AV security suite keeps reinstalling

View previous topic View next topic Go down

AV security suite keeps reinstalling

Post by akbst5 on 9th June 2010, 12:24 am

AV security suite seems to keep installing itself on my machine. When I first got this I downloaded rkill, I already had malwarebytes. I went into safe mode, ran rkill (at which point the screen blinked and it said it only terminated rkill, and the "welcome to safe mode do you want to do a system restore" window came up) but I ran malwarebytes full scan, but it found nothing. Started my computer normally and it was still there. So I restarted and as soon as I could (before the process the malware was in could start) I ran rkill the screen kept blinking but eventually this is what it said was terminated:

C:documents and settingsadministratorlocal settingsapplication datarrmwdaeytmopxa.exe
C:Documents and SettingsAdministratorDesktoprkill.scr

Afterward AV security suite didn't start, I ran malwarebytes it found four things:

Registry Keys Infected:
HKEY_CURRENT_USERSoftwareavsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USERSoftwareavsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREavsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINESOFTWAREavsuite (Rogue.AntivirusSuite) -> No action taken.

I don't know why it says "No action taken" I did click remove. But then I restarted and it was still there. I found a program online called "Smitfraudfix.exe". I tried this, it got to the part where it said about cleaning the registry, I typed "y" and hit enter, the courser blinked and then the screen blinked (but didn't restart) and the log came up. I turned the computer back to normal mode and everything was gone. It was like a brand new computer. I was worried but restarted again and everything came back. It also seems that if I start the computer without the internet on then turn the internet on, it never seems to activate AV suite.

OTL logfile created on: 6/8/2010 8:06:55 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:Documents and SettingsAdministratorMy DocumentsDownloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 142.76 Gb Total Space | 46.10 Gb Free Space | 32.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AKBST5
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/08 19:59:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsAdministratorMy DocumentsDownloadsOTL.exe
PRC - [2010/06/07 22:42:15 | 000,864,112 | ---- | M] (Lavasoft) -- C:Program FilesLavasoftAd-AwareAAWTray.exe
PRC - [2010/06/07 22:42:12 | 001,352,320 | ---- | M] (Lavasoft) -- C:Program FilesLavasoftAd-AwareAAWService.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
PRC - [2010/04/03 00:55:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:Program FilesMozilla Firefoxfirefox.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVCM.EXE
PRC - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (absoƖute Software Corp.) -- C:WINDOWSsystem32rpcnet.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantecSymantec Endpoint ProtectionSmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
PRC - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () -- C:Program FilesThinkPadUtilitiesPWMDBSVC.exe
PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
PRC - [2008/05/29 04:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe
PRC - [2008/05/29 04:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:Program FilesIntelAMTLMS.exe
PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:Program FilesLenovoSystem UpdateSUService.exe
PRC - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:Program FilesCommon FilesLenovoSchedulertvtsched.exe
PRC - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoRescue and Recoveryrrservice.exe
PRC - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () -- C:Program FilesLenovoRescue and Recoveryrrpservice.exe
PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:WINDOWSsystem32TPHDEXLG.exe
PRC - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe
PRC - [2008/05/05 23:35:22 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:Program FilesIntelWiFibinEvtEng.exe
PRC - [2008/05/05 23:17:12 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:Program FilesIntelWiFibinS24EvMon.exe
PRC - [2008/05/05 23:06:30 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe
PRC - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) -- C:WINDOWSsystem32ibmpmsvc.exe
PRC - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) -- C:WINDOWSsystem32lxddcoms.exe
PRC - [2007/03/30 15:26:12 | 003,891,200 | ---- | M] (Cisco Systems) -- C:Program FilesCisco SystemsCisco Secure Services ClientConnectionClient.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:Program FilesViewpointCommonViewpointService.exe
PRC - [2006/08/01 15:35:36 | 000,067,112 | ---- | M] (America Online, Inc.) -- C:Program FilesAIMaim.exe


========== Modules (SafeList) ==========

MOD - [2010/06/08 19:59:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsAdministratorMy DocumentsDownloadsOTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/06/07 22:42:12 | 001,352,320 | ---- | M] (Lavasoft) [Auto | Running] -- C:Program FilesLavasoftAd-AwareAAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/03 09:38:52 | 000,056,680 | ---- | M] (absoƖute Software Corp.) [Auto | Running] -- C:WINDOWSsystem32rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program FilesCommon FilesSymantec SharedccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:Program FilesCommon FilesSymantec SharedccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 18:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:WINDOWSsystem32cusrvc.exe -- (cusrvc)
SRV - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:Program FilesThinkPadUtilitiesPWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:Program FilesSymantecLiveUpdateLuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/29 04:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe -- (UNS) Intel(R)
SRV - [2008/05/29 04:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program FilesIntelAMTLMS.exe -- (LMS) Intel(R)
SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:Program FilesLenovoSystem UpdateSUService.exe -- (SUService)
SRV - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:Program FilesCommon FilesLenovoSchedulertvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesLenovoRescue and Recoveryrrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:Program FilesLenovoRescue and Recoveryrrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:WINDOWSsystem32TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/05 23:35:22 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:Program FilesIntelWiFibinEvtEng.exe -- (EvtEng)
SRV - [2008/05/05 23:17:12 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:Program FilesIntelWiFibinS24EvMon.exe -- (S24EventMonitor)
SRV - [2008/05/05 23:06:30 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe -- (RegSrvc)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:Program FilesCommon FilesRoxio Shared10.0SharedCOMRoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:WINDOWSsystem32ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:WINDOWSSystem32spoolDRIVERSW32X863\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:WINDOWSSystem32lxddcoms.exe -- (lxdd_device)
SRV - [2007/03/30 15:26:12 | 003,891,200 | ---- | M] (Cisco Systems) [Auto | Running] -- C:Program FilesCisco SystemsCisco Secure Services ClientConnectionClient.exe -- (Cisco Secure Services Client)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:Program FilesCommon FilesInterVideoRegMgriviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:Program FilesViewpointCommonViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2010/06/07 22:43:16 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSLbd.sys -- (Lbd)
DRV - [2010/06/06 14:19:37 | 000,021,395 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversMtghouse.sys -- (Mtghouse)
DRV - [2010/06/06 14:18:00 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversSYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/06 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/17 09:55:04 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:Program FilesCommon FilesSymantec SharedVirusDefs20100607.034NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 09:55:04 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:Program FilesCommon FilesSymantec SharedVirusDefs20100607.034NAVENG.SYS -- (NAVENG)
DRV - [2009/10/06 09:54:20 | 000,814,592 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversCHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/06/27 07:32:37 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:WINDOWSsystem32driverstvtfilter.sys -- (tvtfilter)
DRV - [2009/06/27 07:32:13 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driverspmemnt.sys -- (pmem)
DRV - [2009/06/27 07:31:19 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspsadd.sys -- (psadd)
DRV - [2009/03/27 04:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverse1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/12/08 21:01:48 | 000,038,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversWGX.SYS -- (WGX)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverssrtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:WINDOWSsystem32driverssrtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:WINDOWSsystem32driverssrtspx.sys -- (SRTSPX)
DRV - [2008/08/28 18:00:14 | 000,553,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32NetWarenwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:WINDOWSSystem32DriversSYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSSystem32DriversSYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/18 11:57:22 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversati2mtag.sys -- (ati2mtag)
DRV - [2008/08/04 20:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32NetWaresrvloc.sys -- (SRVLOC)
DRV - [2008/08/04 20:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:WINDOWSsystem32NetWarenwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/30 15:00:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversTSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/07/28 12:43:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversTPPWRIF.SYS -- (TPPWRIF)
DRV - [2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSiaStor.sys -- (iaStor)
DRV - [2008/07/21 17:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32NetWarenwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 16:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:WINDOWSsystem32NetWareresmgr.sys -- (RESMGR)
DRV - [2008/07/21 16:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:WINDOWSsystem32NetWarenwdns.sys -- (NWDNS)
DRV - [2008/07/03 22:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversSynTP.sys -- (SynTP)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:WINDOWSSystem32DRIVERSApsx86.sys -- (Shockprf)
DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:WINDOWSSystem32DRIVERSApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:WINDOWSsystem32driversTPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/09 08:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:WINDOWSsystem32driverstvtumon.sys -- (tvtumon)
DRV - [2008/05/01 11:21:28 | 003,627,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversNETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSamdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32drivershdaudbus.sys -- (HDAudBus)
DRV - [2008/04/09 06:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversHSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 06:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversHSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 06:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversHSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/04 18:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:WINDOWSsystem32NetWarenwslp.sys -- (NWSLP)
DRV - [2008/03/26 01:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverstpm.sys -- (tpm)
DRV - [2008/03/26 01:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversHECI.sys -- (HECI) Intel(R)
DRV - [2008/03/20 15:32:24 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driverss24trans.sys -- (s24trans)
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverstvti2c.sys -- (TVTI2C)
DRV - [2008/02/20 05:57:46 | 000,022,696 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/02/15 05:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversrimmptsk.sys -- (rimmptsk)
DRV - [2008/01/08 13:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32driversnicm.sys -- (NICM)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversrixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversrimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32DLADLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:WINDOWSSystem32DriversDRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:WINDOWSsystem32driversDRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:WINDOWSsystem32driversDLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:WINDOWSsystem32driversDLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/22 13:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:WINDOWSsystem32NetWarenwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 16:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:WINDOWSsystem32NetWarenwhost.sys -- (NWHOST)
DRV - [2005/10/12 16:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:WINDOWSsystem32NetWarenwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/03/31 14:31:14 | 000,015,744 | R--- | M] (PASCO scientific) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversPSSensor.sys -- (PASCO) PASCO PASPORT USB Driver (PSSensor.sys)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnv4_mini.sys -- (nv)
DRV - [2003/02/26 17:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:WINDOWSsystem32NetWarenwsap.sys -- (NWSAP)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsymc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSsymc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSdac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSmraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSasc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSasc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERSaliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:WINDOWSsystem32DRIVERScmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 1
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" =
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=127.0.0.1:1091

