D | C]
windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | C] (Microsoft Corporation)
Mozilla -> C:\Documents and Settings\john\Local Settings\Application Data\Mozilla -> [2010/11/18 11:53:35 | 000,000,000 | ---D | C]
fixit -> C:\fixit -> [2010/11/17 15:35:43 | 000,000,000 | --SD | C]
Rooter$ -> C:\Rooter$ -> [2010/11/16 11:32:06 | 000,000,000 | ---D | C]
Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:30:59 | 000,173,119 | ---- | C] (Eric_71)
RootRepeal.exe -> C:\Documents and Settings\john\Desktop\RootRepeal.exe -> [2010/11/16 10:10:18 | 000,472,064 | ---- | C] ( )
TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/12 13:20:12 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO)
McAfee -> C:\Documents and Settings\john\Desktop\McAfee -> [2010/11/10 15:21:58 | 000,000,000 | ---D | C]
trend micro -> C:\Program Files\trend micro -> [2010/11/09 13:50:37 | 000,000,000 | ---D | C]
rsit -> C:\rsit -> [2010/11/09 13:50:34 | 000,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/11/08 13:53:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/11/08 13:52:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/11/08 13:51:36 | 000,000,000 | ---D | C]
mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:30 | 006,153,352 | ---- | C] (Malwarebytes Corporation )
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\john\Desktop\OTS.exe -> [2010/11/23 12:07:53 | 000,642,048 | ---- | M] (OldTimer Tools)
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/11/23 11:48:36 | 000,001,769 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/11/23 11:46:57 | 000,001,158 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/11/23 11:46:07 | 000,002,048 | --S- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/11/20 23:41:01 | 000,000,284 | ---- | M] ()
conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | M] ()
windows-kb890830-v3.13.exe -> C:\Documents and Settings\john\Desktop\windows-kb890830-v3.13.exe -> [2010/11/19 13:41:22 | 011,843,016 | ---- | M] (Microsoft Corporation)
Microsoft Office Word 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk -> [2010/11/19 09:44:29 | 000,002,515 | ---- | M] ()
SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:16 | 000,075,264 | ---- | M] ()
complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | M] ()
MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:10 | 000,080,384 | ---- | M] ()
Rooter.exe -> C:\Documents and Settings\john\Desktop\Rooter.exe -> [2010/11/16 11:31:02 | 000,173,119 | ---- | M] (Eric_71)
fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/12 15:43:51 | 002,348,928 | ---- | M] ()
Launch Microsoft Office Outlook.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> [2010/11/10 15:58:22 | 000,000,832 | ---- | M] ()
MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | M] ()
Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:52 | 000,044,548 | ---- | M] ()
Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | M] ()
info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | M] ()
info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | M] ()
RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:19 | 000,339,991 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | M] ()
