View Full Version : Laptop randomly shuts down and every reboot changes desktop to "windows recovery"
aneesh134
2010-12-08, 18:05
Hi,
My laptop shuts down randomly and every time it restarts, the desktop image gets changed to this "windows recovery" white screen. These problems seem to stem from Malware.
DDS LOG:
DDS (Ver_10-12-05.01) - NTFSx86
Run by 546469 at 8:57:52.60 on Wed 12/08/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.1808 [GMT -8:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\CENTENN.IAL\AUDIT\cagent32.exe
C:\CENTENN.IAL\AUDIT\xferwan.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Neat Business Cards\exec\NeatReceiptsDBController.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\CENTENN.IAL\AUDIT\lpx86.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\546469\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\546469\Desktop\dds.scr
C:\WINDOWS\system32\rundll32.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.macromedia.com/software/flash/about/installerRedirect.html
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\546469\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ViperServices] c:\program files\booz allen hamilton\viper directory services\ViperServices.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [SgeEcView] "c:\program files\utimaco\safeguard easy\Ecview.exe"
mRun: [EdWizard] "c:\program files\utimaco\safeguard easy\EdWizard.exe" as
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Discovery User Input] c:\discovery\user input\userin32.exe
mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\546469\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bah.com
Trusted Zone: booz.com
Trusted Zone: bah.com
Trusted Zone: booz.com
Trusted Zone: insidebooz.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli ACGina psqlpwd
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection c:\\windows\\inf\\wmp10.inf,PerUserStub
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\546469\applic~1\mozilla\firefox\profiles\1swq8e76.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\546469\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\546469\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\546469\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\546469\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\546469\applic~1\mozilla\firefox\profiles\1swq8e76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [2008-9-16 19712]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-7-23 24304]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [2008-9-16 63488]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-7-23 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-2-17 13480]
R2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2008-11-9 6608192]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-2-9 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-2-9 108392]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-6-18 47504]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-7-23 132456]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-2-17 54632]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\neat business cards\exec\NeatReceiptsDBController.exe [2008-5-28 230744]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-23 53248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-2-9 2477304]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-2-17 63928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-7-23 2320920]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-6-18 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-6-18 673872]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-7-23 127232]
R3 cdprku;cdprku;c:\windows\system32\drivers\cdprku.sys [2010-9-28 25128]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-7-23 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-28 102448]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-6-18 2235760]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-23 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-23 215040]
R3 LanProbe;LanProbe;c:\centenn.ial\audit\lpx86.exe [2010-9-28 229888]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101207.039\NAVENG.SYS [2010-12-8 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101207.039\NAVEX15.SYS [2010-12-8 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-28 136176]
S2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-2-17 44984]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-2-9 23888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-10-2 30192]
S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2008-11-9 45384]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-5-27 29178224]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2010-9-28 54544]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2010-9-28 22032]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2010-9-28 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2010-9-28 12048]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2010-9-28 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2010-9-28 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2010-9-28 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2010-9-28 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2010-3-24 15744]
=============== Created Last 30 ================
2010-12-04 00:58:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-04 00:58:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-04 00:53:23 -------- d-----w- c:\docume~1\546469\applic~1\GetRightToGo
2010-11-28 04:12:11 -------- d-----w- c:\program files\Paint.NET
2010-11-28 04:12:10 -------- d-----w- c:\docume~1\546469\locals~1\applic~1\Paint.NET
2010-11-21 00:49:53 -------- d-----w- c:\program files\iPod
2010-11-21 00:49:49 -------- d-----w- c:\program files\iTunes
2010-11-18 10:00:49 -------- d-----w- c:\documents and settings\546469\WINDOWS
2010-11-18 09:54:25 -------- d-----w- c:\program files\Neat Business Cards
2010-11-18 09:34:49 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-11-18 09:34:49 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-11-18 09:34:44 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-11-18 09:34:44 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-11-18 09:24:04 -------- d-----w- c:\docume~1\546469\locals~1\applic~1\IsolatedStorage
2010-11-18 09:11:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\NeatReceipts Professional
2010-11-18 09:08:37 -------- d-----w- c:\program files\MSXML 6.0
2010-11-18 09:07:09 -------- d-----w- c:\program files\Microsoft SQL Server
2010-11-18 09:06:38 -------- d-----w- c:\program files\common files\NeatReceipts
2010-11-18 09:06:37 -------- d-----w- c:\program files\NeatReceipts Professional
2010-11-18 09:05:49 -------- d-----w- c:\program files\NeatReceipts Setup
2010-11-17 21:29:09 -------- d-----w- c:\docume~1\546469\locals~1\applic~1\Thunderbird
2010-11-17 07:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-16 01:09:16 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-16 01:09:16 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-12 15:02:53 -------- d-----w- c:\docume~1\546469\applic~1\Juniper Networks
2010-11-12 15:02:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Juniper Networks
2010-11-11 18:50:00 -------- d-----w- c:\program files\pocketSoap
2010-11-11 18:50:00 -------- d-----w- c:\program files\InterCall
2010-11-11 18:50:00 -------- d-----w- c:\docume~1\546469\applic~1\Collaboration Addin
==================== Find3M ====================
2010-09-29 07:46:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-29 07:46:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-28 23:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
============= FINISH: 8:58:48.40 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sorry for the delay but we get a bit overwhelmed at times
See if you can run these programs, you can run them in safemode if your computer keeps shutting down.
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Rootkit Unhooker
Please Download Rootkit Unhooker (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar) and Save it to your desktop.
Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
you can get a free one from here - http://www.7-zip.org/
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply here.
Note: You may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
aneesh134
2010-12-15, 19:55
Thanks Ken. I could run everything in normal mode. attached are the logs:
======================================================
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5322
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/15/2010 10:51:29 AM
mbam-log-2010-12-15 (10-51-29).txt
Scan type: Quick scan
Objects scanned: 155113
Time elapsed: 8 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
======================================================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB4487000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 5980160 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF36E000 C:\WINDOWS\System32\igxpdx32.DLL 3862528 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF05A000 C:\WINDOWS\System32\igxpdv32.DLL 3227648 bytes (Intel Corporation, Component GHAL Driver)
0xB40AD000 C:\WINDOWS\system32\DRIVERS\fw.sys 2236416 bytes (Check Point Software Technologies, -)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xB4AB1000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1916928 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA39EB000 C:\WINDOWS\system32\drivers\CHDAU32.sys 1818624 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xA3156000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 1781760 bytes
0xB9D70000 iaStor.sys 1781760 bytes (Intel Corporation, Intel Rapid Storage Technology - x86)
0x9A985000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101215.003\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0xB42CF000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xA38A2000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA37EF000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA3061000 C:\WINDOWS\System32\drivers\vpn.sys 675840 bytes (Check Point Software Technologies, -)
0xB9CAC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB43DF000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA33A4000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA343F000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0xA3326000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB3FC7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA3540000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA25FF000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xA3770000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4450000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 221184 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA37BA000 C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 217088 bytes (Intel(R) Corporation, Intel(R) Display HD Audio driver)
0xA3993000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB4048000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA2CEC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9C7F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA3513000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 184320 bytes (Symantec Corporation, Network Dispatch Driver)
0x9A946000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA3414000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB4A87000 C:\WINDOWS\system32\DRIVERS\e1k5132.sys 172032 bytes (Intel Corporation, Intel(R) Gigabit Adapter NDIS 5.x driver)
0xB4A3B000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA34EB000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA3600000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA39C7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB4A63000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB4025000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D934000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA34C9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA35CC000 C:\WINDOWS\system32\DRIVERS\5U877.sys 131072 bytes (Ricoh co.,Ltd., Ricoh USB Camera driver)
0xB9C5F000 Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xB9D50000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB43C0000 C:\WINDOWS\system32\DRIVERS\Impcd.sys 126976 bytes (Intel Corporation, Intel(R) Turbo Boost Technology Driver)
0xB4078000 C:\WINDOWS\system32\DRIVERS\vnasc.sys 122880 bytes (Check Point Software Technologies, -)
0xA3309000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9C45000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9D39000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB4096000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA2ACF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9A971000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101215.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB4C85000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA3599000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9E715000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8ED8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA0F8000 SGEFLT.SYS 65536 bytes (Utimaco Safeware AG, SafeGuard Easy PnP Disk Filter Driver)
0xB89B3000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA2B0C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB89C3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB8EB8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0D8000 C:\WINDOWS\System32\Drivers\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8EC8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB8D81000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB8F08000 C:\WINDOWS\System32\drivers\omdrv.sys 49152 bytes (Check Point Software Technologies, -)
0xB8D61000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8EE8000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel(R) Management Engine Interface)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8D71000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9F84E000 C:\WINDOWS\system32\Drivers\cdprku.sys 40960 bytes (FrontRange Solutions USA Inc. , FrontRange Discovery LANProbe )
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8D01000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8F38000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA238000 C:\WINDOWS\System32\Drivers\tcusb.sys 40960 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xB8D51000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA108000 ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA0E8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA11F9000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8EF8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9485000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9C9AA000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8F18000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB85A2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB5B14000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB55BC000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB559C000 C:\WINDOWS\System32\Drivers\ULCDRHlp.sys 28672 bytes (Ulead Systems, Inc., ULCDRHlp driver)