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "Wikipedia (en)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://localweb.francis.edu/localwebhome.htm"


FF - HKLMsoftwaremozillaMozilla Firefox 3.6.3extensions\Components: C:Program FilesMozilla Firefoxcomponents [2010/05/25 11:49:29 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.6.3extensions\Plugins: C:Program FilesMozilla Firefoxplugins [2010/05/25 11:49:29 | 000,000,000 | ---D | M]

[2009/06/29 10:54:44 | 000,000,000 | ---D | M] -- C:Documents and SettingsAdministratorApplication DataMozillaExtensions
[2010/06/08 12:24:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfiles7cyprxh.defaultextensions
[2009/07/07 01:58:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfiles7cyprxh.defaultextensions{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/08 12:21:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfiles7cyprxh.defaultextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 23:55:34 | 000,000,952 | ---- | M] () -- C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfiles7cyprxh.defaultsearchpluginsyoutube-video-search.xml
[2010/06/08 12:24:13 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefoxextensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:Program FilesMozilla FirefoxpluginsnpViewpoint.dll

O1 HOSTS File: ([2010/06/08 16:20:35 | 000,000,734 | ---- | M]) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..Run: [] File not found
O4 - HKLM..Run: [Adobe Reader Speed Launcher] C:Program FilesAdobeReader 8.0ReaderReader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..Run: [BLOG] C:Program FilesThinkPadUtilitiesBATLOGEX.DLL ()
O4 - HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exe (Symantec Corporation)
O4 - HKLM..Run: [cqqybwguij] c:Documents and SettingsAdministratorLocal SettingsApplication Datarrmwdaeytmopxa.exe (Ajfsg)
O4 - HKLM..Run: [dcmsvc] C:Program Filesdcmsvcdcmsvc.exe ()
O4 - HKLM..Run: [EZEJMNAP] C:Program FilesThinkPadUtilitiesEZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..Run: [KernelFaultCheck] File not found
O4 - HKLM..Run: [lxddamon] C:Program FilesLexmark 2500 Serieslxddamon.exe ()
O4 - HKLM..Run: [lxddmon.exe] C:Program FilesLexmark 2500 Serieslxddmon.exe ()
O4 - HKLM..Run: [NDPS] C:WINDOWSsystem32dpmw32.exe (Novell, Inc.)
O4 - HKLM..Run: [NWTRAY] C:WINDOWSSystem32nwtray.exe (Novell, Inc.)
O4 - HKLM..Run: [PWRMGRTR] C:Program FilesThinkPadUtilitiesPWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..Run: [SmartAudio] C:Program FilesCONEXANTSAIISAIICpl.exe ()
O4 - HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..Run: [TPFNF7] C:Program FilesLenovoNPDIRECTTPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..Run: [TpShocks] C:WINDOWSSystem32TpShocks.exe (Lenovo.)
O4 - HKLM..Run: [yaysgtgijpvlt] c:documents and settingstemplocal settingsapplication datanyywqcpwehvpg.exe File not found
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl File not found
O4 - HKCU..Run: [cqqybwguij] c:Documents and SettingsAdministratorLocal SettingsApplication Datarrmwdaeytmopxa.exe (Ajfsg)
O4 - Startup: C:Documents and SettingsAdministratorStart MenuProgramsStartupWarner Bros.lnk = C:Program FilesWarner Bros. Digital Copy ManagerWarner Bros. Digital Copy Manager.exe File not found
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupPASPortal.lnk = C:WINDOWSInstaller{7AC82557-3E93-4896-83E0-6BCC1A869F98}NewShortcut1.exe (Macrovision Corporation)
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupWindows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe (Microsoft Corporation)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: CompatibleRUPSecurity = 1
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:Program FilesMicrosoft OfficeOffice12EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5Catalog_Entries00000000004 [] - C:WINDOWSsystem32NetWarenwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5Catalog_Entries00000000005 [] - C:WINDOWSsystem32NetWarenwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5Catalog_Entries00000000006 [] - C:WINDOWSsystem32NetWarenwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5Catalog_Entries00000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O15 - HKCU..Trusted Domains: francis.edu ([courses] https in Trusted sites)
O15 - HKCU..Trusted Domains: francis.edu ([localweb] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {A5B7052E-CE47-11D2-8B30-0004ACDA6405} [You must be registered and logged in to see this link.] (Acwc_ibm.Claims)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 136.142.57.10 136.142.188.73
O18 - ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 - ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:WINDOWSSystem32nwgina.dll (Novell, Inc.)
O20 - WinlogonNotifyAtiExtEvent: DllName - Ati2evxx.dll - C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)
O20 - WinlogonNotifymdc: DllName - SsoWindows.dll - C:WINDOWSSystem32SsoWindows.dll (Cisco Systems)
O20 - WinlogonNotifytpfnf2: DllName - C:Program FilesLenovoHOTKEYnotifyf2.dll - C:Program FilesLenovoHOTKEYnotifyf2.dll ()
O20 - WinlogonNotifytphotkey: DllName - C:Program FilesLenovoHOTKEYtphklock.dll - C:Program FilesLenovoHOTKEYtphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:Documents and SettingsAdministratorDesktopDTNot IPhoneDesktop Background Brown.bmp
O24 - Desktop BackupWallPaper: C:Documents and SettingsAdministratorDesktopDTNot IPhoneDesktop Background Brown.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:Program FilesWindows Desktop SearchMsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:WINDOWSSystem32nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5Shell - "" = AutoRun
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5ShellAutopLayCOmmaND - "" = I:tjbkg.exe -- File not found
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5ShellAutoRun - "" = Auto&Play
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5ShellAutoRuncommand - "" = I:tjbkg.exe -- File not found
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5ShellexpLoreCoMmAnd - "" = I:tjbkg.exe -- File not found
O33 - MountPoints2##STUDENT#DATA#USERS#STUDENT#MKAST5ShellopenCOmmand - "" = I:tjbkg.exe -- File not found
O33 - MountPoints2EShell - "" = AutoRun
O33 - MountPoints2EShellAutoRun - "" = Auto&Play
O33 - MountPoints2EShellAutoRuncommand - "" = E:LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:WINDOWSsystem32ias [2006/04/29 20:12:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanServer - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:Program FilesLavasoftAd-AwareAAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanServer - File not found
SafeBootNet: Lavasoft Ad-Aware Service - C:Program FilesLavasoftAd-AwareAAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%Outlook Expresssetup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFmsmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%Outlook Expresssetup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:WINDOWSsystem32ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:WINDOWSsystem32Rundll32.exe C:WINDOWSsystem32mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:WINDOWSsystem32ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:WINDOWSinfunregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:WINDOWSsystem32ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:WINDOWSsystem32rundll32.exe" "C:WINDOWSsystem32iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%system32shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:WINDOWSsystem32iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:WINDOWSsystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:WINDOWSSystem32sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:WINDOWSSystem32tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:WINDOWSSystem32iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:WINDOWSSystem32ir32_32.dll ()
Drivers32: vidc.iv32 - C:WINDOWSSystem32ir32_32.dll ()