mbam-setup-1.46.exe -> C:\Documents and Settings\john\Desktop\mbam-setup-1.46.exe -> [2010/11/08 13:50:31 | 006,153,352 | ---- | M] (Malwarebytes Corporation )
scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:36:18 | 000,630,272 | ---- | M] ()
dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:28:58 | 000,630,272 | ---- | M] ()
TDSSKiller.exe -> C:\Documents and Settings\john\Desktop\TDSSKiller.exe -> [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO)
gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/08 10:32:38 | 000,296,448 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/11/08 07:46:02 | 000,495,580 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/11/08 07:46:02 | 000,090,626 | ---- | M] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/08 01:20:24 | 000,089,088 | ---- | M] ()
Microsoft Office Excel 2003.lnk -> C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk -> [2010/11/02 08:02:23 | 000,002,513 | ---- | M] ()
bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:09 | 000,051,045 | ---- | M] ()
bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | M] ()
pool.bin -> C:\WINDOWS\System32\pool.bin -> [2010/11/01 07:43:41 | 000,000,256 | ---- | M] ()
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
18 C:\Documents and Settings\john\Local Settings\temp\*.tmp files -> C:\Documents and Settings\john\Local Settings\temp\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
conremoval.exe -> C:\Documents and Settings\john\Desktop\conremoval.exe -> [2010/11/19 14:13:23 | 003,911,939 | R--- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/11/19 14:04:48 | 000,256,512 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/11/19 14:04:48 | 000,098,816 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/11/19 14:04:48 | 000,089,088 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/11/19 14:04:48 | 000,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/11/19 14:04:48 | 000,068,096 | ---- | C] ()
fixdownadup.exe -> C:\Documents and Settings\john\Desktop\fixdownadup.exe -> [2010/11/19 08:15:29 | 002,348,928 | ---- | C] ()
SystemLook.exe -> C:\Documents and Settings\john\Desktop\SystemLook.exe -> [2010/11/18 11:45:15 | 000,075,264 | ---- | C] ()
complaint form.pdf -> C:\Documents and Settings\john\Desktop\complaint form.pdf -> [2010/11/17 16:18:51 | 000,118,747 | ---- | C] ()
avenger.exe -> C:\Documents and Settings\john\Desktop\avenger.exe -> [2010/11/16 14:44:16 | 000,731,136 | ---- | C] ()
MBRCheck.exe -> C:\Documents and Settings\john\Desktop\MBRCheck.exe -> [2010/11/16 13:10:09 | 000,080,384 | ---- | C] ()
gmer.exe -> C:\Documents and Settings\john\Desktop\gmer.exe -> [2010/11/11 09:12:34 | 000,296,448 | ---- | C] ()
MCPR.exe -> C:\Documents and Settings\john\Desktop\MCPR.exe -> [2010/11/10 15:31:30 | 001,373,616 | ---- | C] ()
Logfile.pdf -> C:\Documents and Settings\john\Desktop\Logfile.pdf -> [2010/11/09 13:57:47 | 000,044,548 | ---- | C] ()
Logfile.doc -> C:\Documents and Settings\john\Desktop\Logfile.doc -> [2010/11/09 13:57:41 | 000,098,816 | ---- | C] ()
info.pdf -> C:\Documents and Settings\john\Desktop\info.pdf -> [2010/11/09 13:56:31 | 000,036,434 | ---- | C] ()