0xB5939000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA410000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8AB9000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB5B1C000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xBA348000 stm_tpm.sys 24576 bytes (STMicroelectronics, INC, TPM Device Driver)
0xB8AF1000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB8AF9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA338000 AES256.SYS 20480 bytes (Utimaco Safeware AG, SafeGuard Easy Encryption Driver)
0xBA340000 DozeHDD.sys 20480 bytes (Lenovo., Doze Mode Kernel Driver for HDD control)
0xBA330000 flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB85BA000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xB8AD9000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA420000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB7098000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 20480 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA388000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xBA470000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xB70A8000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xB55AC000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9E809000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB5813000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA2AF4000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9B2C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5ABA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA29AC000 C:\WINDOWS\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
0xB5817000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB5ACE000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xB5F83000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB5827000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9ADC6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB582F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0x9E929000 C:\WINDOWS\system32\drivers\iviaspi.sys 12288 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0x9B22F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB50C9000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB60A2000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA4C8000 Sfloppy.sys 12288 bytes (Microsoft Corporation, SCSI Floppy Driver)
0xB50DD000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA648000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA640000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB6078000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA64E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB5058000 C:\WINDOWS\SYSTEM32\DRIVERS\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA658000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA600000 C:\WINDOWS\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)
0xBA5EE000 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0xB607E000 C:\WINDOWS\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0xB5B74000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB607C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB540B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB4E20000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7DD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xB5955000 C:\WINDOWS\system32\DRIVERS\smsmdm.sys 4096 bytes (Microsoft Corporation, RDP Miniport)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x853A5020 ] TID: 220
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x86604DA8 ] TID: 244
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x8594F020 ] TID: 276
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x86120988 ] TID: 284
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x8607E020 ] TID: 292
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x86120020 ] TID: 336
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x860798C0 ] TID: 344, 8781826 bytes
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85D7F020 ] TID: 360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862DFDA8 ] TID: 384, 8781826 bytes
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85A1ADA8 ] TID: 396
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8642F390 ] TID: 420, 8781826 bytes
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86444DA8 ] TID: 424, 12571157 bytes
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86438B00 ] TID: 476
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x864258C8 ] TID: 484
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x86278020 ] TID: 492
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85A1AB30 ] TID: 524, 8781946 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8624E8D8 ] TID: 528
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x863598C8 ] TID: 532
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8624FDA8 ] TID: 544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8611B020 ] TID: 548
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86426020 ] TID: 560
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86426478 ] TID: 564
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86421020 ] TID: 572
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85FCFDA8 ] TID: 592
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x86124020 ] TID: 596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8624FB30 ] TID: 604
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F72DA8 ] TID: 608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858C6668 ] TID: 612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86433B38 ] TID: 624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86417020 ] TID: 640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8650E020 ] TID: 644
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85543300 ] TID: 652
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x86554020 ] TID: 660
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x872BDB38 ] TID: 664
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86411B38 ] TID: 668
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B0A528 ] TID: 676
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86414B30 ] TID: 684
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x85A8C020 ] TID: 688
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x86414640 ] TID: 692
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8657F8C0 ] TID: 708
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85C91020 ] TID: 732
0x8055C700 Faked ServiceTable-->cammute.exe [ ETHREAD 0x865943A8 ] TID: 736
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8657F648 ] TID: 748
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x865ABDA8 ] TID: 756
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x853AD5E0 ] TID: 764
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86581DA8 ] TID: 768
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85F38020 ] TID: 776
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x8616D020 ] TID: 780
0x8055C700 Faked ServiceTable-->cammute.exe [ ETHREAD 0x861EBB38 ] TID: 784
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85919020 ] TID: 804
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86530B38 ] TID: 820
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x865308C0 ] TID: 824
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85CBF020 ] TID: 828
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x8616B020 ] TID: 832
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x85AD0B98 ] TID: 836
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85CE1020 ] TID: 840
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x863E3918 ] TID: 844
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x864168C0 ] TID: 848
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x863B2658 ] TID: 852
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86530648 ] TID: 856
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86524B38 ] TID: 860
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865889A0 ] TID: 864
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8652F020 ] TID: 876
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86535020 ] TID: 884
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86538020 ] TID: 888
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x86303020 ] TID: 912
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x85BDE8C0 ] TID: 916
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86323DA8 ] TID: 936
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8630DBF0 ] TID: 940
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8630D978 ] TID: 952
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86079648 ] TID: 964
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8650D020 ] TID: 972
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86508020 ] TID: 976, 1536606030 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86512020 ] TID: 984
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8651AB60 ] TID: 992, 7536686 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85410020 ] TID: 996
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86502020 ] TID: 1008
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86503020 ] TID: 1020
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862F5DA8 ] TID: 1024
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8606E020 ] TID: 1044
0x8055C700 Faked ServiceTable-->skypePM.exe [ ETHREAD 0x858CC640 ] TID: 1052
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86080B48 ] TID: 1056
0x8055C700 Faked ServiceTable-->TPHKSVC.exe [ ETHREAD 0x859D3B38 ] TID: 1060, 4456543 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8650E2E8 ] TID: 1088
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85C3DB50 ] TID: 1092
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86511DA8 ] TID: 1096
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x890BB2E0 ] TID: 1100
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864FF668 ] TID: 1104
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x8637C020 ] TID: 1108
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x862E5DA8 ] TID: 1128
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x87308020 ] TID: 1152
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8660CDA8 ] TID: 1156
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8660CB30 ] TID: 1160
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x864F3020 ] TID: 1172
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x8650B658 ] TID: 1176
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x864FD020 ] TID: 1180
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x864F2020 ] TID: 1184
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x864F5020 ] TID: 1188
0x8055C700 Faked ServiceTable-->ibmpmsvc.exe [ ETHREAD 0x864F9020 ] TID: 1192, 2949120 bytes
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x86448B30 ] TID: 1228
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x85F7EDA8 ] TID: 1236
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x85F7EB30 ] TID: 1244
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x863209A0 ] TID: 1252
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86341B38 ] TID: 1256
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86350DA8 ] TID: 1260
0x8055C700 Faked ServiceTable-->TPHKSVC.exe [ ETHREAD 0x8624ADA8 ] TID: 1268
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86324DA8 ] TID: 1272
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x865008C8 ] TID: 1276
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864D5020 ] TID: 1280
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864D2658 ] TID: 1284
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864D23E0 ] TID: 1288
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864CB658 ] TID: 1296
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8649EB38 ] TID: 1304, 2949120 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A9020 ] TID: 1308
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86317DA8 ] TID: 1312
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x8631EB38 ] TID: 1320
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85A3BDA8 ] TID: 1324
0x8055C700 Faked ServiceTable-->TPHKSVC.exe [ ETHREAD 0x8637C498 ] TID: 1332
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85C8B020 ] TID: 1336
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8649F020 ] TID: 1340
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86419020 ] TID: 1344
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C92020 ] TID: 1364
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x8576A458 ] TID: 1376
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858A0680 ] TID: 1396
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x851FA7B8 ] TID: 1404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864FA020 ] TID: 1424
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A6020 ] TID: 1428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A7598 ] TID: 1432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A6DA8 ] TID: 1440, 2097184 bytes
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x8607CBC0 ] TID: 1448
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x8631BB38 ] TID: 1452
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85973020 ] TID: 1456
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8641D678 ] TID: 1460
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86334DA8 ] TID: 1464
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86337DA8 ] TID: 1468
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862D9B30 ] TID: 1472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EE1420 ] TID: 1484
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86071908 ] TID: 1496
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A7020 ] TID: 1500, 347390071 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864C18C8 ] TID: 1504
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86490DA8 ] TID: 1532
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862C8B30 ] TID: 1536
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x852D7020 ] TID: 1544
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x863683F8 ] TID: 1552
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86309DA8 ] TID: 1556
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x860D5BA8 ] TID: 1576
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x85D21400 ] TID: 1584
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x858C3DA8 ] TID: 1596, 196617 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86363DA8 ] TID: 1616
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8630EDA8 ] TID: 1620
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862C8DA8 ] TID: 1628, 3342445 bytes
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8630EB30 ] TID: 1632
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86311DA8 ] TID: 1636
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FD2DA8 ] TID: 1648