Drivers32: vidc.iv41 - C:WINDOWSSystem32ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:WINDOWSSystem32ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/08 17:10:39 | 000,000,000 | ---D | C] -- C:Documents and SettingsAdministratorDesktopgmer
[2010/06/08 16:04:35 | 000,289,144 | ---- | C] (S!Ri) -- C:WINDOWSSystem32VCCLSID.exe
[2010/06/08 16:04:35 | 000,288,417 | ---- | C] (S!Ri) -- C:WINDOWSSystem32SrchSTS.exe
[2010/06/08 16:04:35 | 000,135,168 | ---- | C] (SteelWerX) -- C:WINDOWSSystem32swreg.exe
[2010/06/08 16:04:35 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32VACFix.exe
[2010/06/08 16:04:35 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32IEDFix.exe
[2010/06/08 16:04:35 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32IEDFix.C.exe
[2010/06/08 16:04:35 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32404Fix.exe
[2010/06/08 16:04:35 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32o4Patch.exe
[2010/06/08 16:04:35 | 000,079,360 | ---- | C] (SteelWerX) -- C:WINDOWSSystem32swxcacls.exe
[2010/06/08 16:04:35 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:WINDOWSSystem32Agent.OMZ.Fix.exe
[2010/06/08 16:04:35 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:WINDOWSSystem32Process.exe
[2010/06/08 12:25:41 | 000,000,000 | RH-D | C] -- C:Documents and SettingsAdministratorRecent
[2010/06/08 12:21:29 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner
[2010/06/08 12:16:59 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro
[2010/06/08 11:40:06 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataTEMP
[2010/06/07 22:46:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:WINDOWSSystem32driversLbd.sys
[2010/06/07 22:46:36 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:WINDOWSSystem32driversSBREDrv.sys
[2010/06/07 22:38:37 | 000,000,000 | -H-D | C] -- C:Documents and SettingsAll UsersApplication Data{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/07 22:38:23 | 000,000,000 | ---D | C] -- C:Program FilesLavasoft
[2010/06/07 22:38:23 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataLavasoft
[2010/06/07 17:13:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsAdministratorLocal SettingsApplication Datarrmwdae
[2010/06/07 17:12:45 | 000,000,000 | ---D | C] -- C:Documents and SettingsAdministratorLocal SettingsApplication DataWindows Server
[2010/06/07 12:20:32 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32winrm
[2010/06/07 12:20:25 | 000,000,000 | -H-D | C] -- C:WINDOWS$968930Uinstall_KB968930$
[2010/06/07 00:03:13 | 000,000,000 | -HSD | C] -- C:WINDOWSCSC
[2010/06/06 23:04:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAdministratorLocal SettingsApplication Datawnpoqjafo
[2010/06/06 19:20:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32browserchoice.exe
[2010/06/06 14:22:54 | 000,038,056 | ---- | C] (Symantec Corporation) -- C:WINDOWSSystem32driversWGX.SYS
[2010/06/06 14:19:47 | 000,000,000 | ---D | C] -- C:Program FilesPittNet
[2010/06/06 14:19:37 | 000,045,056 | ---- | C] (Meetinghouse Data Communications) -- C:WINDOWSSystem32mtgbctl.dll
[2010/06/06 14:19:37 | 000,021,395 | ---- | C] (Cisco Systems, Inc.) -- C:WINDOWSSystem32driversMtghouse.sys
[2010/06/06 14:19:28 | 000,000,000 | ---D | C] -- C:Program FilesCisco Systems
[2010/06/06 14:18:51 | 000,000,000 | ---D | C] -- C:Documents and SettingsAdministratorLocal SettingsApplication DataSymantec
[2010/06/06 14:17:46 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:WINDOWSSystem32S32EVNT1.DLL
[2010/06/06 14:17:45 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:WINDOWSSystem32driversSYMEVENT.SYS
[2010/06/06 14:15:47 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32capicom.dll
[2010/06/06 14:15:37 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesSymantec Shared
[2010/06/06 14:15:37 | 000,000,000 | ---D | C] -- C:Program FilesSymantec
[2010/06/06 14:15:37 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSymantec
[2010/05/25 11:51:41 | 000,000,000 | ---D | C] -- C:Program FilesiPod
[2010/05/25 11:51:29 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/25 11:51:28 | 000,000,000 | ---D | C] -- C:Program FilesiTunes
[2010/05/25 11:47:06 | 000,000,000 | ---D | C] -- C:Program FilesBonjour
[2009/09/06 19:39:10 | 001,232,896 | ---- | C] ( ) -- C:WINDOWSSystem32lxddserv.dll
[2009/09/06 19:39:10 | 000,999,424 | ---- | C] ( ) -- C:WINDOWSSystem32lxddusb1.dll
[2009/09/06 19:39:10 | 000,700,416 | ---- | C] ( ) -- C:WINDOWSSystem32lxddhbn3.dll
[2009/09/06 19:39:10 | 000,643,072 | ---- | C] ( ) -- C:WINDOWSSystem32lxddpmui.dll
[2009/09/06 19:39:10 | 000,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxddlmpm.dll
[2009/09/06 19:39:10 | 000,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxddinpa.dll
[2009/09/06 19:39:10 | 000,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxddiesc.dll
[2009/09/06 19:39:10 | 000,323,584 | ---- | C] ( ) -- C:WINDOWSSystem32LXDDhcp.dll
[2009/09/06 19:39:10 | 000,163,840 | ---- | C] ( ) -- C:WINDOWSSystem32lxddprox.dll
[2009/09/06 19:39:10 | 000,094,208 | ---- | C] ( ) -- C:WINDOWSSystem32lxddpplc.dll
[2009/09/06 19:39:09 | 000,684,032 | ---- | C] ( ) -- C:WINDOWSSystem32lxddcomc.dll
[2009/09/06 19:39:09 | 000,425,984 | ---- | C] ( ) -- C:WINDOWSSystem32lxddcomm.dll
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[1 C:Documents and SettingsAll Users*.tmp files -> C:Documents and SettingsAll Users*.tmp -> ]
[1 C:Documents and SettingsAdministratorMy Documents*.tmp files -> C:Documents and SettingsAdministratorMy Documents*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/08 20:04:02 | 000,000,900 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job
[2010/06/08 19:14:25 | 000,000,472 | ---- | M] () -- C:WINDOWStasksAd-Aware Update (Weekly).job
[2010/06/08 18:35:51 | 000,002,278 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2010/06/08 18:35:38 | 000,000,896 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job
[2010/06/08 18:35:22 | 000,017,408 | ---- | M] () -- C:WINDOWSSystem32rpcnetp.exe
[2010/06/08 18:35:20 | 000,056,680 | ---- | M] (absoƖute Software Corp.) -- C:WINDOWSSystem32rpcnet.dll
[2010/06/08 18:35:13 | 000,000,006 | -H-- | M] () -- C:WINDOWStasksSA.DAT
[2010/06/08 18:35:04 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2010/06/08 18:34:54 | 2124,439,552 | -HS- | M] () -- C:hiberfil.sys
[2010/06/08 17:22:45 | 000,000,316 | ---- | M] () -- C:WINDOWStasksPMTask.job
[2010/06/08 17:21:00 | 005,505,024 | -H-- | M] () -- C:Documents and SettingsAdministratorNTUSER.DAT
[2010/06/08 17:20:28 | 003,777,952 | -H-- | M] () -- C:Documents and SettingsAdministratorLocal SettingsApplication DataIconCache.db
[2010/06/08 17:16:20 | 000,002,245 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuProgramsStartupPASPortal.lnk
[2010/06/08 17:07:06 | 000,012,755 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopDamn virus.docx
[2010/06/08 17:03:02 | 000,525,824 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopdds.scr
[2010/06/08 16:46:59 | 000,017,408 | ---- | M] () -- C:WINDOWSSystem32rpcnetp.dll
[2010/06/08 16:45:01 | 000,000,178 | -HS- | M] () -- C:Documents and SettingsAdministratorntuser.ini
[2010/06/08 16:20:38 | 000,004,180 | ---- | M] () -- C:WINDOWSSystem32tmp.reg
[2010/06/08 14:07:43 | 000,002,463 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopHiJackThis.lnk
[2010/06/08 12:21:31 | 000,001,555 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopCCleaner.lnk
[2010/06/08 11:20:51 | 000,002,515 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopMicrosoft Office Word 2007.lnk
[2010/06/07 23:08:44 | 000,363,520 | ---- | M] () -- C:Documents and SettingsAdministratorDesktoprkill.scr
[2010/06/07 23:08:24 | 000,363,520 | ---- | M] () -- C:Documents and SettingsAdministratorDesktoprkill.exe
[2010/06/07 23:08:01 | 000,363,520 | ---- | M] () -- C:Documents and SettingsAdministratorDesktoprkill.com
[2010/06/07 22:46:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:WINDOWSSystem32driversSBREDrv.sys
[2010/06/07 22:43:16 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:WINDOWSSystem32driversLbd.sys