info.doc -> C:\Documents and Settings\john\Desktop\info.doc -> [2010/11/09 13:55:43 | 000,092,672 | ---- | C] ()
RSIT.exe -> C:\Documents and Settings\john\Desktop\RSIT.exe -> [2010/11/09 13:50:16 | 000,339,991 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/11/08 13:53:13 | 000,000,736 | ---- | C] ()
scan.com -> C:\Documents and Settings\john\Desktop\scan.com -> [2010/11/08 13:35:59 | 000,630,272 | ---- | C] ()
dds.scr -> C:\Documents and Settings\john\Desktop\dds.scr -> [2010/11/08 13:23:50 | 000,630,272 | ---- | C] ()
bug2.pdf -> C:\Documents and Settings\john\Desktop\bug2.pdf -> [2010/11/01 09:17:01 | 000,051,045 | ---- | C] ()
bug1.pdf -> C:\Documents and Settings\john\Desktop\bug1.pdf -> [2010/11/01 09:16:42 | 000,098,865 | ---- | C] ()
housecall.guid.cache -> C:\Documents and Settings\john\Local Settings\Application Data\housecall.guid.cache -> [2010/07/12 14:05:11 | 000,000,036 | ---- | C] ()
hitmanpro35.sys -> C:\WINDOWS\System32\drivers\hitmanpro35.sys -> [2010/07/08 10:45:32 | 000,016,968 | ---- | C] ()
TPTray.INI -> C:\WINDOWS\TPTray.INI -> [2010/02/26 13:16:22 | 000,000,000 | ---- | C] ()
BBMS_EXCEPTION.txt -> C:\Documents and Settings\john\Application Data\BBMS_EXCEPTION.txt -> [2010/01/22 10:50:32 | 000,000,364 | ---- | C] ()
eDrawingOfficeAutomator.INI -> C:\WINDOWS\eDrawingOfficeAutomator.INI -> [2009/10/20 09:40:22 | 000,000,000 | ---- | C] ()
$_hpcst$.hpc -> C:\Documents and Settings\john\Application Data\$_hpcst$.hpc -> [2009/08/28 12:13:40 | 000,002,528 | ---- | C] ()
WirelessFTP.INI -> C:\WINDOWS\WirelessFTP.INI -> [2009/08/27 15:11:33 | 000,000,098 | ---- | C] ()
ccolwiz.ini -> C:\WINDOWS\ccolwiz.ini -> [2009/08/27 12:37:22 | 000,000,152 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/08/27 11:48:07 | 000,007,168 | ---- | C] ()
fontlst2.opf -> C:\Documents and Settings\john\Application Data\fontlst2.opf -> [2009/08/26 19:03:14 | 000,594,638 | ---- | C] ()
_isusr32.dll -> C:\WINDOWS\_isusr32.dll -> [2009/08/26 18:32:46 | 000,159,744 | ---- | C] ()
_isusr2k.dll -> C:\WINDOWS\System32\_isusr2k.dll -> [2009/08/26 18:32:39 | 000,045,056 | ---- | C] ()
ush2.dll -> C:\WINDOWS\System32\ush2.dll -> [2009/08/26 18:32:38 | 000,122,880 | ---- | C] ()
OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 14:07:42 | 000,403,816 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/05/18 11:18:15 | 000,009,731 | ---- | C] ()
smtpctrs.ini -> C:\WINDOWS\System32\smtpctrs.ini -> [2008/02/05 08:54:40 | 000,021,791 | ---- | C] ()
ntfsdrct.ini -> C:\WINDOWS\System32\ntfsdrct.ini -> [2008/02/05 08:54:40 | 000,001,037 | ---- | C] ()
w3ctrs.ini -> C:\WINDOWS\System32\w3ctrs.ini -> [2008/02/05 08:54:02 | 000,038,576 | ---- | C] ()
axperf.ini -> C:\WINDOWS\System32\axperf.ini -> [2008/02/05 08:54:02 | 000,010,225 | ---- | C] ()
infoctrs.ini -> C:\WINDOWS\System32\infoctrs.ini -> [2008/02/05 08:54:01 | 000,011,435 | ---- | C] ()
dirsaver.ini -> C:\WINDOWS\dirsaver.ini -> [2008/01/28 15:19:37 | 000,000,012 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/01/28 15:07:27 | 000,000,002 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2008/01/28 14:52:29 | 000,000,061 | ---- | C] ()
IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2008/01/28 14:50:06 | 000,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2008/01/28 14:50:06 | 000,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2008/01/28 14:50:06 | 000,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2008/01/28 14:50:06 | 000,188,416 | ---- | C] ()
IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2008/01/28 14:50:06 | 000,020,480 | ---- | C] ()
pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2007/11/06 14:19:28 | 000,053,299 | ---- | C] ()
mxpcivny.dll -> C:\WINDOWS\System32\mxpcivny.dll -> [2007/04/18 10:25:36 | 000,167,071 | RHS- | C] ()
TDispVol.dll -> C:\WINDOWS\System32\TDispVol.dll -> [2006/01/03 01:08:12 | 000,045,056 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/12/29 13:48:11 | 000,000,222 | ---- | C] ()
QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2005/12/29 13:45:52 | 000,000,031 | ---- | C] ()
CSIIDecoder_kern_i386.sys -> C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys -> [2005/12/29 13:09:56 | 000,036,736 | ---- | C] ()
TSXT_kern_i386.sys -> C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys -> [2005/12/29 13:09:56 | 000,029,184 | ---- | C] ()
NDSTray.INI -> C:\WINDOWS\NDSTray.INI -> [2005/12/29 13:01:39 | 000,000,000 | ---- | C] ()
EBLib.DLL -> C:\WINDOWS\System32\EBLib.DLL -> [2005/12/29 13:01:29 | 000,032,768 | ---- | C] ()
tbiosdrv.sys -> C:\WINDOWS\System32\drivers\tbiosdrv.sys -> [2005/12/29 12:54:17 | 000,006,867 | ---- | C] ()
csellang.ini -> C:\WINDOWS\System32\csellang.ini -> [2005/12/29 12:44:17 | 000,128,113 | ---- | C] ()
csellang.dll -> C:\WINDOWS\System32\csellang.dll -> [2005/12/29 12:44:17 | 000,045,056 | ---- | C] ()
tosmreg.ini -> C:\WINDOWS\System32\tosmreg.ini -> [2005/12/29 12:44:17 | 000,010,165 | ---- | C] ()
cseltbl.ini -> C:\WINDOWS\System32\cseltbl.ini -> [2005/12/29 12:44:17 | 000,007,671 | ---- | C] ()
RtlCPAPI.dll -> C:\WINDOWS\System32\RtlCPAPI.dll -> [2005/12/29 12:35:08 | 000,135,168 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/12/29 11:28:28 | 000,000,473 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005/12/29 11:19:47 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2005/12/29 03:15:37 | 000,004,161 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/12/29 00:33:37 | 000,000,341 | ---- | C] ()
TPeculiarity.dll -> C:\WINDOWS\System32\TPeculiarity.dll -> [2005/12/09 16:36:30 | 000,028,672 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/11/28 22:33:56 | 000,000,000 | ---- | C] ()
SPCtl.dll -> C:\WINDOWS\System32\SPCtl.dll -> [2005/11/23 15:55:42 | 000,024,576 | ---- | C] ()
HWS_Ctrl.dll -> C:\WINDOWS\System32\HWS_Ctrl.dll -> [2005/11/23 15:41:28 | 000,036,864 | ---- | C] ()
TCtrlIO.dll -> C:\WINDOWS\System32\TCtrlIO.dll -> [2005/11/23 13:42:16 | 000,028,672 | ---- | C] ()
Dart.PowerTCP.Aes.dll -> C:\WINDOWS\System32\Dart.PowerTCP.Aes.dll -> [2005/10/09 10:59:40 | 000,065,536 | ---- | C] ()
EKECioCtl.dll -> C:\WINDOWS\System32\EKECioCtl.dll -> [2005/09/15 16:04:06 | 000,024,576 | ---- | C] ()
tifmicon.dll -> C:\WINDOWS\System32\tifmicon.dll -> [2004/01/13 19:46:34 | 000,172,032 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 17:05:08 | 000,002,695 | ---- | C] ()
< End of report >
[/code]