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86311B30 ] TID: 1652
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862D4DA8 ] TID: 1656
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862D4B30 ] TID: 1664
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FD2B30 ] TID: 1672
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8632FB30 ] TID: 1676
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8632FDA8 ] TID: 1680
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FD1DA8 ] TID: 1684, 692024 bytes
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FD1B30 ] TID: 1688
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8630BDA8 ] TID: 1708
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864BF8C8 ] TID: 1712
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x86103020 ] TID: 1720
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8630BB30 ] TID: 1724
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862D6DA8 ] TID: 1740
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862D6B30 ] TID: 1748
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x862F5B30 ] TID: 1752
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85E7D898 ] TID: 1780
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85C54020 ] TID: 1788
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86108B38 ] TID: 1808
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x86476DA8 ] TID: 1812
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x86467DA8 ] TID: 1840
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86319B38 ] TID: 1860, 151322625 bytes
0x8055C700 Faked ServiceTable-->SR_Watchdog.exe [ ETHREAD 0x864B1730 ] TID: 1884
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x851B2020 ] TID: 1892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8632A5A0 ] TID: 1896
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8633FB30 ] TID: 1904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8611D020 ] TID: 1908
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85947750 ] TID: 1916
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8630D020 ] TID: 1932, 811218993 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857D9650 ] TID: 1940, 858863153 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854E6378 ] TID: 1944, 399612078 bytes
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x86373DA8 ] TID: 1984, 3503562507 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A1DDA8 ] TID: 2004, 35729498 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E49DA8 ] TID: 2036
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85CBF878 ] TID: 2040
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85972020 ] TID: 2068
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x862F2658 ] TID: 2072, 825569293 bytes
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x863B9B38 ] TID: 2076, 909118743 bytes
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x858CCB30 ] TID: 2084, 806164469 bytes
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x84EE5B30 ] TID: 2092, 4128509954 bytes
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85B69408 ] TID: 2160, 926037041 bytes
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x85B56020 ] TID: 2212, 875573554 bytes
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85C8E020 ] TID: 2256, 808988981 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x85F67790 ] TID: 2268, 2845110480 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x860D2020 ] TID: 2276
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x856CCDA8 ] TID: 2332, 876032053 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BED020 ] TID: 2356, 959450391 bytes
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x86117020 ] TID: 2364, 2323366094 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x872EC9A0 ] TID: 2376, 3645181954 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x861D8B30 ] TID: 2388, 959450391 bytes
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85B34020 ] TID: 2392, 3861472528 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85923020 ] TID: 2400, 858928177 bytes
0x8055C700 Faked ServiceTable-->tpfnf7sp.exe [ ETHREAD 0x8625C020 ] TID: 2408
0x8055C700 Faked ServiceTable-->tpfnf7sp.exe [ ETHREAD 0x861C6020 ] TID: 2416, 854200 bytes
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x867A2B38 ] TID: 2456
0x8055C700 Faked ServiceTable-->PrivacyIconClient.exe [ ETHREAD 0x854AAA90 ] TID: 2464, 1 bytes
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x858CD020 ] TID: 2480, 16 bytes
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x890FB020 ] TID: 2484
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85832020 ] TID: 2488, 983048 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x84E7A420 ] TID: 2504
0x8055C700 Faked ServiceTable-->PresentationFontCache.exe [ ETHREAD 0x86343B48 ] TID: 2524, 151453697 bytes
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85365020 ] TID: 2528, 1 bytes
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x86081B40 ] TID: 2532
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x863BCDA8 ] TID: 2536
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x864609A8 ] TID: 2540
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x862F38E8 ] TID: 2544
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x851EE748 ] TID: 2548
0x8055C700 Faked ServiceTable-->igfxext.exe [ ETHREAD 0x85977020 ] TID: 2552
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x8546E020 ] TID: 2560
0x8055C700 Faked ServiceTable-->SgeCtl.exe [ ETHREAD 0x862F2020 ] TID: 2580
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x858C68E0 ] TID: 2596
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x861523E8 ] TID: 2600
0x8055C700 Faked ServiceTable-->scheduler_proxy.exe [ ETHREAD 0x861CE020 ] TID: 2608
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x8611A020 ] TID: 2612
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x85F89520 ] TID: 2624
0x8055C700 Faked ServiceTable-->tpfnf7sp.exe [ ETHREAD 0x8AC452F8 ] TID: 2644
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x858CF980 ] TID: 2656
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x88BF7020 ] TID: 2668
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x859D0020 ] TID: 2712
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x865E98D0 ] TID: 2716
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x85CFD020 ] TID: 2724
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x86614660 ] TID: 2736
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85C71020 ] TID: 2748
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F41DA8 ] TID: 2796
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85A0D020 ] TID: 2800, 150 bytes
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x86197020 ] TID: 2816, 999024 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x861CE660 ] TID: 2820
0x8055C700 Faked ServiceTable-->DOZESVC.EXE [ ETHREAD 0x86622710 ] TID: 2828
0x8055C700 Faked ServiceTable-->DOZESVC.EXE [ ETHREAD 0x8903A8D0 ] TID: 2832
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x8616BB38 ] TID: 2876, 2398236329 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x861C1020 ] TID: 2880, 3134944317 bytes
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x84F1E020 ] TID: 2900, 1513173815 bytes
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8570ADA8 ] TID: 2904, 942683952 bytes
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x861C4020 ] TID: 2908, 3261391356 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x85CFE020 ] TID: 2936, 3523010749 bytes
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x85CF4020 ] TID: 2940, 892417076 bytes
0x8055C700 Faked ServiceTable-->ecview.exe [ ETHREAD 0x85C641F8 ] TID: 2952, 556816949 bytes
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85EC1B00 ] TID: 2956, 959459889 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858018B8 ] TID: 2960
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x862EC020 ] TID: 2968, 947528 bytes
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x8611DDA8 ] TID: 2980
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x85886020 ] TID: 3000
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8638D8C8 ] TID: 3008, 842240 bytes
0x8055C700 Faked ServiceTable-->igfxsrvc.exe [ ETHREAD 0x862628C0 ] TID: 3012
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x852D9020 ] TID: 3020, 84279297 bytes
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85CA5020 ] TID: 3036
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x8611B9A0 ] TID: 3040, 120590621 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x852A82E0 ] TID: 3072, 932192 bytes
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x86143790 ] TID: 3076
0x8055C700 Faked ServiceTable-->ACWLIcon.exe [ ETHREAD 0x861C3DA8 ] TID: 3112, 84410369 bytes
0x8055C700 Faked ServiceTable-->ACTray.exe [ ETHREAD 0x861C38C0 ] TID: 3120
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x86263020 ] TID: 3132, 51121932 bytes
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x857FB020 ] TID: 3160, 815736 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85224020 ] TID: 3168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857F9020 ] TID: 3184, 17301505 bytes
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x86547020 ] TID: 3192
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85AF0BF0 ] TID: 3196
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x8611ADA8 ] TID: 3208, 1 bytes
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x85887938 ] TID: 3216
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x858C5DA8 ] TID: 3228
0x8055C700 Faked ServiceTable-->WINWORD.EXE [ ETHREAD 0x853693C8 ] TID: 3232, 841328 bytes
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85947020 ] TID: 3236
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x860F9648 ] TID: 3248, 184877057 bytes
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85911020 ] TID: 3252
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x87328020 ] TID: 3260, 655166736 bytes
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x8660E020 ] TID: 3264
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x858A9020 ] TID: 3268, 101056513 bytes
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x861A3020 ] TID: 3272
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85C9D020 ] TID: 3276
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x860CA020 ] TID: 3288, 50921473 bytes
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85CBA888 ] TID: 3292
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x862372D8 ] TID: 3304
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8662B730 ] TID: 3308
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x858D5020 ] TID: 3324
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86138DA8 ] TID: 3336
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x8617B020 ] TID: 3344, 775358222 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x854CA4E0 ] TID: 3348, 20783104 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8554DA68 ] TID: 3356
0x8055C700 Faked ServiceTable-->igfxpers.exe [ ETHREAD 0x858FA240 ] TID: 3396
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x858C9020 ] TID: 3416
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85836020 ] TID: 3424
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x85549958 ] TID: 3428
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x858E9468 ] TID: 3436
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85D04678 ] TID: 3448
0x8055C700 Faked ServiceTable-->PrivacyIconClient.exe [ ETHREAD 0x859938D8 ] TID: 3456
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F87668 ] TID: 3480
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x84E25020 ] TID: 3484
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x85DC46C8 ] TID: 3516
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8609CB58 ] TID: 3520
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85CF9400 ] TID: 3528
0x8055C700 Faked ServiceTable-->ACTray.exe [ ETHREAD 0x85E12020 ] TID: 3540
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8525E020 ] TID: 3556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8546F2E0 ] TID: 3612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85776020 ] TID: 3620
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x85881020 ] TID: 3644
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x851DC020 ] TID: 3648
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x8587F8E0 ] TID: 3668
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x86546B58 ] TID: 3680
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x854C45B0 ] TID: 3700
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85B83020 ] TID: 3704
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x862E1B40 ] TID: 3716
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85B2D020 ] TID: 3728
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85DB6020 ] TID: 3732
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x856DE020 ] TID: 3736
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8636A668 ] TID: 3748
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x851E99C8 ] TID: 3760
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860E9020 ] TID: 3804
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85C9B020 ] TID: 3812
0x8055C700 Faked ServiceTable-->SgeCtl.exe [ ETHREAD 0x85E61DA8 ] TID: 3832
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x862F7020 ] TID: 3840
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x859BF020 ] TID: 3848
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x86596020 ] TID: 3852
0x8055C700 Faked ServiceTable-->SR_GUI.exe [ ETHREAD 0x86559DA8 ] TID: 3876
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x86176020 ] TID: 3880
0x8055C700 Faked ServiceTable-->LMS.exe [ ETHREAD 0x86549758 ] TID: 3888
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x85A723B8 ] TID: 3900
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x84BBE330 ] TID: 3928
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x867A9020 ] TID: 3932
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85E3B428 ] TID: 3940
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8903A658 ] TID: 3956
0x8055C700 Faked ServiceTable-->PresentationFontCache.exe [ ETHREAD 0x8629F020 ] TID: 3960
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x86544020 ] TID: 3964
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A10020 ] TID: 3972
0x8055C700 Faked ServiceTable-->igfxpers.exe [ ETHREAD 0x85A07B48 ] TID: 3984
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8609C020 ] TID: 3988
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x865F9878 ] TID: 3992
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x86595A08 ] TID: 3996
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85874DA8 ] TID: 4004
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85527020 ] TID: 4012
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85CE0020 ] TID: 4036
0x8055C700 Faked ServiceTable-->googletalkplugin.exe [ ETHREAD 0x85AE2838 ] TID: 4040
PART 2 in next post as I can't post the entire message in one post.