[2010/06/07 22:38:36 | 000,000,874 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAd-Aware.lnk
[2010/06/07 21:58:25 | 000,000,695 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopMalwarebytes' Anti-Malware.lnk
[2010/06/07 18:01:49 | 000,000,976 | ---- | M] () -- C:Documents and SettingsAdministratorDesktopShortcut to iExplore.exe.lnk
[2010/06/07 12:24:08 | 000,531,286 | ---- | M] () -- C:WINDOWSSystem32PerfStringBackup.INI
[2010/06/07 12:24:08 | 000,462,736 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat
[2010/06/07 12:24:08 | 000,078,516 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat
[2010/06/06 23:06:29 | 000,052,736 | ---- | M] () -- C:Documents and SettingsAdministratorLocal SettingsApplication Datasyssvc.exe
[2010/06/06 14:19:37 | 000,045,056 | ---- | M] (Meetinghouse Data Communications) -- C:WINDOWSSystem32mtgbctl.dll
[2010/06/06 14:19:37 | 000,021,395 | ---- | M] (Cisco Systems, Inc.) -- C:WINDOWSSystem32driversMtghouse.sys
[2010/06/06 14:18:00 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:WINDOWSSystem32driversSYMEVENT.SYS
[2010/06/06 14:18:00 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:WINDOWSSystem32S32EVNT1.DLL
[2010/06/06 14:18:00 | 000,010,563 | ---- | M] () -- C:WINDOWSSystem32driversSYMEVENT.CAT
[2010/06/06 14:18:00 | 000,000,805 | ---- | M] () -- C:WINDOWSSystem32driversSYMEVENT.INF
[2010/06/05 21:08:56 | 000,000,086 | ---- | M] () -- C:WINDOWSWPCMAPI.INI
[2010/06/04 22:52:40 | 000,000,186 | ---- | M] () -- C:WINDOWShpbafd.ini
[2010/05/28 23:36:27 | 000,017,958 | ---- | M] () -- C:Documents and SettingsAdministratorMy Documentsspreading lies lol.docx
[2010/05/25 11:52:10 | 000,001,804 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopiTunes.lnk
[2010/05/19 03:09:34 | 000,001,922 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Earth.lnk
[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
[1 C:Documents and SettingsAll Users*.tmp files -> C:Documents and SettingsAll Users*.tmp -> ]
[1 C:Documents and SettingsAdministratorMy Documents*.tmp files -> C:Documents and SettingsAdministratorMy Documents*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 17:02:59 | 000,525,824 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopdds.scr
[2010/06/08 16:45:55 | 2124,439,552 | -HS- | C] () -- C:hiberfil.sys
[2010/06/08 16:04:55 | 000,004,180 | ---- | C] () -- C:WINDOWSSystem32tmp.reg
[2010/06/08 16:04:35 | 000,075,776 | ---- | C] () -- C:WINDOWSSystem32WS2Fix.exe
[2010/06/08 16:04:35 | 000,051,200 | ---- | C] () -- C:WINDOWSSystem32dumphive.exe
[2010/06/08 16:04:35 | 000,040,960 | ---- | C] () -- C:WINDOWSSystem32swsc.exe
[2010/06/08 12:21:31 | 000,001,555 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopCCleaner.lnk
[2010/06/08 12:16:59 | 000,002,463 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopHiJackThis.lnk
[2010/06/08 11:21:27 | 000,012,755 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopDamn virus.docx
[2010/06/07 23:08:43 | 000,363,520 | ---- | C] () -- C:Documents and SettingsAdministratorDesktoprkill.scr
[2010/06/07 23:08:23 | 000,363,520 | ---- | C] () -- C:Documents and SettingsAdministratorDesktoprkill.exe
[2010/06/07 22:52:33 | 000,000,472 | ---- | C] () -- C:WINDOWStasksAd-Aware Update (Weekly).job
[2010/06/07 22:38:36 | 000,000,874 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAd-Aware.lnk
[2010/06/07 21:58:25 | 000,000,695 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopMalwarebytes' Anti-Malware.lnk
[2010/06/07 18:01:49 | 000,000,976 | ---- | C] () -- C:Documents and SettingsAdministratorDesktopShortcut to iExplore.exe.lnk
[2010/06/07 00:27:45 | 000,363,520 | ---- | C] () -- C:Documents and SettingsAdministratorDesktoprkill.com
[2010/06/06 23:06:28 | 000,052,736 | ---- | C] () -- C:Documents and SettingsAdministratorLocal SettingsApplication Datasyssvc.exe
[2010/06/06 14:26:54 | 000,003,123 | ---- | C] () -- C:Documents and SettingsAdministratorPittNetInstallLog.txt
[2010/06/06 14:17:46 | 000,010,563 | ---- | C] () -- C:WINDOWSSystem32driversSYMEVENT.CAT
[2010/06/06 14:17:45 | 000,000,805 | ---- | C] () -- C:WINDOWSSystem32driversSYMEVENT.INF
[2010/05/28 23:36:27 | 000,017,958 | ---- | C] () -- C:Documents and SettingsAdministratorMy Documentsspreading lies lol.docx
[2010/05/25 11:52:10 | 000,001,804 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopiTunes.lnk
[2010/05/19 03:09:34 | 000,001,922 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopGoogle Earth.lnk
[2009/09/06 19:40:56 | 000,040,960 | ---- | C] () -- C:WINDOWSSystem32lxddvs.dll
[2009/09/06 19:40:54 | 000,344,064 | ---- | C] () -- C:WINDOWSSystem32lxddcoin.dll
[2009/09/06 19:40:39 | 000,692,224 | ---- | C] () -- C:WINDOWSSystem32lxdddrs.dll
[2009/09/06 19:40:39 | 000,069,632 | ---- | C] () -- C:WINDOWSSystem32lxddcnv4.dll
[2009/09/06 19:40:39 | 000,065,536 | ---- | C] () -- C:WINDOWSSystem32lxddcaps.dll
[2009/09/06 19:40:19 | 000,000,044 | ---- | C] () -- C:WINDOWSSystem32lxddrwrd.ini
[2009/09/06 19:39:10 | 000,286,720 | ---- | C] () -- C:WINDOWSSystem32LXDDinst.dll
[2009/09/06 19:39:10 | 000,208,896 | ---- | C] () -- C:WINDOWSSystem32lxddgrd.dll
[2009/08/25 14:18:01 | 000,017,408 | ---- | C] () -- C:WINDOWSSystem32rpcnetp.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll
[2009/07/14 09:27:52 | 000,000,086 | ---- | C] () -- C:WINDOWSWPCMAPI.INI
[2009/07/14 09:24:42 | 000,000,011 | ---- | C] () -- C:WINDOWSNetWare.INI
[2009/07/02 01:07:25 | 000,000,186 | ---- | C] () -- C:WINDOWShpbafd.ini
[2009/06/27 07:37:36 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini
[2009/06/27 07:29:57 | 000,004,442 | ---- | C] () -- C:WINDOWSSystem32driversTPPWRIF.SYS
[2009/06/27 07:26:39 | 000,056,056 | ---- | C] () -- C:WINDOWSSystem32DLAAPI_W.DLL
[2009/06/27 07:26:39 | 000,000,120 | ---- | C] () -- C:WINDOWSwininit.ini
[2009/06/27 07:23:03 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll
[2009/06/27 07:23:03 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll
[2009/06/27 07:23:03 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll
[2009/06/27 07:23:03 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll
[2009/06/27 07:23:03 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll
[2009/06/27 07:23:03 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll
[2009/06/27 07:07:40 | 000,004,608 | ---- | C] () -- C:WINDOWSSystem32driversTSMAPIP.SYS
[2009/06/27 07:00:49 | 000,077,824 | ---- | C] () -- C:WINDOWSSystem32SynTPCoI.dll
[2008/08/27 14:23:52 | 000,262,227 | ---- | C] () -- C:WINDOWSSystem32nwshlxnt.dll
[2008/08/13 13:10:20 | 000,225,356 | ---- | C] () -- C:WINDOWSSystem32lgnwnt32.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:WINDOWSSystem32idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:WINDOWSSystem32gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:WINDOWSSystem32gthrctr.ini
[2007/06/06 09:51:09 | 000,757,818 | ---- | C] () -- C:WINDOWSSystem32gwadd1.dll
[2007/06/06 09:49:24 | 000,303,166 | ---- | C] () -- C:WINDOWSSystem32gwodm132.dll
[2007/06/06 09:20:03 | 000,098,354 | ---- | C] () -- C:WINDOWSSystem32GWLDO132.DLL
[2007/02/12 20:43:54 | 000,065,619 | ---- | C] () -- C:WINDOWSSystem32setupw2k.dll
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:WINDOWSSystem32OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:WINDOWSorun32.ini
[2006/03/27 15:08:34 | 000,040,960 | ---- | C] () -- C:WINDOWSSystem32nwslog32.dll
[2004/07/09 12:31:18 | 000,155,700 | ---- | C] () -- C:WINDOWSSystem32ODMA32.DLL
[2003/02/08 01:24:20 | 000,094,274 | ---- | C] () -- C:WINDOWSSystem32HPBHEALR.DLL
[2000/01/20 12:15:14 | 000,051,200 | ---- | C] () -- C:WINDOWSSystem32lgncon32.dll
[1999/06/30 07:48:00 | 000,028,672 | ---- | C] () -- C:WINDOWSSystem32dplgnw32.dll
[1999/01/11 07:37:36 | 000,002,757 | ---- | C] () -- C:WINDOWSSystem32rdrstats.ini
[1996/05/14 12:50:22 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32prtwin32.dll
[1995/08/22 11:36:12 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32nwpsrv32.dll