dallak
2010-11-24, 00:18
peku006,

check out all of the instances now of conficker from Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/23/2010 4:20:06 PM
mbam-log-2010-11-23 (16-20-06).txt

Scan type: Quick scan
Objects scanned: 189585
Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\brdsd (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dalgz (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfqjfcun (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\njznx (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcpqzrt (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhareut (Worm.Conficker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ykxkeb (Worm.Conficker) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Quarantined and deleted successfully.

peku006
2010-11-24, 11:20
Hi John

"tricky worm".........we must try these tools

Follow the instructions here:
How to remove the Downadup and Conficker worm (http://www.bleepingcomputer.com/malware-removal/remove-downadup-conficker)

When done post the contents of the C:\Win32.Worm.Downladup.Gen.log file as a reply to this topic

Thanks peku006

dallak
2010-11-24, 20:46
here it is, probably got these results because I had run MBAM not too long ago. I feel like it will return though. Shall I continue with anything else?



Ok Loading BitDefender Engines
State 0
Sleeping 3 seconds...
Found so far : 0x0 files/regs
Searching for Downadup file ....
- System folder
- Temporary folder
- Program Files
- Application Data
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found

peku006
2010-11-24, 21:18
Hi John

please try combofix again

dallak
2010-11-24, 23:25
peku006,

I had previously installed the Microsoft patch and run BitDefender's removal tool as you asked. I ran BitDefender again just now and it found an incident of conficker and removed it. It said to re-start the computer. I first uninstalled combofix and downloaded a new version. Then I rebooted and the very first thing I did was try to run the new combofix. It would not run.

Very disappointing!

Anything else we can do?

Thanks.

peku006
2010-11-25, 10:26
Hi John
it's "amazing" that it always comes back

do you use USB drive or other removable media

delete SystemLook.txt fron your desktop


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Please reply with

SystemLook.txt

Thanks peku006

dallak
2010-11-29, 16:19
peku006,

sorry for the delay. We had a long weekend here for Thanksgiving and I didn't get my computer out! I do not use a USB drive or removable media. I do charge my Blackberry via USB though. And I have a network cable that I need to plug into my computer in order to print any documents here at work. Internet is wireless.


SystemLook 04.09.10 by jpshortstuff
Log created at 08:19 on 29/11/2010 by John
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp480n5]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AegisP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AgereSoftModem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aha154x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78u2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AliIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApfiltrService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Arp1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3350p]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASCTRM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atmarpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\audstub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\biewhtzbr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-Dilla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\C-DillaSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CFSvcs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Changer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dac960nt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLABOIOM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLACDBHM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLADResN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAIFS_M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAOPIOM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAPoolM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLARTL_N]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDFAM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DLAUDF_M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmboot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmload]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dpti2o]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVMCDB]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DRVNDDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DVD-RAM_Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e1express]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EngineServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EPSON_PM_RPCV4_01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FdRedir]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileDisk2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fips]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ftdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ialm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Imapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ini910u]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Inport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IntelIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ip6Fw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpNat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lbd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MDM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\meiudf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxSmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\myAgtSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdevio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETw5x32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIC1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFSDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\P3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ParVdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIDump]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCIIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRELI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perc2hib]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ptilink]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PxHelp20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql12160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql1280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Raspti]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redbook]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RimVSerPort]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ROOTMODEM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RoxLiveShare9]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rpcapd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\S24EventMonitor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s24trans]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ScsiPort]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdbus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Simbad]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smihlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SolidWorks Licensing Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SONYPVU1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sparrow]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\splitter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Srv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StillCam]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swmidi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Swupdtmr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc810]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysaudio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBiosDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tifm21]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TosIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPwSav]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ttdpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tvs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ultra]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbscan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaIde]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VolSnap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vxd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w39n51]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDICA]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wdmaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{67F17C15-BFAA-4FFE-A787-A71449028CC8}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}]


-= EOF =-

peku006
2010-11-29, 16:47
Hi John

Ok..

Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop.
Double click the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/OTMdesktopicon.png icon on your desktop.
Paste the following code under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/pasteline.png area. Do not include the word "Code".

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{67F17C15-BFAA-4FFE-A787-A71449028CC8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}]
Push the large http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/btnmoveit.png button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the http://billy-oneal.com/Canned%20Speeches/speechimages/OTM/results.png line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


after that run mbam again

Thanks peku006

dallak
2010-11-29, 18:10
peku006, here are the 2 logs. Yes, it was found again by MB after I ran OTM!!!!!!!!!!

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{67F17C15-BFAA-4FFE-A787-A71449028CC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67F17C15-BFAA-4FFE-A787-A71449028CC8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0C6EE0E-425C-4CB7-8CC6-1FF28B11005D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCCBBBEE-AC1A-41A8-BA75-D8041DD75B28}\ not found.