aneesh134
2010-12-15, 19:56
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85C7E020 ] TID: 4056
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x859246A8 ] TID: 4064
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x85521878 ] TID: 4076
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B59020 ] TID: 4100
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85832728 ] TID: 4104
0x8055C700 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x85C15020 ] TID: 4112
0x8055C700 Faked ServiceTable-->AcPrfMgrSvc.exe [ ETHREAD 0x854CADA8 ] TID: 4120
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85519020 ] TID: 4128
0x8055C700 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x86112B38 ] TID: 4132
0x8055C700 Faked ServiceTable-->wdfmgr.exe [ ETHREAD 0x861128C0 ] TID: 4136
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x85CD9020 ] TID: 4144
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x851C5630 ] TID: 4152
0x8055C700 Faked ServiceTable-->WINWORD.EXE [ ETHREAD 0x854D4020 ] TID: 4160
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x8606C020 ] TID: 4164
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F20020 ] TID: 4176
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x857F8020 ] TID: 4180
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85DE3020 ] TID: 4184
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x85F4C020 ] TID: 4200
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x856BF9D0 ] TID: 4208
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85EC4B40 ] TID: 4220
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DB2020 ] TID: 4252
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865148D0 ] TID: 4256
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x8525B020 ] TID: 4264
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x86137AC8 ] TID: 4272
0x8055C700 Faked ServiceTable-->LMS.exe [ ETHREAD 0x85F3D518 ] TID: 4280
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85718020 ] TID: 4296
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x85BE4020 ] TID: 4308
0x8055C700 Faked ServiceTable-->ACWLIcon.exe [ ETHREAD 0x85B43650 ] TID: 4324
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x8527C020 ] TID: 4332
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85843B30 ] TID: 4336
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85843DA8 ] TID: 4340
0x8055C700 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8590A020 ] TID: 4344
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x857F5C10 ] TID: 4352
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B0A160 ] TID: 4368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858578C8 ] TID: 4372
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x851E6DA8 ] TID: 4380
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85B67B30 ] TID: 4384
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85BE6890 ] TID: 4388
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85B60988 ] TID: 4392
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85BEDB38 ] TID: 4396
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85AE1150 ] TID: 4404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C0ADA8 ] TID: 4412
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x85C3C020 ] TID: 4416
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x86110B38 ] TID: 4424
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x86099BF0 ] TID: 4440
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B57658 ] TID: 4444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860673E8 ] TID: 4452
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85213948 ] TID: 4456
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x86378DA8 ] TID: 4468
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x85ADE4B0 ] TID: 4472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860BD020 ] TID: 4480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860BA020 ] TID: 4484
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x8542D6A0 ] TID: 4488
0x8055C700 Faked ServiceTable-->SR_Service.exe [ ETHREAD 0x8543CDA8 ] TID: 4508
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85838020 ] TID: 4512
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85E0B3A0 ] TID: 4532
0x8055C700 Faked ServiceTable-->LMS.exe [ ETHREAD 0x85ACE858 ] TID: 4564
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85514DA8 ] TID: 4576
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85AFA5C8 ] TID: 4580
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x860B2600 ] TID: 4612
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85512980 ] TID: 4620
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x85C1CA18 ] TID: 4624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8585EB58 ] TID: 4644
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x8589F538 ] TID: 4648
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x8609F020 ] TID: 4652
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8589D8C8 ] TID: 4656
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8584CB38 ] TID: 4660
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85BFE020 ] TID: 4684
0x8055C700 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x85A26DA8 ] TID: 4688
0x8055C700 Faked ServiceTable-->hkcmd.exe [ ETHREAD 0x854E02C0 ] TID: 4696
0x8055C700 Faked ServiceTable-->scheduler_proxy.exe [ ETHREAD 0x858C8020 ] TID: 4708
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x85844020 ] TID: 4720
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8584D020 ] TID: 4732
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x860AA020 ] TID: 4736
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x853F25D0 ] TID: 4740
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x85BF98C8 ] TID: 4744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C82540 ] TID: 4780
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85846660 ] TID: 4784
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x858FDC70 ] TID: 4788
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85844658 ] TID: 4808
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85C5B4A8 ] TID: 4820
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85F715A8 ] TID: 4824
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85C68D88 ] TID: 4836
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85F12670 ] TID: 4860
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85830B30 ] TID: 4876
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85BEF710 ] TID: 4880
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x852F0020 ] TID: 4904
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85ACB1B8 ] TID: 4908
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x8606B020 ] TID: 4928
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x858F93A0 ] TID: 4932
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85F805F0 ] TID: 4956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BC4020 ] TID: 4964
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x857FADA8 ] TID: 4976
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x85844DA8 ] TID: 4992
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x85BEFBF0 ] TID: 4996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857D9B38 ] TID: 5008
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x860808D0 ] TID: 5016
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85290020 ] TID: 5020
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x8612B020 ] TID: 5032
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x859D9020 ] TID: 5036
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85F80020 ] TID: 5044
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85C4DB00 ] TID: 5048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C10020 ] TID: 5060
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x851CFD10 ] TID: 5068
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x85E9F2E0 ] TID: 5072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85970B40 ] TID: 5080
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85B403D0 ] TID: 5092
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x857FCDA8 ] TID: 5096
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85356020 ] TID: 5120
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x860A62D8 ] TID: 5128
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x858F3020 ] TID: 5132
0x8055C700 Faked ServiceTable-->lpx86.exe [ ETHREAD 0x86208020 ] TID: 5140
0x8055C700 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x85A661E8 ] TID: 5164
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85C54398 ] TID: 5192
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x86451020 ] TID: 5196
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x8582BDA8 ] TID: 5200
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85AAA198 ] TID: 5208
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85450DA8 ] TID: 5232
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x85452318 ] TID: 5244
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x860B1B38 ] TID: 5248
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x85BC7020 ] TID: 5264
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x85B45B38 ] TID: 5268
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85E8D020 ] TID: 5280
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC6DA8 ] TID: 5284
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x858938C8 ] TID: 5288
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC6020 ] TID: 5292
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x85B4D020 ] TID: 5308
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x857D0020 ] TID: 5312
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85B65780 ] TID: 5316
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x86065020 ] TID: 5320
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC68C0 ] TID: 5328
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x872F8020 ] TID: 5336
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860A2658 ] TID: 5368
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85B6E680 ] TID: 5384
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x85C81DA8 ] TID: 5388
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x860F5B38 ] TID: 5396
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85801640 ] TID: 5400
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860F58C0 ] TID: 5404
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x860F5648 ] TID: 5408
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85803DA8 ] TID: 5412
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x857B08C8 ] TID: 5420
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x857DEC08 ] TID: 5424
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85A17020 ] TID: 5428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84DF8A88 ] TID: 5440
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x857DF8C8 ] TID: 5444
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x865578D8 ] TID: 5448
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x85DAE298 ] TID: 5456
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x85A5A020 ] TID: 5464
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC1B38 ] TID: 5476
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x85BF6020 ] TID: 5488, 21021032 bytes
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x85B6A020 ] TID: 5492
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC13D0 ] TID: 5504
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x86122DA8 ] TID: 5516
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85BC2DA8 ] TID: 5520
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85BB7020 ] TID: 5524
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x84EED020 ] TID: 5528
0x8055C700 Faked ServiceTable-->WksCfgSrv.exe [ ETHREAD 0x853B7A80 ] TID: 5556
0x8055C700 Faked ServiceTable-->googletalkplugin.exe [ ETHREAD 0x853E53C8 ] TID: 5564
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x8521F318 ] TID: 5584
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x851D0358 ] TID: 5588
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x857A98C8 ] TID: 5600
0x8055C700 Faked ServiceTable-->LMS.exe [ ETHREAD 0x85E27DA8 ] TID: 5604
0x8055C700 Faked ServiceTable-->SvcGuiHlpr.exe [ ETHREAD 0x858A9718 ] TID: 5612
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x85C2BDA8 ] TID: 5620
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85B19328 ] TID: 5628
0x8055C700 Faked ServiceTable-->msdtc.exe [ ETHREAD 0x8582CB90 ] TID: 5640
0x8055C700 Faked ServiceTable-->RegSrvc.exe [ ETHREAD 0x8522B020 ] TID: 5656
0x8055C700 Faked ServiceTable-->cagent32.exe [ ETHREAD 0x8585B658 ] TID: 5672
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x8576B020 ] TID: 5676
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x861D1DA8 ] TID: 5680
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x85B688F0 ] TID: 5708
0x8055C700 Faked ServiceTable-->SkypeNames2.exe [ ETHREAD 0x85C0DDA8 ] TID: 5720
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x85861020 ] TID: 5736
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85476020 ] TID: 5748
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85923350 ] TID: 5756
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x85B5A020 ] TID: 5760
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x86045660 ] TID: 5764
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x85BDEB38 ] TID: 5768
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x858A4650 ] TID: 5780
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85B04380 ] TID: 5784
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x8580B020 ] TID: 5796
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x8580BB38 ] TID: 5800
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x8580B3E0 ] TID: 5804
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x860B4020 ] TID: 5820
0x8055C700 Faked ServiceTable-->lpx86.exe [ ETHREAD 0x8635B5E8 ] TID: 5836
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x86104020 ] TID: 5840
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x8583BB38 ] TID: 5852
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x89096020 ] TID: 5856
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856BF4D8 ] TID: 5872
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85D720E8 ] TID: 5888
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BF5DA8 ] TID: 5892
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85A1C020 ] TID: 5896
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x860DADA8 ] TID: 5916
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x85C81020 ] TID: 5940
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x86114020 ] TID: 5952
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x88D53DA8 ] TID: 5960
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x860BA8F0 ] TID: 5972
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85263DA8 ] TID: 5976
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x853EF020 ] TID: 5980
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x863723E8 ] TID: 6000
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x860E5DA8 ] TID: 6004
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x88D54DA8 ] TID: 6008
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x88D53A98 ] TID: 6012
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x860E4DA8 ] TID: 6016