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 9th June 2010, 12:25 am

Sorry but I couldn't fit it all in one post.

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >
[2008/12/08 21:42:48 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:WINDOWSsystem32FwsVpn.dll
[2008/12/08 21:43:32 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:WINDOWSsystem32SymVPN.dll
[1 C:WINDOWSsystem32*.tmp files -> C:WINDOWSsystem32*.tmp -> ]

< %systemroot%system32*.exe /lockedfiles >
[1 C:WINDOWSsystem32*.tmp files -> C:WINDOWSsystem32*.tmp -> ]

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >
[2008/12/08 21:01:48 | 000,038,056 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:WINDOWSsystem32driversWGX.SYS

< %systemroot%System32config*.sav >
[2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:WINDOWSsystem32configdefault.sav
[2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:WINDOWSsystem32configsoftware.sav
[2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:WINDOWSsystem32configsystem.sav

< %systemroot%system32*.sys >
[2004/08/04 08:00:00 | 000,009,029 | ---- | M] () -- C:WINDOWSsystem32ansi.sys
[2004/08/04 08:00:00 | 000,027,097 | ---- | M] () -- C:WINDOWSsystem32country.sys
[2004/08/04 08:00:00 | 000,004,768 | ---- | M] () -- C:WINDOWSsystem32himem.sys
[2004/08/04 08:00:00 | 000,042,809 | ---- | M] () -- C:WINDOWSsystem32key01.sys
[2004/08/04 08:00:00 | 000,042,537 | ---- | M] () -- C:WINDOWSsystem32keyboard.sys
[2004/08/04 08:00:00 | 000,027,866 | ---- | M] () -- C:WINDOWSsystem32ntdos.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:WINDOWSsystem32ntdos404.sys
[2004/08/04 08:00:00 | 000,029,370 | ---- | M] () -- C:WINDOWSsystem32ntdos411.sys
[2004/08/04 08:00:00 | 000,029,274 | ---- | M] () -- C:WINDOWSsystem32ntdos412.sys
[2004/08/04 08:00:00 | 000,029,146 | ---- | M] () -- C:WINDOWSsystem32ntdos804.sys
[2004/08/04 08:00:00 | 000,033,840 | ---- | M] () -- C:WINDOWSsystem32ntio.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:WINDOWSsystem32ntio404.sys
[2004/08/04 08:00:00 | 000,035,648 | ---- | M] () -- C:WINDOWSsystem32ntio411.sys
[2004/08/04 08:00:00 | 000,035,424 | ---- | M] () -- C:WINDOWSsystem32ntio412.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] () -- C:WINDOWSsystem32ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32watchdog.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32win32k.sys
[1 C:WINDOWSsystem32*.tmp files -> C:WINDOWSsystem32*.tmp -> ]

< %systemroot%system32drivers*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversadv11nt5.dll
[2008/08/18 09:42:58 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:WINDOWSsystem32driversati2erec.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversatv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversatv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversatv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversatv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversatv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driverssiint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:WINDOWSsystem32driversvchnt5.dll

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT
[2009/06/30 00:07:21 | 000,000,211 | RHS- | M] () -- C:boot.ini
[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS
[2009/09/16 17:36:36 | 000,000,000 | ---- | M] () -- C:Excretion.log
[2010/06/08 18:34:54 | 2124,439,552 | -HS- | M] () -- C:hiberfil.sys
[2010/06/08 17:22:44 | 000,001,080 | ---- | M] () -- C:hubsvclog.txt
[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:IO.SYS
[2009/07/08 10:47:19 | 000,000,365 | -H-- | M] () -- C:IPH.PH
[2010/06/08 17:23:51 | 000,009,117 | ---- | M] () -- C:Log.txt
[2010/06/08 13:34:20 | 000,014,356 | ---- | M] () -- C:lxdd.log
[2010/06/07 12:49:43 | 000,000,109 | ---- | M] () -- C:mbam-error.txt
[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS
[2010/06/08 20:07:19 | 000,567,500 | ---- | M] () -- C:n.txt
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM
[2009/06/29 10:44:28 | 000,250,048 | RHS- | M] () -- C:NTLDR
[2010/06/08 18:34:53 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys
[2010/06/08 16:23:13 | 000,001,942 | ---- | M] () -- C:rapport.txt
[2010/06/06 14:19:01 | 000,005,714 | ---- | M] () -- C:reset.log
[2010/06/08 18:36:01 | 000,000,385 | ---- | M] () -- C:rkill.log
[2009/06/27 07:07:55 | 000,000,086 | ---- | M] () -- C:setup.log
[2010/06/08 18:36:39 | 003,495,247 | ---- | M] () -- C:sysiclog.txt
[2009/06/27 06:39:12 | 000,000,093 | ---- | M] () -- C:syslevel.lgl