OTM by OldTimer - Version 3.1.17.2 log created on 11292010_092050



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/29/2010 10:10:38 AM
mbam-log-2010-11-29 (10-10-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 261283
Time elapsed: 46 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mxpcivny.dll (Worm.Conficker) -> Delete on reboot.

peku006
2010-11-29, 18:46
Hi John

delete SystemLook.txt from your desktop


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:file
mxpcivny.dll

:service
mxpcivny

:regfind
mxpcivny



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Please reply with

SystemLook.txt

Thanks peku006

dallak
2010-11-29, 18:57
peku006,

here is the log. Doesn't look like it found what you were looking for. But keep in mind, I re-booted after MBAM.

John



SystemLook 04.09.10 by jpshortstuff
Log created at 10:57 on 29/11/2010 by John
Administrator - Elevation successful

========== file ==========

mxpcivny.dll - Unable to find/read file.

========== service ==========

mxpcivny - Unable to open Service Handle.

========== regfind ==========

Searching for "mxpcivny"
No data found.

-= EOF =-

peku006
2010-11-29, 19:18
Hi
combofix still does not work

dallak
2010-11-29, 19:32
It still does not work, I tried it today after a re-boot. Haven't tried it in Safe mode lately but I doubt it will run.

John

peku006
2010-11-29, 19:53
Hi John

Please download DrWeb-CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe) and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode (http://www.computerhope.com/issues/chsafe.htm)" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows: Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured) Now put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Please reply with

DrwebCureit log

Thanks peku006

dallak
2010-11-30, 20:37
peku066,

Here is the log from Dr. Web Cureit. It took a very long time to scan. Let me know if this helped.

Thanks.



1763d7e9-4aa59439\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\41\1763d7e9-4aa59439;Exploit.Java.85;;
1763d7e9-4aa59439;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\41;Archive contains infected objects;Moved.;
64d634ad-1292c339\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\45\64d634ad-1292c339;Exploit.Java.83;;
64d634ad-1292c339;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\45;Archive contains infected objects;Moved.;
412339b8-5053cf29\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\56\412339b8-5053cf29;Exploit.Java.82;;
412339b8-5053cf29;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\56;Archive contains infected objects;Moved.;
4052083f-2d397cab\vload.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2d397cab;Exploit.Java.86;;
4052083f-2d397cab\vmain.class;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2d397cab;Exploit.Java.84;;
4052083f-2d397cab;C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\6.0\63;Archive contains infected objects;Moved.;
OTM.exe;C:\Documents and Settings\john\Desktop;Trojan.Siggen2.9770;Incurable.Moved.;
A0000003.exe;C:\System Volume Information\_restore{46E98557-65C7-4066-9D61-A12588985258}\RP0;Trojan.Siggen2.9770;Incurable.Moved.;
CouponPrinter.ocx;C:\WINDOWS;Adware.Coupons.34;;
mxpcivny.a;C:\WINDOWS\system32;Win32.HLLW.Shadow.based;Deleted.;

peku006
2010-11-30, 21:04
Hi

Please run mbam again...........

dallak
2010-11-30, 22:08
peku006,

You are not going to like this. I would really hate to format if I don't have to but you let me know when you run out of ideas.

I appreciate your help very much.

John




Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5220

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/30/2010 2:09:28 PM
mbam-log-2010-11-30 (14-09-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 254018
Time elapsed: 40 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mxpcivny.a (Worm.Conficker) -> Quarantined and deleted successfully.

dallak
2010-11-30, 22:12
A guy at work gave me a licensed copy of Kaspersky Anti-Virus 2011. Would it help if I installed this at this time?

John

peku006
2010-12-01, 11:15
Hi John
it is there again ,we have used all the special tools for its removal ,and it always comes back ,I'm pretty sure it spreads via network in your workplace


A guy at work gave me a licensed copy of Kaspersky Anti-Virus 2011. Would it help if I installed this at this time?
I do not believe that it helps because you have an antivirus program
Can you use the machine only at home for a few days

dallak
2010-12-01, 22:25
peku006,

I will try to use it without the network cable and see if conficker continues to regenerate itself. I appreciate all your help. Have a great holiday season, God Jul!!!!!!

John in Minnesota (lots of Scandinavians here too!)