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x860DA648 ] TID: 6020
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x86072B38 ] TID: 6048
0x8055C700 Faked ServiceTable-->UNS.exe [ ETHREAD 0x85C23020 ] TID: 6056
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85B68020 ] TID: 6068
0x8055C700 Faked ServiceTable-->Smc.exe [ ETHREAD 0x872BB020 ] TID: 6076
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x85BF4B38 ] TID: 6100
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85B79B30 ] TID: 6104
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x84E7B998 ] TID: 6116
0x8055C700 Faked ServiceTable-->skypePM.exe [ ETHREAD 0x8609BB30 ] TID: 6120
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x872F0020 ] TID: 6128
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86108020 ] TID: 6140
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x854B1020 ] TID: 6152
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x8594A020 ] TID: 6156
0x8055C700 Faked ServiceTable-->igfxpers.exe [ ETHREAD 0x85842020 ] TID: 6164
0x8055C700 Faked ServiceTable-->Agent.exe [ ETHREAD 0x8646E658 ] TID: 6180
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x85447DA8 ] TID: 6196
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x852C4020 ] TID: 6208
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x8647EB40 ] TID: 6220
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85ECFAA0 ] TID: 6228
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85875D58 ] TID: 6240
0x8055C700 Faked ServiceTable-->googletalkplugin.exe [ ETHREAD 0x85E9BDA8 ] TID: 6248
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x857C9020 ] TID: 6256
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x8516C020 ] TID: 6276
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85E3E998 ] TID: 6284
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x85C8A020 ] TID: 6316
0x8055C700 Faked ServiceTable-->sqlwriter.exe [ ETHREAD 0x8570B2D0 ] TID: 6328
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x85AE87F8 ] TID: 6344
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x8545A2F0 ] TID: 6348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E0B020 ] TID: 6360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857901B0 ] TID: 6368
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8583F020 ] TID: 6388
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85ACB698 ] TID: 6400
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85F64020 ] TID: 6424
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85ADD830 ] TID: 6440
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x85791B40 ] TID: 6452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EC0020 ] TID: 6464
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8AC56120 ] TID: 6476
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x85AE8020 ] TID: 6480
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x85B313F0 ] TID: 6544
0x8055C700 Faked ServiceTable-->PresentationFontCache.exe [ ETHREAD 0x859F65A8 ] TID: 6552
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853EE020 ] TID: 6620
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x856DFDA8 ] TID: 6628
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EA4A30 ] TID: 6632
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x85A8B020 ] TID: 6636
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85914020 ] TID: 6656
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x8539E308 ] TID: 6672
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85210DA8 ] TID: 6696
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85E95580 ] TID: 6712
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84DC3020 ] TID: 6728
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x84A5A858 ] TID: 6732
0x8055C700 Faked ServiceTable-->igfxtray.exe [ ETHREAD 0x85AD22F0 ] TID: 6752
0x8055C700 Faked ServiceTable-->EXCEL.EXE [ ETHREAD 0x854D7020 ] TID: 6756
0x8055C700 Faked ServiceTable-->CcmExec.exe [ ETHREAD 0x851B5020 ] TID: 6760
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x8527F020 ] TID: 6772
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x85C95020 ] TID: 6780
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x8543A6A0 ] TID: 6820
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x8550A020 ] TID: 6824
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85DAB020 ] TID: 6852
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x84DC88B0 ] TID: 6856
0x8055C700 Faked ServiceTable-->igfxext.exe [ ETHREAD 0x853CCDA8 ] TID: 6872
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853922D8 ] TID: 6884
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85263020 ] TID: 6908
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85DF5B40 ] TID: 6940
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85E45020 ] TID: 6972
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x8607A228 ] TID: 6980
0x8055C700 Faked ServiceTable-->googletalkplugin.exe [ ETHREAD 0x852E91B0 ] TID: 6984
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x84F21748 ] TID: 7004
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86246A38 ] TID: 7008
0x8055C700 Faked ServiceTable-->communicator.exe [ ETHREAD 0x85DA0020 ] TID: 7012
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x86228AB8 ] TID: 7024
0x8055C700 Faked ServiceTable-->OUTLOOK.EXE [ ETHREAD 0x858BE978 ] TID: 7036
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E80840 ] TID: 7052
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x851DA020 ] TID: 7100
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x8606CDA8 ] TID: 7104
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x857A2020 ] TID: 7116
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F64DA8 ] TID: 7120
0x8055C700 Faked ServiceTable-->dllhost.exe [ ETHREAD 0x85268170 ] TID: 7124
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85AF45D0 ] TID: 7164
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x85A89210 ] TID: 7168
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x8525BA38 ] TID: 7176
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x8570B660 ] TID: 7208
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x854DAB10 ] TID: 7212
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85AE8CA8 ] TID: 7220
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x85A06478 ] TID: 7236
0x8055C700 Faked ServiceTable-->iviRegMgr.exe [ ETHREAD 0x859FB2E0 ] TID: 7244
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8550E1D8 ] TID: 7256
0x8055C700 Faked ServiceTable-->Rtvscan.exe [ ETHREAD 0x85CCE8D0 ] TID: 7260
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x858F3768 ] TID: 7264
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85880788 ] TID: 7268
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x860F1B88 ] TID: 7284
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x858AC878 ] TID: 7292
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x857E2950 ] TID: 7308
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85DD5948 ] TID: 7372
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8528B020 ] TID: 7388
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85EA5020 ] TID: 7392
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85EF1020 ] TID: 7416
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x851B68E0 ] TID: 7428
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x85D9C318 ] TID: 7484
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85DB6408 ] TID: 7488
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x859DC490 ] TID: 7492
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x853E9020 ] TID: 7496
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85520470 ] TID: 7516
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86420400 ] TID: 7532
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x85AF3878 ] TID: 7568
0x8055C700 Faked ServiceTable-->AcroRd32.exe [ ETHREAD 0x84F1C5E8 ] TID: 7572
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x854C1020 ] TID: 7580
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x857A7020 ] TID: 7596
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86138020 ] TID: 7636
0x8055C700 Faked ServiceTable-->AcSvc.exe [ ETHREAD 0x86096A28 ] TID: 7668
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85B668D0 ] TID: 7680
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85E3D020 ] TID: 7708
0x8055C700 Faked ServiceTable-->WINWORD.EXE [ ETHREAD 0x85F31020 ] TID: 7720
0x8055C700 Faked ServiceTable-->ccApp.exe [ ETHREAD 0x859E7D70 ] TID: 7740
0x8055C700 Faked ServiceTable-->PresentationFontCache.exe [ ETHREAD 0x854BE630 ] TID: 7748
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x85485D68 ] TID: 7768
0x8055C700 Faked ServiceTable-->gj4Gq2j2V7o2wDGk7.exe [ ETHREAD 0x84E29B48 ] TID: 7808
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85D75DA8 ] TID: 7820
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x852A6020 ] TID: 7852
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x853E0020 ] TID: 7856
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x851E8858 ] TID: 7876
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85C56020 ] TID: 7888
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x856DCB00 ] TID: 7892
0x8055C700 Faked ServiceTable-->PresentationFontCache.exe [ ETHREAD 0x85A68BE0 ] TID: 7900
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85EA3020 ] TID: 7904
0x8055C700 Faked ServiceTable-->ACTray.exe [ ETHREAD 0x8552F1B0 ] TID: 7916
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x851653E8 ] TID: 7940
0x8055C700 Faked ServiceTable-->POWERPNT.EXE [ ETHREAD 0x85403C70 ] TID: 7956
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85ED3020 ] TID: 7968
0x8055C700 Faked ServiceTable-->AgentService.exe [ ETHREAD 0x85DE96E8 ] TID: 7992
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x851A6020 ] TID: 8004
0x8055C700 Faked ServiceTable-->skypePM.exe [ ETHREAD 0x85246D00 ] TID: 8012
0x8055C700 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x862740F0 ] TID: 8016
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85782020 ] TID: 8044
0x8055C700 Faked ServiceTable-->Skype.exe [ ETHREAD 0x86236860 ] TID: 8048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ECEDA8 ] TID: 8052
0x8055C700 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x852351A8 ] TID: 8060
0x8055C700 Faked ServiceTable-->googletalk.exe [ ETHREAD 0x8577E160 ] TID: 8064
0x8055C700 Faked ServiceTable-->SynTPEnh.exe [ ETHREAD 0x85DB4020 ] TID: 8068
0x8055C700 Faked ServiceTable-->googletalkplugin.exe [ ETHREAD 0x85A5B3F8 ] TID: 8112
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85EE78C8 ] TID: 8120
0x8055C700 Faked ServiceTable-->SmcGui.exe [ ETHREAD 0x85ECB6D8 ] TID: 8136
0x8055C700 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8534EDA8 ] TID: 8168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E32C30 ] TID: 8172
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8535B020 ] TID: 8176
0x04C20000 Hidden Image-->PWMUIAux.resources.dll [ EPROCESS 0x861D6020 ] PID: 3052, 102400 bytes
0x04870000 Hidden Image-->UIAutomationTypes.dll [ EPROCESS 0x861D6020 ] PID: 3052, 110592 bytes
0x04150000 Hidden Image-->WindowsBase.dll [ EPROCESS 0x861D6020 ] PID: 3052, 1257472 bytes
0x03960000 Hidden Image-->PWMUICtl.DLL [ EPROCESS 0x861D6020 ] PID: 3052, 1445888 bytes
0x0B2E0000 Hidden Image-->office.dll [ EPROCESS 0x86500020 ] PID: 1760, 208896 bytes
0x0AE20000 Hidden Image-->extensibility.dll [ EPROCESS 0x86500020 ] PID: 1760, 28672 bytes
0x0B7F0000 Hidden Image-->PegasusImaging.WinForms.ImagXpress7.dll [ EPROCESS 0x86500020 ] PID: 1760, 3379200 bytes
0x04780000 Hidden Image-->System.Printing.dll [ EPROCESS 0x861D6020 ] PID: 3052, 364544 bytes
0x01280000 Hidden Image-->AMT_COM_InterfaceLib.dll [ EPROCESS 0x85C8DB30 ] PID: 4000, 36864 bytes
0x0E1D0000 Hidden Image-->stdole.dll [ EPROCESS 0x86500020 ] PID: 1760, 36864 bytes
0x0B3D0000 Hidden Image-->Microsoft.Office.Interop.Outlook.dll [ EPROCESS 0x86500020 ] PID: 1760, 397312 bytes
0x04290000 Hidden Image-->PresentationCore.dll [ EPROCESS 0x861D6020 ] PID: 3052, 4206592 bytes
0x03830000 Hidden Image-->AMT_SW_GUI.dll [ EPROCESS 0x85C8DB30 ] PID: 4000, 446464 bytes
0x04890000 Hidden Image-->PresentationCFFRasterizer.dll [ EPROCESS 0x861D6020 ] PID: 3052, 45056 bytes
0x038E0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x861D6020 ] PID: 3052, 507904 bytes
0x03C40000 Hidden Image-->PresentationFramework.dll [ EPROCESS 0x861D6020 ] PID: 3052, 5287936 bytes
0x038D0000 Hidden Image-->UIAutomationProvider.dll [ EPROCESS 0x861D6020 ] PID: 3052, 53248 bytes
0x047E0000 Hidden Image-->ReachFramework.dll [ EPROCESS 0x861D6020 ] PID: 3052, 536576 bytes
0x0C240000 Hidden Image-->CustomMarshalers.dll [ EPROCESS 0x86500020 ] PID: 1760, 81920 bytes
0x046A0000 Hidden Image-->PresentationUI.dll [ EPROCESS 0x861D6020 ] PID: 3052, 872448 bytes
Hi,
See if you can run this program
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) or from Here. (http://www.kaspersky.com/virusscanner)
Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
aneesh134
2010-12-16, 07:03
Ken,
I get the following error:
"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]"
Hi, Try this other scanner. I am just on hunt right now to see what it may find, I am not liking what RKU found.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
aneesh134
2010-12-16, 18:25
Here you go:
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\26\3d3fdfda-2ad15041 Java/TrojanDownloader.Agent.NCA trojan
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\29\32db20dd-3ac0898f multiple threats
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\3\1f258583-41139cb6 multiple threats
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\31\4ec704df-57991f68 Java/TrojanDownloader.Agent.NCA trojan
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\36\9120864-416e13f5 Java/TrojanDownloader.Agent.NCA trojan
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\44\4dd9a26c-2be02dd2 multiple threats
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\46\1d6c4fee-6315f793 Java/TrojanDownloader.Agent.NCA trojan
C:\Documents and Settings\546469\Application Data\Sun\Java\Deployment\cache\6.0\54\31353776-545053c9 Java/TrojanDownloader.Agent.NCA trojan
Lets run this cleaner, it will clear out all your temp files and also the java cache.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
aneesh134
2010-12-16, 19:27
COMBO FIX LOG:
ComboFix 10-12-15.07 - 546469 12/16/2010 10:12:22.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2996.1642 [GMT -8:00]
Running from: c:\documents and settings\546469\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\546469\LOCALS~1\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}3
c:\docume~1\546469\LOCALS~1\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}4
c:\docume~1\546469\LOCALS~1\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}5
c:\documents and settings\546469\Local Settings\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}3
c:\documents and settings\546469\Local Settings\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}4
c:\documents and settings\546469\Local Settings\Temp\{CE3E6AA4-16A5-44e2-863D-32BA5178BC62}5
c:\documents and settings\546469\Recent\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.