< %PROGRAMFILES%*. >
[2009/07/15 10:52:49 | 000,000,000 | ---D | M] -- C:Program FilesAdobe
[2009/08/23 20:27:51 | 000,000,000 | ---D | M] -- C:Program FilesAIM
[2009/08/23 20:27:34 | 000,000,000 | ---D | M] -- C:Program FilesAOD
[2009/07/02 02:09:12 | 000,000,000 | ---D | M] -- C:Program FilesApple Software Update
[2009/06/27 07:13:34 | 000,000,000 | ---D | M] -- C:Program FilesATI Technologies
[2010/05/25 11:47:06 | 000,000,000 | ---D | M] -- C:Program FilesBonjour
[2010/06/08 12:21:35 | 000,000,000 | ---D | M] -- C:Program FilesCCleaner
[2010/06/06 14:19:28 | 000,000,000 | ---D | M] -- C:Program FilesCisco Systems
[2010/06/08 13:35:35 | 000,000,000 | ---D | M] -- C:Program FilesCommon Files
[2006/04/29 20:09:57 | 000,000,000 | ---D | M] -- C:Program FilesComPlus Applications
[2010/01/11 15:49:10 | 000,000,000 | ---D | M] -- C:Program FilesCONEXANT
[2009/06/29 10:08:34 | 000,000,000 | ---D | M] -- C:Program FilesCUAgent
[2009/09/16 17:36:51 | 000,000,000 | ---D | M] -- C:Program FilesDataStudio
[2009/12/17 00:22:21 | 000,000,000 | ---D | M] -- C:Program Filesdcmsvc
[2009/09/16 17:36:27 | 000,000,000 | ---D | M] -- C:Program FilesDIFX
[2009/06/27 07:10:15 | 000,000,000 | ---D | M] -- C:Program FilesDigital Line Detect
[2010/01/14 09:37:44 | 000,000,000 | ---D | M] -- C:Program FilesFoxit Software
[2010/05/19 03:09:19 | 000,000,000 | ---D | M] -- C:Program FilesGoogle
[2009/09/16 17:36:23 | 000,000,000 | -H-D | M] -- C:Program FilesInstallShield Installation Information
[2009/06/27 07:07:03 | 000,000,000 | ---D | M] -- C:Program FilesIntel
[2010/06/07 12:22:38 | 000,000,000 | ---D | M] -- C:Program FilesInternet Explorer
[2009/06/27 07:22:59 | 000,000,000 | ---D | M] -- C:Program FilesInterVideo
[2010/05/25 11:51:41 | 000,000,000 | ---D | M] -- C:Program FilesiPod
[2010/05/25 11:52:07 | 000,000,000 | ---D | M] -- C:Program FilesiTunes
[2009/07/14 13:09:12 | 000,000,000 | ---D | M] -- C:Program FilesJava
[2010/06/07 22:38:46 | 000,000,000 | ---D | M] -- C:Program FilesLavasoft
[2009/06/30 00:18:10 | 000,000,000 | ---D | M] -- C:Program FilesLenovo
[2009/09/06 19:40:41 | 000,000,000 | ---D | M] -- C:Program FilesLexmark 2500 Series
[2009/09/06 19:40:19 | 000,000,000 | ---D | M] -- C:Program FilesLexmark Toolbar
[2010/04/28 20:52:35 | 000,000,000 | ---D | M] -- C:Program FilesLx_cats
[2010/06/08 15:43:08 | 000,000,000 | ---D | M] -- C:Program FilesMalwarebytes' Anti-Malware
[2009/11/04 15:30:01 | 000,000,000 | ---D | M] -- C:Program FilesMEGA 4
[2009/06/29 13:56:05 | 000,000,000 | ---D | M] -- C:Program FilesMessenger
[2010/03/24 16:08:03 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft
[2009/07/02 00:23:19 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft CAPICOM 2.1.0.2
[2006/04/29 20:17:09 | 000,000,000 | ---D | M] -- C:Program Filesmicrosoft frontpage
[2009/06/30 00:46:52 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Office
[2010/06/06 14:12:58 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Silverlight
[2009/06/30 00:46:51 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Visual Studio
[2009/06/30 00:44:16 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Visual Studio 8
[2009/07/02 00:27:05 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft Works
[2009/06/30 00:46:35 | 000,000,000 | ---D | M] -- C:Program FilesMicrosoft.NET
[2010/03/10 04:02:54 | 000,000,000 | ---D | M] -- C:Program FilesMovie Maker
[2010/04/03 00:55:57 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefox
[2009/06/30 09:43:03 | 000,000,000 | ---D | M] -- C:Program FilesMSBuild
[2009/06/30 00:27:39 | 000,000,000 | ---D | M] -- C:Program FilesMSN
[2006/04/29 20:09:32 | 000,000,000 | ---D | M] -- C:Program FilesMSN Gaming Zone
[2009/06/27 07:00:25 | 000,000,000 | ---D | M] -- C:Program FilesMSXML 4.0
[2009/06/29 10:45:19 | 000,000,000 | ---D | M] -- C:Program FilesNetMeeting
[2009/06/27 07:10:10 | 000,000,000 | ---D | M] -- C:Program FilesNetWaiting
[2006/04/29 20:11:29 | 000,000,000 | ---D | M] -- C:Program FilesOnline Services
[2010/05/18 11:48:08 | 000,000,000 | ---D | M] -- C:Program FilesOutlook Express
[2009/06/27 07:37:07 | 000,000,000 | ---D | M] -- C:Program FilesPCDR5
[2010/06/06 14:19:47 | 000,000,000 | ---D | M] -- C:Program FilesPittNet
[2010/05/25 11:49:28 | 000,000,000 | ---D | M] -- C:Program FilesQuickTime
[2009/06/30 09:42:59 | 000,000,000 | ---D | M] -- C:Program FilesReference Assemblies
[2009/06/27 07:25:04 | 000,000,000 | ---D | M] -- C:Program FilesRoxio
[2009/06/27 07:26:40 | 000,000,000 | ---D | M] -- C:Program FilesSonic Icons for Lenovo
[2010/06/06 14:18:02 | 000,000,000 | ---D | M] -- C:Program FilesSymantec
[2009/06/27 07:00:48 | 000,000,000 | ---D | M] -- C:Program FilesSynaptics
[2009/06/30 00:18:17 | 000,000,000 | ---D | M] -- C:Program FilesThinkPad
[2009/06/27 07:26:47 | 000,000,000 | ---D | M] -- C:Program FilesThinkVantage
[2010/06/08 12:16:59 | 000,000,000 | ---D | M] -- C:Program FilesTrend Micro
[2006/04/29 20:21:19 | 000,000,000 | -H-D | M] -- C:Program FilesUninstall Information
[2010/04/25 22:44:37 | 000,000,000 | ---D | M] -- C:Program FilesUniversity of Illinois
[2009/07/08 10:43:37 | 000,000,000 | ---D | M] -- C:Program FilesViewpoint
[2010/03/27 01:27:28 | 000,000,000 | ---D | M] -- C:Program FilesWindows Desktop Search
[2009/06/30 00:22:12 | 000,000,000 | ---D | M] -- C:Program FilesWindows Live Toolbar
[2009/12/17 00:33:50 | 000,000,000 | ---D | M] -- C:Program FilesWindows Media Connect 2
[2009/12/17 00:33:48 | 000,000,000 | ---D | M] -- C:Program FilesWindows Media Player
[2009/07/14 09:25:36 | 000,000,000 | ---D | M] -- C:Program FilesWindows NT
[2006/04/29 20:11:34 | 000,000,000 | -H-D | M] -- C:Program FilesWindowsUpdate
[2006/04/29 20:17:09 | 000,000,000 | ---D | M] -- C:Program Filesxerox

< %appdata%*.* >
[2006/04/29 20:04:07 | 000,000,062 | -HS- | M] () -- C:Documents and SettingsAdministratorApplication Datadesktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:I386sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:AGP440.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:AGP440.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSServicePackFilesi386agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSsystem32driversagp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:WINDOWS$NtServicePackUninstall$agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:I386sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:atapi.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:atapi.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:atapi.sys
[2007/04/03 06:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:WINDOWS$NtServicePackUninstall$atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSServicePackFilesi386atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32driversatapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:I386sp2.cab:disk.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:disk.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:disk.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:WINDOWS$NtServicePackUninstall$disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:WINDOWSServicePackFilesi386disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:WINDOWSsystem32driversdisk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSServicePackFilesi386eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSsystem32eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:WINDOWS$NtServicePackUninstall$eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:driversotherIaStor.sys
[2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:SWTOOLSDRIVERSIMSMIaStor.sys
[2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:WINDOWSsystem32driversiaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSServicePackFilesi386netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSsystem32netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:WINDOWS$NtServicePackUninstall$netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:WINDOWS$NtServicePackUninstall$scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSServicePackFilesi386scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSsystem32scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:I386sp2.cab:usbstor.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp2.cab:usbstor.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSDriver Cachei386sp3.cab:usbstor.sys
[2009/06/29 10:43:31 | 023,852,652 | ---- | M] () .cab file -- C:WINDOWSServicePackFilesi386sp3.cab:usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:WINDOWSServicePackFilesi386usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:WINDOWSsystem32dllcacheusbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:WINDOWSsystem32driversUSBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall\LastSuccessTime: 2010-06-08 23:42:40

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:DFC5A2B2
< End of report >

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by Dr Jay on 9th June 2010, 6:39 am

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:
  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or
    see [You must be registered and logged in to see this link.].

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.





Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14294
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302921
# Likes # Likes : 10

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 9th June 2010, 3:48 pm

I know I shouldn't have acted without advice but my computer is a clone of other ones issued to students at the school, so I deleted that .exe cause I didn't find it on the other computers and it wasn't in system 32. it doesn't start up anymore, but I want to make sure everything is gone for good. Here is the log:


ComboFix 10-06-08.05 - Administrator 06/09/2010 11:38:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.1085 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\syssvc.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\invokesi.exe
C:\n.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\fonts
c:\windows\system32\fonts\DataStudioSymbol.TTF
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-08 16:21 . 2010-06-08 16:21 -------- d-----w- c:\program files\CCleaner
2010-06-08 16:16 . 2010-06-08 16:16 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-08 16:16 . 2010-06-08 16:16 -------- d-----w- c:\program files\Trend Micro
2010-06-08 15:40 . 2010-06-08 15:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-08 02:46 . 2010-06-08 02:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-08 02:46 . 2010-06-08 02:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-08 02:38 . 2010-06-08 02:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-08 02:38 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-08 02:38 . 2010-06-08 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-08 02:38 . 2010-06-08 02:38 -------- d-----w- c:\program files\Lavasoft
2010-06-07 16:20 . 2010-06-07 16:20 -------- d-----w- c:\windows\system32\winrm
2010-06-07 16:20 . 2010-06-07 16:20 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-06-07 03:04 . 2010-06-07 18:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\wnpoqjafo
2010-06-06 23:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-06 18:23 . 2010-06-06 18:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-06-06 18:22 . 2008-12-09 01:01 38056 ----a-w- c:\windows\system32\drivers\WGX.SYS
2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\program files\PittNet
2010-06-06 18:19 . 2010-06-06 18:19 45056 ----a-w- c:\windows\system32\mtgbctl.dll
2010-06-06 18:19 . 2010-06-06 18:19 21395 ----a-w- c:\windows\system32\drivers\Mtghouse.sys
2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\program files\Cisco Systems
2010-06-06 18:18 . 2010-06-06 18:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-06-06 18:17 . 2010-06-06 18:18 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-06 18:17 . 2010-06-06 18:18 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\program files\Symantec
2010-05-25 15:51 . 2010-05-25 15:51 -------- d-----w- c:\program files\iPod
2010-05-25 15:51 . 2010-05-25 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-25 15:51 . 2010-05-25 15:52 -------- d-----w- c:\program files\iTunes
2010-05-25 15:47 . 2010-05-25 15:47 -------- d-----w- c:\program files\Bonjour
2010-05-25 15:43 . 2010-05-25 15:43 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 15:23 . 2009-08-25 18:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-09 01:59 . 2009-07-16 13:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-08 20:46 . 2009-08-25 18:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-08 19:43 . 2010-03-13 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 16:24 . 2009-06-30 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-06 18:18 . 2010-06-06 18:17 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-06 18:18 . 2010-06-06 18:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-06 18:12 . 2010-03-24 20:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 18:11 . 2009-07-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-25 15:51 . 2009-08-24 01:10 -------- d-----w- c:\program files\Common Files\Apple
2010-05-25 15:49 . 2009-12-17 05:03 -------- d-----w- c:\program files\QuickTime
2010-05-19 07:09 . 2010-03-13 16:54 -------- d-----w- c:\program files\Google
2010-04-29 19:39 . 2010-03-13 16:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-13 16:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 00:52 . 2009-09-06 23:41 -------- d-----w- c:\program files\Lx_cats
2010-04-26 02:46 . 2010-04-26 02:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
2010-04-26 02:45 . 2010-04-26 02:45 766 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}\ARPPRODUCTICON.exe
2010-04-26 02:45 . 2010-04-26 02:45 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
2010-04-26 02:44 . 2010-04-26 02:44 -------- d-----w- c:\program files\University of Illinois
2010-04-16 12:33 . 2009-08-24 01:10 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2009-08-24 01:10 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 14:47 . 2010-04-09 14:47 7576964 ----a-w- c:\documents and settings\All Users\SPL5B.tmp
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PASPortal.lnk - c:\windows\Installer\{7AC82557-3E93-4896-83E0-6BCC1A869F98}\NewShortcut1.exe [2009-9-16 40960]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
2007-03-30 19:26 466944 ----a-w- c:\windows\system32\SsoWindows.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\SWTOOLS\\Apps\\compu\\ctmweb.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/7/2010 10:46 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144]
R2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe [3/30/2007 3:26 PM 3891200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Mtghouse;Meetinghouse 802.1x Protocol v3.7.1.0;c:\windows\system32\drivers\Mtghouse.sys [6/6/2010 2:19 PM 21395]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/27/2009 7:29 AM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [6/27/2009 7:03 AM 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2009 10:43 AM 24652]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/27/2009 6:38 AM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2010 2:58 PM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 12:54 PM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [9/6/2009 7:40 PM 99248]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);c:\windows\system32\drivers\PSSensor.sys [3/31/2005 2:31 PM 15744]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 2:56 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:42]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 16:54]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 16:54]