2010-12-16 17:10 . 2010-12-16 17:10 664 ----a-w- c:\windows\system32\d3d9caps.tmp
2010-12-16 17:08 . 2010-12-16 17:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-12-16 14:15 . 2010-12-16 14:15 -------- d-----w- c:\program files\ESET
2010-12-16 05:51 . 2010-12-16 05:51 -------- d-----w- c:\program files\Common Files\Skype
2010-12-08 16:56 . 2010-12-08 16:56 -------- d-----w- c:\program files\ERUNT
2010-12-04 00:58 . 2010-12-05 07:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-04 00:58 . 2010-12-04 01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-04 00:53 . 2010-12-04 00:54 -------- d-----w- c:\documents and settings\546469\Application Data\GetRightToGo
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-28 04:12 . 2010-11-28 04:12 -------- d-----w- c:\program files\Paint.NET
2010-11-28 04:12 . 2010-11-28 05:30 -------- d-----w- c:\documents and settings\546469\Local Settings\Application Data\Paint.NET
2010-11-24 15:15 . 2010-11-24 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-21 00:49 . 2010-11-21 00:49 -------- d-----w- c:\program files\iPod
2010-11-21 00:49 . 2010-11-21 00:50 -------- d-----w- c:\program files\iTunes
2010-11-21 00:45 . 2010-11-21 00:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-11-18 10:37 . 2010-11-18 10:37 -------- d-----w- c:\documents and settings\546469\Application Data\ScanSoft
2010-11-18 10:37 . 2010-11-18 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-11-18 10:00 . 2010-11-18 10:00 -------- d-----w- c:\documents and settings\546469\WINDOWS
2010-11-18 09:54 . 2010-11-18 10:07 -------- d-----w- c:\program files\Neat Business Cards
2010-11-18 09:34 . 2010-11-18 09:34 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-18 09:34 . 2010-11-18 09:34 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-18 09:34 . 2001-08-18 06:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-11-18 09:34 . 2001-08-18 06:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-11-18 09:24 . 2010-11-18 09:24 -------- d-----w- c:\documents and settings\546469\Local Settings\Application Data\IsolatedStorage
2010-11-18 09:11 . 2010-11-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2010-11-18 09:08 . 2010-11-18 09:08 -------- d-----w- c:\program files\MSXML 6.0
2010-11-18 09:07 . 2010-11-18 10:04 -------- d-----w- c:\program files\Microsoft SQL Server
2010-11-18 09:06 . 2010-11-18 10:06 -------- d-----w- c:\program files\Common Files\NeatReceipts
2010-11-18 09:06 . 2010-11-18 10:00 -------- d-----w- c:\program files\NeatReceipts Professional
2010-11-18 09:05 . 2010-11-18 09:05 -------- d-----w- c:\program files\NeatReceipts Setup
2010-11-17 21:29 . 2010-11-17 21:29 -------- d-----w- c:\documents and settings\546469\Local Settings\Application Data\Thunderbird
2010-11-17 21:29 . 2010-11-17 21:29 -------- d-----w- c:\documents and settings\546469\Application Data\Thunderbird
2010-11-17 21:28 . 2010-11-17 21:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-11-17 07:41 . 2010-11-17 07:41 323624 ----a-w- c:\windows\system32\wiaaut.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 01:42 . 2010-09-27 23:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 01:42 . 2010-09-27 23:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-29 07:46 . 2010-09-29 07:46 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-29 07:46 . 2010-03-25 03:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-28 23:44 . 2010-09-28 21:23 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 23:44 . 2010-09-28 21:23 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-28 08:10 . 2010-09-28 08:10 25128 ----a-w- c:\windows\system32\drivers\cdprku.sys
2010-11-17 15:44 . 2010-11-17 15:44 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-11-17 15:44 . 2010-11-17 15:44 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-11-17 15:44 . 2010-11-17 15:44 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-11-17 15:44 . 2010-11-17 15:44 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2010-10-02 12:34 . 2010-10-02 12:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\546469\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-11 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-12 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-02-09 115560]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-04 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-04 144920]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-01-06 513384]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-12-10 62312]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-03-01 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-03-01 181608]
"SgeEcView"="c:\program files\Utimaco\SafeGuard Easy\Ecview.exe" [2008-09-16 24653]
"EdWizard"="c:\program files\Utimaco\SafeGuard Easy\EdWizard.exe" [2008-09-16 352345]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 48904]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-17 5160288]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2010-05-05 241664]
"AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2008-11-10 244536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-02 30192]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
c:\documents and settings\546469\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2008-06-18 20:47 24692 ----a-w- c:\windows\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 22:54 89600 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Iron Mountain\\Connected BackupPC\\Agent.exe"=
R0 AES-256;AES-256;c:\windows\system32\drivers\AES256.sys [9/16/2008 1:19 PM 19712]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [7/23/2010 5:53 AM 24304]
R0 SgeFlt;SgeFlt;c:\windows\system32\drivers\SGEFLT.sys [9/16/2008 1:19 PM 63488]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [7/23/2010 5:49 AM 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 11:10 AM 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2/17/2010 11:29 AM 13480]
R2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [11/9/2008 8:38 PM 6608192]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [6/18/2008 12:46 PM 47504]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [7/23/2010 5:53 AM 132456]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\HOTKEY\cammute.exe [2/17/2010 11:29 AM 54632]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\Neat Business Cards\exec\NeatReceiptsDBController.exe [5/28/2008 1:56 PM 230744]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [7/23/2010 5:53 AM 53248]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 7:09 PM 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [8/14/2007 2:46 PM 10896]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2/17/2010 11:29 AM 63928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [7/23/2010 5:46 AM 2320920]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [6/18/2008 12:46 PM 121136]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [6/18/2008 12:46 PM 673872]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [7/23/2010 5:49 AM 127232]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [7/23/2010 5:41 AM 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/28/2010 3:31 AM 102448]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [6/18/2008 12:46 PM 2235760]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7/23/2010 5:47 AM 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/23/2010 5:47 AM 215040]
R3 LanProbe;LanProbe;c:\centenn.ial\AUDIT\lpx86.exe [9/28/2010 12:08 AM 229888]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [9/28/2010 12:39 PM 54544]
R3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [9/28/2010 12:39 PM 160400]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [9/28/2010 12:39 PM 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [9/28/2010 12:39 PM 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [9/28/2010 12:39 PM 115216]
R3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [9/28/2010 12:39 PM 160400]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [9/28/2010 12:39 PM 160400]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/28/2010 11:28 PM 136176]
S2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2/17/2010 11:29 AM 44984]
S3 cdprku;cdprku;c:\windows\system32\drivers\cdprku.sys [9/28/2010 12:10 AM 25128]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2/9/2010 11:57 AM 23888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/2/2010 4:34 AM 30192]
S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [11/9/2008 8:38 PM 45384]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2008 11:23 AM 29178224]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [9/28/2010 12:39 PM 22032]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [3/24/2010 5:08 PM 15744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2010-06-24 12:15 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 07:28]
2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 07:28]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821776373-1355476427-37174785-17242Core.job
- c:\documents and settings\546469\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-11 03:01]
2010-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1821776373-1355476427-37174785-17242UA.job
- c:\documents and settings\546469\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-11 03:01]
2010-12-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-07-23 06:13]
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{503CCF11-361E-4D2F-A360-0533D10F38F9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 01:36]
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{6C51F8C3-43A2-45BA-A241-C885282C1DA0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 01:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.macromedia.com/software/flash/about/installerRedirect.html
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: bah.com
Trusted Zone: booz.com
Trusted Zone: bah.com
Trusted Zone: booz.com
Trusted Zone: insidebooz.com
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\546469\Application Data\Mozilla\Firefox\Profiles\1swq8e76.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{ba930330-a721-11d3-a7b9-00500464ee16} - Sgedrse.Dll
ShellIconOverlayIdentifiers-{2030D939-54A7-4fea-9B06-49EA77EFC87F} - Sgedrse.Dll
HKLM-Run-ViperServices - c:\program files\Booz Allen Hamilton\Viper Directory Services\ViperServices.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Notify-ACNotify - ACNotify.dll
SafeBoot-Symantec Antvirus
AddRemove-Booz Toolbar Installer - c:\progra~1\BOOZAN~1\BOOZTO~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 10:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\SGGINA.DLL
c:\windows\system32\vrlogon.dll
c:\windows\system32\SGEGINA.DLL
c:\program files\Utimaco\SafeGuard Easy\CMFCAPI.DLL
c:\program files\Utimaco\SafeGuard Easy\FLTAPI.dll
c:\windows\system32\SGEGINATHK.DLL
c:\program files\Utimaco\SafeGuard Easy\EcView.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\program files\Utimaco\SafeGuard Easy\SgUicl.dll
c:\program files\Utimaco\SafeGuard Easy\CMessage.dll
c:\program files\Utimaco\SafeGuard Easy\SgWin32.dll
c:\program files\Utimaco\SafeGuard Easy\SCClass.dll
c:\program files\Utimaco\SafeGuard Easy\SGUICLRES.DLL
c:\program files\Utimaco\SafeGuard Easy\SGUICL.MSG
c:\program files\Utimaco\SafeGuard Easy\SGE_ERR0409.DLL
c:\program files\Utimaco\SafeGuard Easy\SGE_MSG0409.DLL
c:\program files\Utimaco\SafeGuard Easy\encviewer.ocx
c:\program files\Utimaco\SafeGuard Easy\sgea40.dll
c:\program files\Utimaco\SafeGuard Easy\CfgApi.dll
c:\program files\Utimaco\SafeGuard Easy\SGEDRV.dll
c:\program files\Utimaco\SafeGuard Easy\SGE_INFO0409.DLL
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Utimaco\SafeGuard Easy\DComSec.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\msxml3.dll
c:\program files\Utimaco\SafeGuard Easy\SecClassFactoryPS.dll
c:\program files\Utimaco\SafeGuard Easy\wkscfgsrvps.dll
- - - - - - - > 'Explorer.exe'(1920)
c:\windows\system32\WININET.dll
c:\program files\Utimaco\SafeGuard Easy\SgMsgBhk.dll
c:\program files\Utimaco\SafeGuard Easy\SgeDrse.dll
c:\program files\Utimaco\SafeGuard Easy\SgeUtil.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\program files\Bonjour\mDNSResponder.exe
c:\centenn.ial\AUDIT\cagent32.exe
c:\centenn.ial\AUDIT\xferwan.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Utimaco\SafeGuard Easy\SgeCtl.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
c:\windows\system32\dllhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\msdtc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Completion time: 2010-12-16 10:25:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-16 18:25
Pre-Run: 135,944,175,616 bytes free
Post-Run: 135,811,985,408 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0E84FAAA03519BE5945F9834A14452B9
Hi,
It will take some time to look over your Combofix log , in the meantime run these please.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
aneesh134
2010-12-19, 02:27
What next Ken? Thanks a lot!
See my prior post and run Malwarebytes and post the log, then run OTL and post the log please
aneesh134
2010-12-20, 09:52
Malware Bytes Log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5322
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/20/2010 12:41:40 AM
mbam-log-2010-12-20 (00-41-40).txt
Scan type: Quick scan
Objects scanned: 152000
Time elapsed: 4 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
aneesh134
2010-12-20, 10:08
OTL logfile created on: 12/20/2010 12:54:34 AM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\546469\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 4492 4492 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 283.42 Gb Total Space | 126.05 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive D: | 968.23 Mb Total Space | 157.92 Mb Free Space | 16.31% Space Free | Partition Type: FAT
Computer Name: BOOZ546469Kris2 | User Name: 546469 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\546469\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\CENTENN.IAL\AUDIT\xferwan.exe (FrontRange Solutions USA Inc. )
PRC - C:\CENTENN.IAL\AUDIT\lpx86.exe (FrontRange Solutions USA Inc. )
PRC - C:\CENTENN.IAL\AUDIT\cagent32.exe (FrontRange Solutions USA Inc. )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe (Iron Mountain Incorporated)
PRC - C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
PRC - C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\ecview.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
PRC - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
PRC - c:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies)
PRC - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
PRC - C:\Program Files\Neat Business Cards\exec\NeatReceiptsDBController.exe (Digital Business Processes)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\546469\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Utimaco\SafeGuard Easy\SgMsgBhk.dll (Utimaco Safeware AG)
MOD - C:\WINDOWS\ime\sptip.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ime\spgrmr.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll (Lenovo Group Limited)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (CentennialIPTransferAgent) -- C:\CENTENN.IAL\AUDIT\xferwan.exe (FrontRange Solutions USA Inc. )
SRV - (LanProbe) -- C:\CENTENN.IAL\AUDIT\lpx86.exe (FrontRange Solutions USA Inc. )
SRV - (CentennialClientAgent) -- C:\CENTENN.IAL\AUDIT\cagent32.exe (FrontRange Solutions USA Inc. )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo.)
SRV - (Lenovo.micmute) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AgentService) -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe (Iron Mountain Incorporated)
SRV - (WksCfgSrv) -- C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe (Utimaco Safeware AG)
SRV - (SgeCtl) -- C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe (Utimaco Safeware AG)
SRV - (SR_Watchdog) -- c:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- c:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (NeatReceipts Database Controller) -- C:\Program Files\Neat Business Cards\exec\NeatReceiptsDBController.exe (Digital Business Processes)
SRV - (TVT Scheduler) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101219.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101219.003\NAVENG.SYS (Symantec Corporation)
DRV - (cdprku) -- C:\WINDOWS\system32\drivers\cdprku.sys (FrontRange Solutions USA Inc. )
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (DozeHDD) -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (5U877) -- C:\WINDOWS\system32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (e1kexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1k5132.sys (Intel Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (IntcDAud) Intel(R) -- C:\WINDOWS\system32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (PTUMWVsp) -- C:\WINDOWS\system32\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNSP) -- C:\WINDOWS\system32\drivers\PTUMWNSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWNET) -- C:\WINDOWS\system32\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV - (PTUMWMdm) -- C:\WINDOWS\system32\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWFLT) -- C:\WINDOWS\system32\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV - (PTUMWCSP) -- C:\WINDOWS\system32\drivers\PTUMWCSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (PTUMWCDF) -- C:\WINDOWS\system32\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV - (PTUMWBus) -- C:\WINDOWS\system32\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV - (Impcd) -- C:\WINDOWS\system32\drivers\Impcd.sys (Intel Corporation)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (LV_Tracker) -- C:\WINDOWS\system32\drivers\LV_Tracker.sys ()
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (AES-256) -- C:\WINDOWS\SYSTEM32\DRIVERS\AES256.SYS (Utimaco Safeware AG)
DRV - (SgeFlt) -- C:\WINDOWS\SYSTEM32\DRIVERS\SGEFLT.SYS (Utimaco Safeware AG)
DRV - (CP_OMDRV) -- C:\WINDOWS\system32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\WINDOWS\system32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\WINDOWS\system32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\WINDOWS\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (stmtpm) -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys (STMicroelectronics, INC)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=616163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 17:47:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 20:48:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/17 13:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/11/17 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Mozilla\Extensions
[2010/11/17 13:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\546469\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/18 11:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Mozilla\Firefox\Profiles\1swq8e76.default\extensions
[2010/09/28 13:21:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\546469\Application Data\Mozilla\Firefox\Profiles\1swq8e76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 15:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 21:51:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/28 23:46:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/17 07:44:01 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/11/17 07:44:01 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/11/17 07:44:09 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2010/11/17 07:44:12 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/11/17 07:44:00 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/09/28 23:46:28 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2010/12/18 13:16:17 | 000,426,940 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14728 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe (FrontRange Solutions USA Inc. )
O4 - HKLM..\Run: [EdWizard] C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SgeEcView] C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\546469\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: bah.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: booz.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: insidebooz.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: bah.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: booz.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: insidebooz.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = booz.insidebooz.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ckpNotify: DllName - ckpNotify.dll - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\546469\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\546469\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/20 00:37:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\546469\Desktop\OTL.exe
[2010/12/18 17:59:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/16 10:09:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/16 10:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/16 10:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/16 10:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/16 10:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/16 10:07:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/16 09:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/12/16 06:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/15 21:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/08 08:56:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/08 08:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/03 16:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/03 16:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/03 16:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\546469\Desktop\Downloads
[2010/12/03 16:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\546469\Application Data\GetRightToGo
[2010/12/01 19:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/27 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/11/27 20:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\546469\Local Settings\Application Data\Paint.NET
[2010/11/24 07:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/20 16:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/20 16:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/20 16:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/07/23 05:47:40 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/12/20 00:55:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{503CCF11-361E-4D2F-A360-0533D10F38F9}.job
[2010/12/20 00:55:00 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C51F8C3-43A2-45BA-A241-C885282C1DA0}.job
[2010/12/20 00:52:04 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/12/20 00:38:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/20 00:37:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\546469\Desktop\OTL.exe
[2010/12/20 00:11:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1821776373-1355476427-37174785-17242UA.job
[2010/12/19 02:49:20 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1821776373-1355476427-37174785-17242Core.job
[2010/12/18 13:16:17 | 000,426,940 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/18 12:38:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/18 11:52:09 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2003.lnk
[2010/12/18 11:49:42 | 000,000,463 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2010/12/18 11:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/18 11:45:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/18 11:45:06 | 3141,185,536 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 10:26:15 | 000,494,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/16 10:26:15 | 000,090,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/16 10:19:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101218-131617.backup
[2010/12/16 10:10:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/16 10:01:01 | 003,992,805 | R--- | M] () -- C:\Documents and Settings\546469\Desktop\ComboFix.exe
[2010/12/16 09:10:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/15 21:51:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/12/15 13:59:52 | 000,013,856 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/12/12 17:23:53 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/12/10 12:47:59 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2003.lnk
[2010/12/08 08:57:16 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\dds.scr
[2010/12/08 08:56:43 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\546469\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/08 08:56:39 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\NTREGOPT.lnk
[2010/12/08 08:56:39 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\ERUNT.lnk
[2010/12/07 09:01:48 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2003.lnk
[2010/12/06 16:32:40 | 001,039,360 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\Open Needs and Availability 2010-12-06.xls
[2010/12/05 09:07:22 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\546469\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 16:58:39 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/03 16:58:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\Spybot - Search & Destroy.lnk
[2010/12/01 19:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 09:01:30 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2003.lnk
[2010/11/27 20:12:25 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/11/21 23:41:07 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\546469\Desktop\Shortcut to OLK6.lnk
[2010/11/20 16:50:54 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/12/16 10:10:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/16 10:10:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/16 10:08:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/16 10:08:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/16 10:08:12 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/16 10:08:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/16 10:08:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/16 10:00:44 | 003,992,805 | R--- | C] () -- C:\Documents and Settings\546469\Desktop\ComboFix.exe