2010-06-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-27 16:43]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:1091
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: francis.edu\courses
Trusted Zone: francis.edu\localweb
DPF: {A5B7052E-CE47-11D2-8B30-0004ACDA6405} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\07cyprxh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.search.selectedengine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cqqybwguij - c:\documents and settings\administrator\local settings\application data\rrmwdae\ytmopxa.exe
HKLM-Run-cqqybwguij - c:\documents and settings\administrator\local settings\application data\rrmwdae\ytmopxa.exe
HKLM-Run-yaysgtgijpvlt - c:\documents and settings\temp\local settings\application data\nyywqc\pwehvpg.exe
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-09 11:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1822986460-2928300826-2325489661-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,fb,00,ad,53,04,a1,4d,95,15,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,fb,00,ad,53,04,a1,4d,95,15,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SsoWindows.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-06-09 11:42:44
ComboFix-quarantined-files.txt 2010-06-09 15:42

Pre-Run: 52,517,613,568 bytes free
Post-Run: 53,027,454,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1F11399991D2FE6A8FBD61AE5ACA2A31

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by Dr Jay on 9th June 2010, 10:59 pm

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the box below into it:
    killall::

    dirlook::
    c:\windows\system32\winrm
    c:\documents and settings\Administrator\Local Settings\Application Data\wnpoqjafo
    c:\windows\$968930Uinstall_KB968930$

    DDS::
    uInternet Settings,ProxyOverride =
    uInternet Settings,ProxyServer = http=127.0.0.1:1091

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14294
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302921
# Likes # Likes : 10

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 9th June 2010, 11:30 pm

A program I have on my computer for class started an automatic update upon restart, I clicked cancel, I hope that didn't mess with the log.

ComboFix 10-06-09.01 - Administrator 06/09/2010 19:15:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2026.1138 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.txt

.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-08 16:21 . 2010-06-08 16:21 -------- d-----w- c:\program files\CCleaner
2010-06-08 16:16 . 2010-06-08 16:16 -------- d-----w- c:\program files\Trend Micro
2010-06-08 15:40 . 2010-06-08 15:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-08 02:46 . 2010-06-08 02:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-08 02:46 . 2010-06-08 02:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-08 02:38 . 2010-06-08 02:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-08 02:38 . 2010-06-08 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-08 02:38 . 2010-06-08 02:38 -------- d-----w- c:\program files\Lavasoft
2010-06-07 16:20 . 2010-06-07 16:20 -------- d-----w- c:\windows\system32\winrm
2010-06-07 16:20 . 2010-06-07 16:20 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-06-07 03:04 . 2010-06-07 18:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\wnpoqjafo
2010-06-06 23:20 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-06 18:23 . 2010-06-06 18:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-06-06 18:22 . 2008-12-09 01:01 38056 ----a-w- c:\windows\system32\drivers\WGX.SYS
2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\program files\PittNet
2010-06-06 18:19 . 2010-06-06 18:19 45056 ----a-w- c:\windows\system32\mtgbctl.dll
2010-06-06 18:19 . 2010-06-06 18:19 21395 ----a-w- c:\windows\system32\drivers\Mtghouse.sys
2010-06-06 18:19 . 2010-06-06 18:19 -------- d-----w- c:\program files\Cisco Systems
2010-06-06 18:18 . 2010-06-06 18:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-06-06 18:17 . 2010-06-06 18:18 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-06 18:17 . 2010-06-06 18:18 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-06 18:15 . 2010-06-06 18:18 -------- d-----w- c:\program files\Symantec
2010-05-25 15:51 . 2010-05-25 15:51 -------- d-----w- c:\program files\iPod
2010-05-25 15:51 . 2010-05-25 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-25 15:51 . 2010-05-25 15:52 -------- d-----w- c:\program files\iTunes
2010-05-25 15:47 . 2010-05-25 15:47 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 23:20 . 2009-08-25 18:17 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-09 23:19 . 2009-07-16 13:54 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-06-08 20:46 . 2009-08-25 18:18 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-06-08 19:43 . 2010-03-13 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 16:16 . 2010-06-08 16:16 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-07 16:24 . 2009-06-30 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-06 18:18 . 2010-06-06 18:17 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-06 18:18 . 2010-06-06 18:17 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-06 18:12 . 2010-03-24 20:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 18:11 . 2009-07-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-25 15:51 . 2009-08-24 01:10 -------- d-----w- c:\program files\Common Files\Apple
2010-05-25 15:49 . 2009-12-17 05:03 -------- d-----w- c:\program files\QuickTime
2010-05-25 15:43 . 2010-05-25 15:43 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-19 07:09 . 2010-03-13 16:54 -------- d-----w- c:\program files\Google
2010-04-29 19:39 . 2010-03-13 16:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-13 16:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 00:52 . 2009-09-06 23:41 -------- d-----w- c:\program files\Lx_cats
2010-04-26 02:46 . 2010-04-26 02:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
2010-04-26 02:45 . 2010-04-26 02:45 766 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}\ARPPRODUCTICON.exe
2010-04-26 02:45 . 2010-04-26 02:45 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
2010-04-26 02:44 . 2010-04-26 02:44 -------- d-----w- c:\program files\University of Illinois
2010-04-16 12:33 . 2009-08-24 01:10 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2009-08-24 01:10 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 14:47 . 2010-04-09 14:47 7576964 ----a-w- c:\documents and settings\All Users\SPL5B.tmp
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator\Local Settings\Application Data\wnpoqjafo ----