[2010/12/12 17:23:53 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2010/12/08 18:00:25 | 001,039,360 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\Open Needs and Availability 2010-12-06.xls
[2010/12/08 08:57:14 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\dds.scr
[2010/12/08 08:56:43 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\546469\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/08 08:56:39 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\NTREGOPT.lnk
[2010/12/08 08:56:39 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\ERUNT.lnk
[2010/12/03 16:58:39 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\546469\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/12/03 16:58:38 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\Spybot - Search & Destroy.lnk
[2010/11/27 20:12:25 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2010/11/21 23:41:07 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\546469\Desktop\Shortcut to OLK6.lnk
[2010/11/20 16:50:54 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/05 21:18:36 | 000,368,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/03 06:28:57 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\546469\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 12:39:10 | 000,010,440 | ---- | C] () -- C:\WINDOWS\System32\ptumwcit.dll
[2010/09/28 12:33:44 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/28 12:26:35 | 000,000,148 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/09/28 12:26:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2010/07/23 06:08:28 | 000,000,777 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/07/23 06:07:28 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010/07/23 05:57:10 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/07/23 05:54:31 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/07/23 05:53:51 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/03/24 19:39:53 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/03/24 19:30:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/24 18:29:32 | 000,000,463 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/24 18:19:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/03/24 10:16:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/03 07:25:01 | 000,000,690 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2009/12/20 17:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/14 10:47:34 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/11/09 20:38:40 | 000,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2008/09/16 13:18:42 | 000,020,575 | ---- | C] () -- C:\WINDOWS\System32\Sgegina040C.Dll
[2008/09/16 13:18:38 | 000,020,575 | ---- | C] () -- C:\WINDOWS\System32\SgeGina0407.Dll
[2008/06/18 12:47:02 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/06/18 12:46:50 | 000,106,588 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll
[2007/08/16 11:33:38 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\loaddlln.dll
[2007/01/26 03:56:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2006/02/09 14:29:54 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010/09/28 13:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Avaya
[2010/11/11 10:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Collaboration Addin
[2010/12/03 16:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\GetRightToGo
[2010/11/12 07:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Juniper Networks
[2010/12/17 08:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\PrimoPDF
[2010/11/18 02:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\ScanSoft
[2010/09/27 13:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\think-cell
[2010/11/17 13:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\Thunderbird
[2010/11/17 07:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\546469\Application Data\webex
[2010/03/24 19:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Booz And Company
[2010/09/28 23:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Email Backup Optimization
[2010/11/12 07:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/11/18 02:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeatReceipts Professional
[2010/11/18 02:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/27 13:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/07/23 05:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/09/28 12:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/07/23 06:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/28 13:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/12/20 00:52:04 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010/12/20 00:55:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{503CCF11-361E-4D2F-A360-0533D10F38F9}.job
[2010/12/20 00:55:00 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C51F8C3-43A2-45BA-A241-C885282C1DA0}.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 12/20/2010 12:54:34 AM - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Documents and Settings\546469\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 4492 4492 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 283.42 Gb Total Space | 126.05 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive D: | 968.23 Mb Total Space | 157.92 Mb Free Space | 16.31% Space Free | Partition Type: FAT
Computer Name: BOOZ546469Kris2 | User Name: 546469 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
aneesh134
2010-12-20, 10:09
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)
"C:\Documents and Settings\546469\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\546469\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- (Check Point Software Technologies)
"C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" = C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe:*:Enabled:Agent User Interface -- (Iron Mountain Incorporated)
"C:\Documents and Settings\546469\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\546469\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04EB530D-EFBE-4624-BC83-611E557B9F03}" = STM TPM Driver 1.0.4.15 - 32 bits
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{226279A7-64EA-4F0F-897C-AC71596FF525}" = Neat OCR15
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{332C3B14-6578-4467-B1B2-7F694F633D0B}" = think-cell
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{40561111-C170-41FF-A029-9406F3042CEE}" = Viper Directory Services
"{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Intel(R) PROSet/Wireless WiFi Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65581228-D981-47F6-8E93-703808B8CB0E}" = SafeGuard® Easy Client 4.50.2
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{1956603A-E917-4448-8F90-EBC551A5534F}" =
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90AE0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Organization Chart 2.0
"{995C90B7-042C-44AF-9219-D9AEA9EAAEED}" = Neat Business Cards Scanner Drivers
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2289997-10A3-48F2-AA03-99180D761661}" = ThinkVantage Fingerprint Software 5.6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B26D54D6-9593-4D45-A355-1101D2FFCDF4}" = Discovery.MSP Client
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{c080d4ef-802c-403a-9f98-c86871edfb7c}" = Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}" = VZAccess Manager
"{EC56BAC0-6B62-4F3B-8C25-70D6D214D9D0}" = Collaboration Addin for Outlook
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5797F1E-0463-437D-950B-40C7DBA148AB}" = NeatReceipts Database Controller
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Booz MegaExcel" = Booz MegaExcel
"Booz Screensaver" = Booz Screensaver
"Booz Word Templates" = Booz Word Templates
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EXCEL" = Microsoft Office Excel 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now Lenovo Edition
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Neat Business Cards" = Neat Business Cards v2.1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel PROSet Wireless
"RDC" = RDC
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"ZipMail Outlook" = ZipMail Outlook
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.4.0" = Juniper Networks Cache Cleaner 6.4.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/1/2010 2:06:57 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.booz.com because it could not be resolved.
Error - 12/1/2010 2:06:57 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.booz.com because it could not be resolved.
Error - 12/1/2010 2:12:22 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.booz.com because it could not be resolved.
Error - 12/1/2010 2:12:43 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728647
Description = Communicator failed to connect to server sipinternal.booz.com (208.68.143.50)
on port 5061 due to error 10060. The server is not listening on the port in question,
the service is not running on this machine, the service is not responsive, or network
connectivity doesn't exist. Resolution: Please make sure that your workstation has
network connectivity. If you are using manual configuration, please double-check
the configuration. The network administrator should make sure that the service
is running on port 5061 on server sipinternal.booz.com (208.68.143.50).
Error - 12/1/2010 2:13:05 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728647
Description = Communicator failed to connect to server sipinternal.booz.com (208.68.143.50)
on port 5060 due to error 10060. The server is not listening on the port in question,
the service is not running on this machine, the service is not responsive, or network
connectivity doesn't exist. Resolution: Please make sure that your workstation has
network connectivity. If you are using manual configuration, please double-check
the configuration. The network administrator should make sure that the service
is running on port 5060 on server sipinternal.booz.com (208.68.143.50).
Error - 12/1/2010 2:13:07 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.booz.com because it could not be resolved.
Error - 12/1/2010 2:13:12 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.booz.com because it could not be resolved.
Error - 12/1/2010 2:13:14 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.booz.com because it could not be resolved.
Error - 12/1/2010 2:13:14 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sipexternal.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sipexternal.booz.com because it could not be resolved.
Error - 12/1/2010 2:18:22 AM | Computer Name = BOOZ546469Kris2 | Source = Communicator | ID = 15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sip.booz.com. Resolution: If you are using manual configuration for Communicator,
please check that the server name is typed correctly and in full. If you are using
automatic configuration, the network administrator will need to double-check the
DNS A record configuration for sip.booz.com because it could not be resolved.
[ OSession Events ]
Error - 10/8/2010 11:02:53 AM | Computer Name = BOOZ546469Kris2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 47225
seconds with 360 seconds of active time. This session ended with a crash.
Error - 10/21/2010 6:36:21 PM | Computer Name = BOOZ546469Kris2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 4057
seconds with 2940 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12/20/2010 1:14:12 AM | Computer Name = BOOZ546469Kris2 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BOOZ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 12/20/2010 1:14:23 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 1:29:25 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 1:59:26 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 2:59:26 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 3:50:24 AM | Computer Name = BOOZ546469Kris2 | Source = FW1 | ID = 1
Description = FW1: FW-1: last packet seen 2034 seconds ago, assumin-->
Error - 12/20/2010 3:50:24 AM | Computer Name = BOOZ546469Kris2 | Source = FW1 | ID = 1
Description = FW1: -->g clock change.
Error - 12/20/2010 3:51:02 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 4:06:04 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 12/20/2010 4:36:05 AM | Computer Name = BOOZ546469Kris2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.
< End of report >
Let me ask you, is this a company computer ?
aneesh134
2010-12-20, 15:30
yes this is a laptop that I have from my company. It comes with symantec protection, which I feel is not very effective.
aneesh,
Hate to tell you this but we just noticed this is a company computer and we don't work on company computers.
http://forums.spybot.info/showthread.php?t=288
You will have to have your IT department fix this for you
aneesh134
2010-12-20, 22:49
ok. no problem. thank you.