---- Directory of c:\windows\$968930Uinstall_KB968930$ ----

2010-06-07 16:20 . 2009-06-17 22:59 221488 -c----w- c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.exe
2010-06-07 16:20 . 2010-06-07 16:21 78633 -c--a-w- c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.inf
2010-06-07 16:20 . 2009-06-17 22:59 379184 -c----w- c:\windows\$968930Uinstall_KB968930$\spuninst\updspapi.dll
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00109
2010-06-07 16:20 . 2010-06-07 16:20 17082 -c--a-w- c:\windows\$968930Uinstall_KB968930$\spuninst\spuninst.txt
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00107
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00108
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00106
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00104
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00105
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00103
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00102
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00100
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00101
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00098
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00099
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00095
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00096
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00097
2010-06-07 16:20 . 2010-06-07 16:20 8192 -c--a-w- c:\windows\$968930Uinstall_KB968930$\reg00088
2010-06-07 16:20 . 2007-06-30 18:48 1801 -c----w- c:\windows\$968930Uinstall_KB968930$\default.help.txt
2010-06-07 16:20 . 2007-06-30 18:49 10475 -c----w- c:\windows\$968930Uinstall_KB968930$\profile.ps1
2010-06-07 16:20 . 2007-06-30 18:48 2711 -c----w- c:\windows\$968930Uinstall_KB968930$\about_while.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 5415 -c----w- c:\windows\$968930Uinstall_KB968930$\about_special_characters.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 6210 -c----w- c:\windows\$968930Uinstall_KB968930$\about_switch.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 11909 -c----w- c:\windows\$968930Uinstall_KB968930$\about_signing.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 2062 -c----w- c:\windows\$968930Uinstall_KB968930$\about_reserved_words.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 5045 -c----w- c:\windows\$968930Uinstall_KB968930$\about_pssnapins.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 3040 -c----w- c:\windows\$968930Uinstall_KB968930$\about_quoting_rules.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 1782 -c----w- c:\windows\$968930Uinstall_KB968930$\about_redirection.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 2177 -c----w- c:\windows\$968930Uinstall_KB968930$\about_ref.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 3594 -c----w- c:\windows\$968930Uinstall_KB968930$\about_parsing.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 5369 -c----w- c:\windows\$968930Uinstall_KB968930$\about_path_syntax.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 3367 -c----w- c:\windows\$968930Uinstall_KB968930$\about_if.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 2896 -c----w- c:\windows\$968930Uinstall_KB968930$\about_line_editing.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 5102 -c----w- c:\windows\$968930Uinstall_KB968930$\about_history.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 5121 -c----w- c:\windows\$968930Uinstall_KB968930$\about_for.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 9652 -c----w- c:\windows\$968930Uinstall_KB968930$\about_foreach.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 1003 -c----w- c:\windows\$968930Uinstall_KB968930$\about_continue.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 1819 -c----w- c:\windows\$968930Uinstall_KB968930$\about_core_commands.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 2302 -c----w- c:\windows\$968930Uinstall_KB968930$\about_commonparameters.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 9818 -c----w- c:\windows\$968930Uinstall_KB968930$\about_comparison_operators.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 4561 -c----w- c:\windows\$968930Uinstall_KB968930$\about_break.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 2615 -c----w- c:\windows\$968930Uinstall_KB968930$\about_command_syntax.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 15137 -c----w- c:\windows\$968930Uinstall_KB968930$\about_assignment_operators.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 3907 -c----w- c:\windows\$968930Uinstall_KB968930$\about_automatic_variables.help.txt
2010-06-07 16:20 . 2007-06-30 18:48 3504 -c----w- c:\windows\$968930Uinstall_KB968930$\about_arithmetic_operators.help.txt
2010-06-07 16:20 . 2007-06-30 18:49 9216 -c----w- c:\windows\$968930Uinstall_KB968930$\powershell.exe.mui
2010-06-07 16:20 . 2007-06-30 18:49 265939 -c----w- c:\windows\$968930Uinstall_KB968930$\system.management.automation.dll-help.xml
2010-06-07 16:20 . 2007-06-30 18:49 120106 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.security.dll-help.xml
2010-06-07 16:20 . 2007-06-30 18:49 14558 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.consolehost.dll-help.xml
2010-06-07 16:20 . 2007-06-30 18:49 808787 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.utility.dll-help.xml
2010-06-07 16:20 . 2007-06-30 18:49 886281 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.management.dll-help.xml
2010-06-07 16:20 . 2007-06-30 18:49 129836 -c----w- c:\windows\$968930Uinstall_KB968930$\types.ps1xml
2010-06-07 16:20 . 2010-03-24 20:06 1564672 -c----w- c:\windows\$968930Uinstall_KB968930$\system.management.automation.dll
2010-06-07 16:20 . 2007-06-30 18:49 13540 -c----w- c:\windows\$968930Uinstall_KB968930$\registry.format.ps1xml
2010-06-07 16:20 . 2007-11-01 04:48 20992 -c----w- c:\windows\$968930Uinstall_KB968930$\pwrshsip.dll
2010-06-07 16:20 . 2007-07-01 04:19 13394 -c----w- c:\windows\$968930Uinstall_KB968930$\powershelltrace.format.ps1xml
2010-06-07 16:20 . 2007-06-30 18:49 4608 -c----w- c:\windows\$968930Uinstall_KB968930$\pwrshmsg.dll
2010-06-07 16:20 . 2007-06-30 18:49 65283 -c----w- c:\windows\$968930Uinstall_KB968930$\powershellcore.format.ps1xml
2010-06-07 16:20 . 2007-10-30 09:15 330240 -c----w- c:\windows\$968930Uinstall_KB968930$\powershell.exe
2010-06-07 16:20 . 2010-03-24 20:06 65536 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.security.dll
2010-06-07 16:20 . 2010-03-24 20:06 200704 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.consolehost.dll
2010-06-07 16:20 . 2010-03-24 20:06 294912 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.utility.dll
2010-06-07 16:20 . 2007-06-30 18:48 250197 -c----w- c:\windows\$968930Uinstall_KB968930$\help.format.ps1xml
2010-06-07 16:20 . 2010-03-24 20:06 139264 -c----w- c:\windows\$968930Uinstall_KB968930$\microsoft.powershell.commands.management.dll
2010-06-07 16:20 . 2007-06-30 18:48 60703 -c----w- c:\windows\$968930Uinstall_KB968930$\dotnettypes.format.ps1xml
2010-06-07 16:20 . 2007-06-30 18:48 19730 -c----w- c:\windows\$968930Uinstall_KB968930$\filesystem.format.ps1xml
2010-06-07 16:20 . 2007-06-30 18:48 22120 -c----w- c:\windows\$968930Uinstall_KB968930$\certificate.format.ps1xml
2009-10-09 18:57 . 2009-10-09 18:57 20480 -c----w- c:\windows\$968930Uinstall_KB968930$\PSCustomSetupUtil.exe
2009-10-09 18:56 . 2009-10-09 18:56 9216 -c----w- c:\windows\$968930Uinstall_KB968930$\PSSetupNativeUtils.exe

---- Directory of c:\windows\system32\winrm ----

2009-10-09 20:23 . 2009-10-09 20:23 101442 ------w- c:\windows\system32\winrm\0409\winrm.ini


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-14 148888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PASPortal.lnk - c:\windows\Installer\{7AC82557-3E93-4896-83E0-6BCC1A869F98}\NewShortcut1.exe [2009-9-16 40960]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
2007-03-30 19:26 466944 ----a-w- c:\windows\system32\SsoWindows.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\SWTOOLS\\Apps\\compu\\ctmweb.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/7/2010 10:46 PM 64288]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144]
R2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe [3/30/2007 3:26 PM 3891200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352320]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Mtghouse;Meetinghouse 802.1x Protocol v3.7.1.0;c:\windows\system32\drivers\Mtghouse.sys [6/6/2010 2:19 PM 21395]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/27/2009 7:29 AM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 253952]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [6/27/2009 7:03 AM 2058776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2009 10:43 AM 24652]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/27/2009 6:38 AM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/6/2010 2:58 PM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 12:54 PM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [9/6/2009 7:40 PM 99248]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 PASCO;PASCO PASPORT USB Driver (PSSensor.sys);c:\windows\system32\drivers\PSSensor.sys [3/31/2005 2:31 PM 15744]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/30/2006 2:56 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:42]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 16:54]

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 16:54]

2010-06-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-06-27 16:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: francis.edu\courses
Trusted Zone: francis.edu\localweb
DPF: {A5B7052E-CE47-11D2-8B30-0004ACDA6405} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\07cyprxh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.search.selectedengine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-09 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1822986460-2928300826-2325489661-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,fb,00,ad,53,04,a1,4d,95,15,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,62,fb,00,ad,53,04,a1,4d,95,15,20,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\SsoWindows.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'Explorer.exe'(5220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\TpShocks.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\NWTRAY.EXE
c:\windows\system32\msiexec.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-06-09 19:27:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 23:27
ComboFix2.txt 2010-06-09 15:42

Pre-Run: 53,034,389,504 bytes free
Post-Run: 52,860,125,184 bytes free

- - End Of File - - 14779A422E564D130ED12ECE1F827533

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by Dr Jay on 9th June 2010, 11:53 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14294
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302921
# Likes # Likes : 10

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 10th June 2010, 2:33 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c5cf10ed26541d48be528d3e85f9fb62
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-10 02:22:23
# local_time=2010-06-09 10:22:23 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=113585
# found=3
# cleaned=3
# scan_time=5786
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP2\A0000438.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP2\A0000519.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP5\A0002609.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by Dr Jay on 10th June 2010, 3:58 am

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14294
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302921
# Likes # Likes : 10

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 10th June 2010, 4:49 am

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.0.32.18
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by Dr Jay on 10th June 2010, 7:21 am

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

================

See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Your computer is clean!

Happy Safe Surfing!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14294
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302921
# Likes # Likes : 10

View user profile

Back to top Go down

Re: AV security suite keeps reinstalling

Post by akbst5 on 10th June 2010, 4:11 pm

Thank-you!

akbst5
Novice
Novice

Posts Posts : 11
Joined Joined : 2010-06-08
OS OS : XP
Points Points : 23867
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum