Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

View previous topic View next topic Go down

Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 11th June 2010, 10:22 pm

I had someone fully clean my computer for viruses and I guess he might have missed this one (or it's returning). While I was using the computer, this popped up.

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Backdoor.Tidserv!inf
File: C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
Location: Unknown Storage
Computer: 146611-L3AVW8D
User: SYSTEM
Action taken: Clean failed
Date found: Friday, June 11, 2010 1:53:39 PM

And when I found it during my huge virus problem, Symantec said it had no repair available.

OTL logfile created on: 6/11/2010 5:56:28 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\puawenng.146611-L3AVW8D\Downloads
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 34.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 47.63 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 146611-L3AVW8D
Current User Name: puawenng
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 14:02:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.146611-L3AVW8D\Downloads\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2010/03/08 15:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/04/10 23:28:16 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/16 16:19:22 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/03/16 16:19:22 | 000,636,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2009/03/16 16:19:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/16 16:19:20 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/16 16:19:20 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/27 13:50:42 | 000,573,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/02/27 13:49:22 | 000,233,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/02/27 13:49:12 | 000,118,784 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/02/27 13:47:58 | 000,430,080 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/02/27 13:26:46 | 000,159,744 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/02/27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/01/29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/01/29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/01/15 02:42:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/01/15 02:42:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/01/07 04:03:00 | 000,060,704 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/10/26 18:38:40 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2008/10/26 18:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2008/10/24 15:29:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/10/24 12:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/10/08 02:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/10/06 13:21:30 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/09/30 16:37:28 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/26 12:55:32 | 000,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/08/20 23:04:56 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/08/20 23:04:52 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/08/01 16:29:02 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2008/06/10 16:39:52 | 000,039,976 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2008/06/06 17:35:08 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/06/06 17:00:56 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/03/24 14:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/20 22:25:06 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/20 22:23:07 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 14:02:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.146611-L3AVW8D\Downloads\OTL.exe
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/04/13 14:28:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/16 16:19:22 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/16 16:19:20 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/16 16:19:20 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/27 13:49:22 | 000,233,472 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/02/27 13:49:12 | 000,118,784 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/01/15 02:42:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/10/26 18:38:40 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2008/10/26 18:38:34 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2008/10/26 18:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008/10/24 12:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/10/09 17:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/26 12:55:32 | 000,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/08/20 23:04:52 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/06/10 16:39:52 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/06/06 17:35:08 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/06/06 17:00:56 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/08/16 04:00:00 | 000,247,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/05/27 11:26:41 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 11:26:35 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/11 01:45:32 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100611.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 01:45:31 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100611.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/24 21:59:10 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/09/10 01:17:36 | 000,186,624 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RCUVCMNP.sys -- (5U875UVC)
DRV - [2009/04/13 16:14:14 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/04/13 15:25:39 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/16 16:19:24 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/03/16 16:19:24 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/16 16:19:22 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/16 16:19:22 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/16 16:19:22 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/03/16 16:19:18 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/16 16:19:18 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/03/16 16:19:18 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/03/16 16:19:16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/03/04 10:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/01/15 02:42:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2008/11/26 16:42:06 | 000,256,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/11/21 17:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008/10/26 19:37:18 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/10/06 13:26:52 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/03 00:43:20 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2008/10/02 21:39:18 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/09/25 00:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/10 10:27:50 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/09/10 10:27:50 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/09/10 10:27:50 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/09/10 10:27:50 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/09/02 13:17:10 | 002,472,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (intelkmd)
DRV - [2008/07/11 10:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/06/10 16:39:52 | 000,116,264 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/06/10 16:39:52 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/03/25 15:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 15:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 15:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:01 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:01 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:00 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:00 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:00 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:00 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:22:59 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:22:59 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:22:59 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:22:59 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:22:58 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:22:58 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:22:58 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:22:58 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:22:57 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:22:57 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:22:56 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:22:55 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:22:54 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:22:36 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:22:36 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:22:35 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/17 18:39:44 | 000,178,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/16 04:00:00 | 000,023,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.shu.edu"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 16:53:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/10 16:53:50 | 000,000,000 | ---D | M]

[2009/10/30 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Shu-User\AppData\Roaming\Mozilla\Extensions
[2009/04/13 10:50:22 | 000,000,000 | ---D | M] -- C:\Users\Shu-User\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions
[2010/06/10 16:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 17:07:27 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - Startup: C:\Users\Shu-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shu.edu
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/30 15:53:49 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk - C:\Program Files\RotateImage\RCIMGDIR.exe - (Ricoh co.,Ltd.)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WebDriveTray - hkey= - key= - C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
MsConfig - State: "startup" - 2

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 11th June 2010, 10:24 pm

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 13:45:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/11 13:44:58 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/11 13:44:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/11 13:44:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/11 13:44:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/11 13:44:36 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/11 13:44:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/11 13:44:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/11 13:44:34 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/06/11 13:44:29 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/10 20:42:26 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010/06/10 20:41:22 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/06/10 20:40:44 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/06/10 20:40:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/06/10 20:40:05 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010/06/10 20:40:05 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010/06/10 20:40:05 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/06/10 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/06/10 19:49:45 | 000,000,000 | --SD | C] -- C:\Program Files\Xfire
[2010/06/10 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/10 17:32:11 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/06/10 16:46:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/10 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/10 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Tracing
[2010/06/10 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/10 13:46:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Templates
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Start Menu
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\SendTo
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Recent
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\PrintHood
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\NetHood
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\My Documents
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Local Settings
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Cookies
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Application Data
[2010/06/10 13:33:04 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Desktop
[2010/06/10 13:33:04 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Contacts
[2010/06/10 13:33:04 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.146611-L3AVW8D\AppData
[2010/06/10 13:33:04 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Bluetooth Software
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Videos
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Searches
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Saved Games
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Pictures
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Music
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Links
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Favorites
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Downloads
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Documents
[2010/06/10 13:33:03 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.146611-L3AVW8D\InstallAnywhere
[2010/06/10 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Roaming
[2010/06/10 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Library
[2010/06/10 11:22:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/10 11:22:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/06 21:09:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/04 18:23:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 17:56:09 | 000,000,000 | ---D | C] -- C:\A
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/02 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/30 02:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/25 16:07:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/13 14:08:47 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/11 18:00:43 | 002,621,440 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat
[2010/06/11 17:50:14 | 000,000,299 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/06/11 17:47:51 | 000,128,008 | ---- | M] () -- C:\Users\Shu-User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/11 17:45:07 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 17:45:07 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 17:44:45 | 000,065,536 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/11 17:44:44 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 17:43:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/11 17:43:41 | 000,448,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/11 17:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/11 17:42:32 | 2640,351,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 17:42:31 | 262,660,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/11 17:40:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/11 17:09:59 | 000,000,194 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2010/06/11 13:15:01 | 000,128,008 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/06/10 19:21:20 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/06/10 18:56:05 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/06/10 17:32:16 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/10 17:00:24 | 000,001,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/06/10 14:02:42 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 13:43:25 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/10 11:55:51 | 000,003,670 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/10 11:22:08 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2010/05/27 14:51:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 17:42:31 | 262,660,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/10 20:42:40 | 001,746,986 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010/06/10 19:21:20 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/06/10 17:32:16 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/10 17:00:24 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/06/10 13:43:25 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/10 13:33:30 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 13:33:30 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 13:33:29 | 000,262,144 | -H-- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat.LOG1
[2010/06/10 13:33:29 | 000,065,536 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/10 13:33:29 | 000,000,000 | -H-- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat.LOG2
[2010/06/10 13:33:03 | 000,000,020 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.ini
[2010/06/10 13:33:02 | 002,621,440 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat
[2010/06/10 11:30:49 | 2640,351,232 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/10 11:22:08 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/03 17:55:15 | 000,000,000 | ---- | C] () -- C:\tu0.1
[2010/06/03 01:22:27 | 000,063,360 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/03 01:22:27 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/02 16:46:29 | 000,000,046 | ---- | C] () -- C:\file_id.diz
[2010/03/08 00:08:35 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/11 12:40:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/05 16:41:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/06/05 16:41:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/06/05 16:41:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/04/13 15:48:38 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2009/04/13 15:47:52 | 000,000,299 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/04/13 11:58:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/13 11:58:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/13 11:58:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/13 11:58:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/13 11:54:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/04/13 11:54:41 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/02 22:26:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/26 12:54:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/01/20 22:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/17 19:00:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\wdIconDll.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/02 22:27:04 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/16 16:19:24 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009/04/10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/03/16 16:19:24 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/16 16:19:22 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Teefer2.sys
[2009/03/16 16:19:24 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2010/02/24 21:59:10 | 000,162,048 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:12:53 | 017,326,080 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:12:42 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:12:53 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/10 23:32:48 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 10:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/10/02 21:25:54 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/13 16:50:21 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/13 02:34:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/08 03:52:04 | 000,000,046 | ---- | M] () -- C:\file_id.diz
[2010/06/11 17:42:32 | 2640,351,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 17:42:31 | 2956,009,472 | -HS- | M] () -- C:\pagefile.sys
[2010/01/08 22:19:01 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2009/04/12 20:53:16 | 000,000,323 | ---- | M] () -- C:\SALenApp.ini
[2010/06/11 17:44:06 | 000,137,302 | ---- | M] () -- C:\sysiclog.txt
[2009/10/30 16:06:23 | 000,000,000 | ---- | M] () -- C:\t1os.2
[2010/06/10 17:17:08 | 000,065,132 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_17.15.54_log.txt
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2009/04/13 20:58:57 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

< %PROGRAMFILES%\*. >
[2010/06/10 19:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/03 17:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/06/10 17:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/02 14:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/07/22 03:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/04/12 20:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/06/10 16:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/10 14:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/10/30 15:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chicony Electronics Co.,Ltd
[2009/07/22 03:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/06/10 19:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/30 15:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/22 03:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/06/03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/03/08 00:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/01/07 21:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/15 01:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2010/01/30 23:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2010/04/01 21:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Furcadia
[2009/10/30 15:26:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/12 22:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/03 17:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/30 15:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/06/10 17:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/10 17:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/10/12 11:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/03 17:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2010/06/03 17:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Fingerprint Software
[2009/10/30 15:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Group Limited
[2010/06/10 11:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 13
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/30 15:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2009/10/30 15:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/11 17:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/30 15:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/03 17:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/07 21:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/06/11 17:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/10 13:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/06/03 17:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/06/03 17:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\PCDR5
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Pharos
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\PharosSystems
[2010/06/10 16:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/22 03:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/10/30 15:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/03 17:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\RotateImage
[2010/06/03 17:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/10/30 15:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2010/06/03 01:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/06/03 17:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/07/22 03:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/06/10 20:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/06/10 20:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2009/04/12 22:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2009/07/22 03:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage
[2010/01/07 19:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2006/11/02 09:01:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/03 17:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\WebDrive
[2010/06/03 17:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/06/03 17:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/06/03 17:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/06/03 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
[2010/06/03 17:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/07 17:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/07 17:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/11 17:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/06/03 17:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/22 03:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/03 17:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/06/11 17:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/06/03 17:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/30 15:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/10 19:49:50 | 000,000,000 | --SD | M] -- C:\Program Files\Xfire
[2009/10/30 15:32:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2009/04/13 11:52:37 | 000,000,006 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\AppData\Roaming\desktop.ini


< MD5 for: AGP440.SYS >
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_56890bc4\atapi.sys
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20846_none_dbb64a313d9be26a\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4be07e13\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22191_none_dd6175e33aef8336\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\Drivers\IMSM\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_9d4a7637\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:23:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NETLOGON.DLL.MUI >
[2008/01/20 22:25:16 | 000,009,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\netlogon.dll.mui

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 21:35:11
< End of report >

I have had Malwarebytes scan the infected file and it says there is no infection, but I did scan it with symantec and it was able to find the virus.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 11th June 2010, 11:58 pm

This time I was able to update my Java (I tried before and something was wrong, but I fixed it) I updated Java and ran Symantec on the file that was infected (tcipip.sys) Symantec no longer detected the virus. Is it safe to think it's all clear? Here is another OTL log.

(OTL logfile created on: 6/11/2010 7:39:41 PM - Run 3
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\puawenng.146611-L3AVW8D\Downloads
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 43.71 Gb Free Space | 29.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 146611-L3AVW8D
Current User Name: puawenng
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/11 14:02:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.146611-L3AVW8D\Downloads\OTL.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2010/03/08 15:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/04/10 23:28:16 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/16 16:19:22 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/03/16 16:19:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/16 16:19:20 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/03/16 16:19:20 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/27 13:50:42 | 000,573,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/02/27 13:49:22 | 000,233,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/02/27 13:49:12 | 000,118,784 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/02/27 13:47:58 | 000,430,080 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/02/27 13:26:46 | 000,159,744 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/02/27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/01/29 03:10:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2009/01/29 03:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/01/15 02:42:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/01/15 02:42:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/01/07 04:03:00 | 000,060,704 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2008/10/26 18:38:40 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2008/10/26 18:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2008/10/24 15:29:38 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/10/24 12:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2008/10/08 02:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/10/06 13:21:30 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/09/30 16:37:28 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/26 12:55:32 | 000,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/08/20 23:04:56 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/08/20 23:04:52 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/08/01 16:29:02 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2008/06/10 16:39:52 | 000,039,976 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2008/06/06 17:35:08 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/06/06 17:00:56 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/03/24 14:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/20 22:25:06 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008/01/20 22:23:07 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) -- C:\Program Files\WebDrive\wdService.exe
PRC - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 14:02:14 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\puawenng.146611-L3AVW8D\Downloads\OTL.exe
MOD - [2009/04/10 23:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/08 15:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/04/13 14:28:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/16 16:19:22 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/03/16 16:19:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/16 16:19:20 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/16 16:19:20 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/27 13:49:22 | 000,233,472 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/02/27 13:49:12 | 000,118,784 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/01/15 02:42:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/10/26 18:38:40 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2008/10/26 18:38:34 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2008/10/26 18:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008/10/24 12:32:46 | 000,058,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008/10/09 17:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/26 12:55:32 | 000,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/08/20 23:04:52 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/06/10 16:39:52 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/06/06 17:35:08 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/06/06 17:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/06/06 17:00:56 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/29 17:10:56 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/05/29 17:10:48 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008/04/25 08:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:00:56 | 002,838,528 | ---- | M] (South River Technologies, LLC) [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2007/08/16 04:00:00 | 000,758,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/08/16 04:00:00 | 000,247,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/02/22 15:33:06 | 000,294,912 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/05/27 11:26:41 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/27 11:26:35 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/11 01:45:32 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100611.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 01:45:31 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100611.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/24 21:59:10 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/01/24 14:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/09/21 15:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/09/10 01:17:36 | 000,186,624 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RCUVCMNP.sys -- (5U875UVC)
DRV - [2009/04/13 16:14:14 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/04/13 15:25:39 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/03/16 16:19:24 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/03/16 16:19:24 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/03/16 16:19:22 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/16 16:19:22 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/16 16:19:22 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/03/16 16:19:18 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/16 16:19:18 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/03/16 16:19:18 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/03/16 16:19:16 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/03/04 10:49:22 | 004,232,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2009/01/15 02:42:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2008/11/26 16:42:06 | 000,256,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/11/21 17:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008/10/26 19:37:18 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/10/06 13:26:52 | 000,181,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/03 00:43:20 | 003,881,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2008/10/02 21:39:18 | 000,054,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2008/09/29 10:17:16 | 000,023,848 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2008/09/25 00:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/10 10:27:50 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/09/10 10:27:50 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/09/10 10:27:50 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/09/10 10:27:50 | 000,017,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/09/02 13:17:10 | 002,472,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (intelkmd)
DRV - [2008/07/11 10:47:00 | 000,048,192 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/06/10 16:39:52 | 000,116,264 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/06/10 16:39:52 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/03/26 14:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/03/25 15:41:30 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 15:39:20 | 000,207,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/03/25 15:38:32 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 22:23:01 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:01 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:01 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:00 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:00 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:00 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:00 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:22:59 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:22:59 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:22:59 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:22:59 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:22:58 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:22:58 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:22:58 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:22:58 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:22:57 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:22:57 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:22:56 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:22:55 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:22:55 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:22:54 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:22:36 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:22:36 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:22:35 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/17 18:39:44 | 000,178,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/16 04:00:00 | 000,023,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 16:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 16:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 16:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 16:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 16:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 16:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 16:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 16:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 01:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.shu.edu"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/10 16:53:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 19:22:02 | 000,000,000 | ---D | M]

[2009/10/30 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Shu-User\AppData\Roaming\Mozilla\Extensions
[2009/04/13 10:50:22 | 000,000,000 | ---D | M] -- C:\Users\Shu-User\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions
[2010/06/11 19:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/03 17:07:27 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
[2010/06/11 19:27:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/06/11 19:26:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Users\Shu-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shu.edu
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1024b.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/30 15:53:49 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk - C:\Program Files\RotateImage\RCIMGDIR.exe - (Ricoh co.,Ltd.)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WebDriveTray - hkey= - key= - C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
MsConfig - State: "startup" - 2

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 11th June 2010, 11:58 pm

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 19:27:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/11 19:27:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/11 19:27:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/11 19:22:02 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/11 13:45:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/11 13:44:58 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/11 13:44:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/11 13:44:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/11 13:44:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/11 13:44:36 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/11 13:44:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/06/11 13:44:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/06/11 13:44:34 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/06/11 13:44:29 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/10 20:42:26 | 007,773,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010/06/10 20:41:22 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/06/10 20:40:44 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/06/10 20:40:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/06/10 20:40:05 | 005,010,288 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010/06/10 20:40:05 | 000,415,600 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010/06/10 20:40:05 | 000,294,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/06/10 20:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/06/10 19:49:45 | 000,000,000 | --SD | C] -- C:\Program Files\Xfire
[2010/06/10 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/10 17:32:11 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/06/10 16:46:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/10 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/10 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Tracing
[2010/06/10 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/10 13:46:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Templates
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Start Menu
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\SendTo
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Recent
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\PrintHood
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\NetHood
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\My Documents
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Local Settings
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Cookies
[2010/06/10 13:33:35 | 000,000,000 | -HSD | C] -- C:\Users\puawenng.146611-L3AVW8D\Application Data
[2010/06/10 13:33:04 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Desktop
[2010/06/10 13:33:04 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Contacts
[2010/06/10 13:33:04 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.146611-L3AVW8D\AppData
[2010/06/10 13:33:04 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Bluetooth Software
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Videos
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Searches
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Saved Games
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Pictures
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Music
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Links
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Favorites
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Downloads
[2010/06/10 13:33:03 | 000,000,000 | R--D | C] -- C:\Users\puawenng.146611-L3AVW8D\Documents
[2010/06/10 13:33:03 | 000,000,000 | -H-D | C] -- C:\Users\puawenng.146611-L3AVW8D\InstallAnywhere
[2010/06/10 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Roaming
[2010/06/10 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\puawenng.146611-L3AVW8D\Library
[2010/06/10 11:22:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/10 11:22:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/06 21:09:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/04 18:23:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/03 17:56:09 | 000,000,000 | ---D | C] -- C:\A
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/03 01:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 01:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/06/02 14:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/05/30 02:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/25 16:07:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/13 14:08:47 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/11 19:40:28 | 002,621,440 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat
[2010/06/11 19:26:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/06/11 19:26:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/06/11 19:26:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/06/11 19:26:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/06/11 17:50:14 | 000,000,299 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/06/11 17:47:51 | 000,128,008 | ---- | M] () -- C:\Users\Shu-User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/11 17:45:07 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 17:45:07 | 000,004,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 17:44:45 | 000,065,536 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/11 17:44:44 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/11 17:43:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/11 17:43:41 | 000,448,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/11 17:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/11 17:42:32 | 2640,351,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 17:42:31 | 262,660,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/11 17:40:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/11 17:09:59 | 000,000,194 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2010/06/11 13:15:01 | 000,128,008 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/06/10 19:21:20 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/06/10 18:56:05 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2010/06/10 17:32:16 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/10 17:00:24 | 000,001,150 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/06/10 14:02:42 | 000,524,288 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 13:43:25 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/10 11:55:51 | 000,003,670 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/06/10 11:22:08 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2010/05/27 14:51:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
[2010/05/26 13:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 10:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 17:42:31 | 262,660,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/06/10 20:42:40 | 001,746,986 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010/06/10 19:21:20 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010/06/10 17:32:16 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/10 17:00:24 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/06/10 13:43:25 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/10 13:33:30 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2010/06/10 13:33:30 | 000,524,288 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/06/10 13:33:29 | 000,262,144 | -H-- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat.LOG1
[2010/06/10 13:33:29 | 000,065,536 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/06/10 13:33:29 | 000,000,000 | -H-- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat.LOG2
[2010/06/10 13:33:03 | 000,000,020 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.ini
[2010/06/10 13:33:02 | 002,621,440 | -HS- | C] () -- C:\Users\puawenng.146611-L3AVW8D\ntuser.dat
[2010/06/10 11:30:49 | 2640,351,232 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/10 11:22:08 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/03 17:55:15 | 000,000,000 | ---- | C] () -- C:\tu0.1
[2010/06/03 01:22:27 | 000,063,360 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/03 01:22:27 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/02 16:46:29 | 000,000,046 | ---- | C] () -- C:\file_id.diz
[2010/03/08 00:08:35 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/11 12:40:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/05 16:41:49 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/06/05 16:41:49 | 000,031,232 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/06/05 16:41:49 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009/04/13 15:48:38 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2009/04/13 15:47:52 | 000,000,299 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/04/13 11:58:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/04/13 11:58:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/04/13 11:58:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/04/13 11:58:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/04/13 11:58:34 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/04/13 11:54:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/04/13 11:54:41 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/02 22:26:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/26 12:54:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\BtwNamespaceExt2.dll
[2008/01/20 22:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/17 19:00:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\wdIconDll.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/02 22:27:04 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/16 16:19:24 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009/04/10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/03/16 16:19:24 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll

< %systemroot%\system32\*.exe /lockedfiles >
[2008/10/26 18:38:40 | 000,098,304 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\DTS.exe
[2008/09/29 10:17:54 | 000,038,176 | ---- | M] (Lenovo) Unable to obtain MD5 -- C:\Windows\System32\ibmpmsvc.exe
[2008/09/12 16:04:04 | 000,154,136 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\Windows\System32\igfxpers.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/16 16:19:22 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\Teefer2.sys
[2009/03/16 16:19:24 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WPSDRVnt.sys
[2010/02/24 21:59:10 | 000,162,048 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:12:53 | 017,326,080 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:12:42 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:12:53 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 03:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/10 23:32:48 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 03:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 03:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 03:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 03:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 03:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 03:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 03:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 03:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 03:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 03:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 03:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 03:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 03:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 03:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 10:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/10/02 21:25:54 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/10/18 15:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2009/04/13 16:50:21 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/13 02:34:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/08 03:52:04 | 000,000,046 | ---- | M] () -- C:\file_id.diz
[2010/06/11 17:42:32 | 2640,351,232 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/11 17:42:31 | 2956,009,472 | -HS- | M] () -- C:\pagefile.sys
[2010/01/08 22:19:01 | 000,000,012 | -H-- | M] () -- C:\reachd.cz
[2009/04/12 20:53:16 | 000,000,323 | ---- | M] () -- C:\SALenApp.ini
[2010/06/11 17:44:06 | 000,137,302 | ---- | M] () -- C:\sysiclog.txt
[2009/10/30 16:06:23 | 000,000,000 | ---- | M] () -- C:\t1os.2
[2010/06/10 17:17:08 | 000,065,132 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_10.06.2010_17.15.54_log.txt
[2010/06/03 17:55:15 | 000,000,000 | ---- | M] () -- C:\tu0.1
[2009/04/13 20:58:57 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

< %PROGRAMFILES%\*. >
[2010/06/10 19:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/06/03 17:01:49 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/06/10 17:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/06/02 14:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/07/22 03:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/04/12 20:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/06/10 16:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/10 14:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/10/30 15:19:35 | 000,000,000 | ---D | M] -- C:\Program Files\Chicony Electronics Co.,Ltd
[2009/07/22 03:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/06/10 19:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/10/30 15:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/07/22 03:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/06/03 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/03/08 00:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/01/07 21:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/15 01:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2010/01/30 23:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Firaxis Games
[2010/04/01 21:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\Furcadia
[2009/10/30 15:26:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/12 22:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/03 17:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/30 15:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/06/10 17:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/06/10 17:32:05 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/06/11 19:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/03 17:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2010/06/03 17:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Fingerprint Software
[2009/10/30 15:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo Group Limited
[2010/06/10 11:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 13
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/10/30 15:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/30 15:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Expression
[2009/10/30 15:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/11 17:37:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/30 15:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/03 17:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/07 21:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/10/30 15:30:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/06/11 17:38:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/10 13:43:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/10/30 15:30:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/04/13 09:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/06/03 17:07:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/06/03 17:07:43 | 000,000,000 | ---D | M] -- C:\Program Files\PCDR5
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Pharos
[2009/10/30 15:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\PharosSystems
[2010/06/10 16:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/22 03:17:56 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/10/30 15:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/06/03 17:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\RotateImage
[2010/06/03 17:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/10/30 15:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2010/06/03 01:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2010/06/03 17:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/07/22 03:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/06/10 20:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/06/10 20:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2009/04/12 22:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2009/07/22 03:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage
[2010/01/07 19:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2006/11/02 09:01:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/06/03 17:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\WebDrive
[2010/06/03 17:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/06/03 17:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/06/03 17:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/06/03 17:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
[2010/06/03 17:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/07 17:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/07 17:56:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/11 17:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/06/03 17:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/22 03:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/03 17:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/06/11 17:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/06/03 17:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/01/30 15:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/06/10 19:49:50 | 000,000,000 | --SD | M] -- C:\Program Files\Xfire
[2009/10/30 15:32:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >
[2009/04/13 11:52:37 | 000,000,006 | -HS- | M] () -- C:\Users\puawenng.146611-L3AVW8D\AppData\Roaming\desktop.ini


< MD5 for: AGP440.SYS >
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:22:36 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_56890bc4\atapi.sys
[2008/05/31 02:52:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=1DAD73FA38463227A4CB0B22DBB44F10 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20846_none_dbb64a313d9be26a\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:22:36 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4be07e13\atapi.sys
[2008/05/31 03:22:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=D01C1DBE0A1E5AA679A9F5F323DB79B8 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22191_none_dd6175e33aef8336\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 22:22:54 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\SWTOOLS\Drivers\IMSM\IaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_9d4a7637\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:22:57 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:23:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NETLOGON.DLL.MUI >
[2008/01/20 22:25:16 | 000,009,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\netlogon.dll.mui

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:22:55 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 22:22:58 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 21:42:56 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 04:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-11 21:35:11
< End of report >

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 12th June 2010, 7:16 am

Oh darn it. It seems that another tcpip.sys file was infected (or I was looking at the wrong one the first time).

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 12th June 2010, 9:30 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 12th June 2010, 10:17 pm

ComboFix 10-06-11.01 - puawenng 06/12/2010 18:00:50.2.2 - x86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2519.1278 [GMT -4]
Running from: c:\users\puawenng.146611-L3AVW8D\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\loml.gif
c:\windows\system32\qs.txt

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\temp
2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\temp
2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\temp
2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\Shu-User\AppData\Local\temp
2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\puawenng\AppData\Local\temp
2010-06-12 22:11 . 2010-06-12 22:11 -------- d-----w- c:\users\pcsupport\AppData\Local\temp
2010-06-12 21:57 . 2010-06-12 21:59 -------- d-----w- C:\32788R22FWJFW
2010-06-12 17:17 . 2010-06-12 17:17 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-12 17:17 . 2010-06-12 21:40 -------- d-----w- c:\programdata\NOS
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\RenPy
2010-06-12 02:23 . 2010-06-12 02:23 138056 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-06-12 02:10 . 2010-02-26 17:00 724992 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-06-12 02:10 . 2010-02-26 17:00 1291640 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-06-12 02:03 . 2010-06-12 02:03 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Dragon's Eye Productions
2010-06-11 23:22 . 2010-06-11 23:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-11 17:45 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 17:21 . 2010-06-11 17:21 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Lenovo
2010-06-11 17:14 . 2010-06-11 17:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-06-11 00:50 . 2010-06-11 00:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-06-11 00:43 . 2010-06-12 21:55 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\WTablet
2010-06-11 00:41 . 2007-02-16 14:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-06-11 00:40 . 2009-09-21 19:29 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-06-11 00:40 . 2010-06-11 00:40 -------- d-----w- c:\windows\system32\WTablet
2010-06-11 00:40 . 2010-03-08 19:47 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-06-11 00:40 . 2010-03-08 19:47 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-06-11 00:40 . 2010-03-08 19:40 294400 ----a-w- c:\windows\system32\Wintab32.dll
2010-06-11 00:40 . 2010-06-11 00:41 -------- d-----w- c:\program files\Tablet
2010-06-10 23:49 . 2010-06-10 23:50 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Xfire
2010-06-10 23:49 . 2010-06-10 23:49 -------- d-s---w- c:\program files\Xfire
2010-06-10 23:42 . 2005-10-15 05:00 4694016 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 57344 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_animate_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 450560 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_stc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 33792 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 23040 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gizmos_xrc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 151552 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gizmos_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 471040 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_stc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 4706304 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 45056 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_gl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 323584 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_ogl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 139264 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_gizmos_vc.dll
2010-06-10 23:30 . 2006-03-30 15:00 3706880 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\CvGameCoreDLL.dll
2010-06-10 23:28 . 2006-02-10 11:04 59904 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\zlib1.dll
2010-06-10 23:28 . 2005-10-15 05:09 66048 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\vort_dls.dll
2010-06-10 23:28 . 2005-10-15 05:08 1867776 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\python24.dll
2010-06-10 23:28 . 2006-03-30 15:21 9183232 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\PitBoss.exe
2010-06-10 23:28 . 2005-10-15 05:08 387072 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Mss32.dll
2010-06-10 23:28 . 2005-10-15 05:08 57344 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\hapdbg.dll
2010-06-10 23:28 . 2005-10-15 05:07 640000 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\dbghelp.dll
2010-06-10 23:27 . 2006-03-30 14:51 11747976 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
2010-06-10 23:27 . 2006-02-10 11:03 193024 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\binkw32.dll
2010-06-10 23:27 . 2005-10-15 05:05 176128 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\boost_python-vc71-mt-1_32.dll
2010-06-10 23:27 . 2006-12-19 17:22 552214 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\ISSetup.dll
2010-06-10 23:27 . 2006-05-24 17:10 455600 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
2010-06-10 23:27 . 2006-05-17 16:21 373680 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\_setup.dll
2010-06-10 23:27 . 2010-06-10 23:27 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information
2010-06-10 23:27 . 2010-06-10 23:27 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games
2010-06-10 23:22 . 2010-06-10 23:21 53632 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-10 23:21 . 2010-06-10 23:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 22:56 . 2010-06-10 22:56 10134 ----a-r- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-10 21:32 . 2010-06-10 21:32 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Apple Computer
2010-06-10 21:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-10 21:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-10 20:51 . 2010-06-10 20:51 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Apple
2010-06-10 20:30 . 2010-06-10 20:30 -------- d-----w- c:\programdata\McAfee
2010-06-10 18:16 . 2010-06-12 21:57 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\Tracing
2010-06-10 18:11 . 2010-06-10 18:11 -------- d-----w- c:\program files\CCleaner
2010-06-10 17:43 . 2010-06-10 17:43 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Malwarebytes
2010-06-10 17:35 . 2010-06-12 17:17 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Adobe
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\ATI
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Roxio
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Mozilla
2010-06-10 17:32 . 2010-06-11 00:42 -------- d-----w- c:\users\puawenng.146611-L3AVW8D
2010-06-10 15:59 . 2010-06-10 15:59 439816 ----a-w- c:\users\puawenng.SHU.000\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-10 15:40 . 2010-06-10 15:40 -------- d-----w- c:\users\pcsupport\AppData\Roaming\Malwarebytes
2010-06-10 15:22 . 2010-06-10 15:22 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Roaming\Malwarebytes
2010-06-10 15:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 15:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 01:00 . 2010-06-07 01:00 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Lenovo
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Adobe
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\ATI
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Roxio
2010-06-06 18:15 . 2010-06-06 18:15 128008 ----a-w- c:\users\puawenng.SHU.000\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-03 22:57 . 2010-06-08 04:06 680 ----a-w- c:\users\puawenng.SHU.000\AppData\Local\d3d9caps.dat
2010-06-03 22:02 . 2010-06-03 22:02 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Mozilla
2010-06-03 21:59 . 2010-06-10 15:56 -------- d-----w- c:\users\puawenng.SHU.000
2010-06-03 21:56 . 2010-06-03 21:56 -------- d-----w- c:\users\puawenng.SHU
2010-06-03 21:56 . 2010-06-03 21:56 -------- d-----w- C:\A
2010-06-03 05:22 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\program files\Spyware Doctor
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PC Tools
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\programdata\PC Tools
2010-06-03 05:09 . 2010-06-08 00:55 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\jdunfugwy
2010-06-02 18:48 . 2010-06-02 18:48 -------- d-----w- c:\program files\Ask.com
2010-06-02 18:47 . 2010-06-02 22:48 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\BitTorrent
2010-05-30 06:31 . 2010-05-30 06:31 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 20:07 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 20:06 . 2010-05-24 20:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 07:22 . 2009-04-13 01:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-12 02:23 . 2010-03-08 04:08 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-12 02:23 . 2010-03-08 04:08 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-12 02:23 . 2010-03-08 04:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-12 02:23 . 2010-03-08 04:08 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-12 02:03 . 2010-01-09 01:30 -------- d-----w- c:\program files\Furcadia
2010-06-11 23:10 . 2009-04-13 15:40 -------- d-----w- c:\program files\Java
2010-06-11 21:47 . 2009-04-12 22:13 128008 ----a-w- c:\users\Shu-User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 21:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 21:39 . 2010-01-07 15:42 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-11 21:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-11 21:37 . 2009-10-12 14:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 21:29 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 17:15 . 2009-04-13 19:54 128008 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-11 17:13 . 2009-04-12 22:11 8224 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 00:43 . 2010-02-08 02:18 -------- d-----w- c:\program files\TabletPlugins
2010-06-10 23:21 . 2010-01-24 18:19 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-10 23:21 . 2010-01-08 18:23 -------- d-----w- c:\programdata\Electronic Arts
2010-06-10 21:33 . 2010-06-10 17:33 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Apple Computer
2010-06-10 21:32 . 2009-04-13 15:35 -------- d-----w- c:\program files\iTunes
2010-06-10 21:31 . 2009-04-13 15:35 -------- d-----w- c:\program files\iPod
2010-06-10 21:31 . 2009-04-13 15:34 -------- d-----w- c:\program files\Common Files\Apple
2010-06-10 21:30 . 2010-02-08 02:14 -------- d-----w- c:\program files\Apple Software Update
2010-06-10 20:53 . 2009-04-13 15:35 -------- d-----w- c:\program files\QuickTime
2010-06-10 20:46 . 2009-04-13 15:35 -------- d-----w- c:\program files\Bonjour
2010-06-10 15:22 . 2010-01-08 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 21:16 . 2009-04-13 18:54 -------- d-----w- c:\windows\Fonts\Fonts
2010-06-03 21:09 . 2009-04-13 18:26 -------- d-----w- c:\programdata\FLEXnet
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-03 21:09 . 2009-04-13 19:47 -------- d-----w- c:\program files\Windows Imaging
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-03 21:09 . 2009-04-13 15:27 -------- d-----w- c:\program files\WebDrive
2010-06-03 21:08 . 2009-04-13 19:24 -------- d-----w- c:\program files\Symantec
2010-06-03 21:08 . 2009-04-13 15:50 -------- d-----w- c:\program files\Roxio
2010-06-03 21:08 . 2009-04-13 01:02 -------- d-----w- c:\program files\RotateImage
2010-06-03 21:07 . 2009-04-13 01:58 -------- d-----w- c:\program files\PCDR5
2010-06-03 21:07 . 2009-04-13 01:31 -------- d-----w- c:\program files\NetWaiting
2010-06-03 21:07 . 2009-04-13 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-06-03 21:05 . 2009-04-13 01:12 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-06-03 21:05 . 2009-04-13 01:16 -------- d-----w- c:\program files\Lenovo
2010-06-03 21:04 . 2009-04-13 01:32 -------- d-----w- c:\program files\Digital Line Detect
2010-06-03 21:04 . 2009-04-13 19:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-03 21:04 . 2009-04-13 15:50 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-06-03 21:04 . 2009-04-13 15:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-03 21:04 . 2009-04-13 15:47 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-03 21:03 . 2009-04-13 15:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-03 21:03 . 2009-04-13 01:27 -------- d-----w- c:\program files\Common Files\Lenovo
2010-06-03 21:01 . 2009-04-13 18:30 -------- d-----w- c:\program files\Adobe Media Player
2010-05-27 01:52 . 2010-03-06 00:22 439816 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-26 17:06 . 2010-06-11 17:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 17:44 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2010-04-11 19:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 17:59 . 2010-01-10 17:29 7512 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\d3d9caps.dat
2010-05-04 19:15 . 2010-06-11 17:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 17:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 17:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 00:44 . 2010-03-08 04:08 138056 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-04-23 00:44 . 2010-03-08 04:08 138056 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-21 18:08 . 2010-03-21 18:08 111 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-11-14 357400]
"TpShocks"="TpShocks.exe" [2008-08-01 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-27 430080]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-27 159744]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-16 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-12 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-12 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\users\Shu-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3443049147-1905892195-2501515390-30300\scripts\Logon\0\0]
"script"=MapSDrive.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-13 15:38 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2008-01-17 23:01 3039232 ------w- c:\program files\WebDrive\webdrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f0,89,18,c0,b6,ea,c9,01

R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-03-16 23888]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-06-10 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-15 66848]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-10-24 58736]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2008-01-17 178176]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-09-10 186624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-10-03 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-10-03 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-26 482176]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-09-10 29736]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Shu-User\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-12 18:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc27A3D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-12 18:14:26
ComboFix-quarantined-files.txt 2010-06-12 22:14

Pre-Run: 41,000,583,168 bytes free
Post-Run: 41,605,505,024 bytes free

- - End Of File - - 1272933E96BE206C5A6F92197E51BBE8

The first time I tried to run Combofix, it gave me the blue screen of death. There was mention in the blue screen with a file called catchme.sys. The second time, the scanning actually went through.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 13th June 2010, 12:44 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 13th June 2010, 2:50 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4c94c1f6dcd3a1489fec7225370e6098
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-13 02:47:49
# local_time=2010-06-12 10:47:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776637 100 100 0 112999695 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260767
# found=2
# cleaned=2
# scan_time=5062
C:\USBNoRisk\UsbNoRisk.txt INF/Autorun virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\puawenng\Documents\WebDrive\Backup\Myweb\autorun.inf INF/Autorun virus (deleted - quarantined) 00000000000000000000000000000000 C

I don't think it found the virus but it did find those two which I don't think are the same. While this scan was running, Symantec was still saying that backdoor was still in the system.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 13th June 2010, 2:42 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 13th June 2010, 10:23 pm

Access Help
Acrobat.com
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9 Pro
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Contribute CS4
Adobe Contribute CS4
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Photoshop 7.0
Adobe Photoshop Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Premiere Elements 7.0 Templates
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Soundbooth CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Uninstaller
Bonjour
Catalyst Control Center - Branding
CCleaner
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Conexant HD Audio
Connect
DirectXInstallService
Drag-to-Disc
EA Download Manager
EA Download Manager UI
EA Download Manager UI
ESET Online Scanner v3
Furcadia
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Camera Driver Installer Package Ver.1.25.500.0
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Management Engine Interface
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel® Active Management Technology
InterVideo WinDVD
iTunes
Java(TM) 6 Update 20
kuler
Lenovo Fingerprint Software
Lenovo System Interface Driver
Lenovo System Toolbox
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Maple 13
Message Center Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
On Screen Display
Pharos
Photoshop Camera Raw
Presentation Director
Productivity Center Supplement for ThinkPad
PunkBuster Services
QuickTime
RE: Alistair++ 1
RealPlayer
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Suite Shared Configuration CS4
Symantec Endpoint Protection
System Update
The Sims™ 3
ThinkPad Bluetooth with Enhanced Data Rate Software 6.1.0.5100
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Mobility Center Customization
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Status Gadget
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Wacom Tablet
WebDrive
WebTablet IE Plugin
WebTablet Netscape Plugin
WIMGAPI
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Xfire (remove only)

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 14th June 2010, 12:45 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 14th June 2010, 6:11 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:Access is denied.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4c94c1f6dcd3a1489fec7225370e6098
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-14 06:09:57
# local_time=2010-06-14 02:09:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776637 100 100 0 113098437 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260541
# found=0
# cleaned=0
# scan_time=4848

The scan hasn't detected it, but Symantec was still able to detect the virus.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 14th June 2010, 11:44 pm

Does Symantec say where it's located on the machine?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 15th June 2010, 1:24 am

Yes, it's located right here.

File: C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 15th June 2010, 8:51 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    tcpip.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 15th June 2010, 9:03 pm

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:59 on 15/06/2010 by puawenng (Administrator - Elevation successful)

========== filefind ==========

Searching for "tcpip.sys"
C:\Windows\ERDNT\cache\tcpip.sys --a--- 904776 bytes [22:12 12/06/2010] [16:27 14/08/2009] 65877AA1B6A7CB797488E831698973E9
C:\Windows\System32\drivers\tcpip.sys ------ 904776 bytes [13:39 12/10/2009] [16:27 14/08/2009] 65877AA1B6A7CB797488E831698973E9
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys ------ 891448 bytes [02:24 21/01/2008] [02:24 21/01/2008] FC6E2835D667774D409C7C7021EAF9C4
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys ------ 891448 bytes [13:03 13/04/2009] [08:26 26/04/2008] 82E266BEE5F0167E41C6ECFDD2A79C02
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys ------ 897608 bytes [13:39 12/10/2009] [17:07 14/08/2009] 8A7AD2A214233F684242F289ED83EBC3
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys --a--- 897624 bytes [20:20 10/02/2010] [20:52 08/12/2009] 1ACBB7A47E78F4CC82D2EFFB72901528
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys --a--- 898952 bytes [18:50 14/04/2010] [14:49 18/02/2010] 2EAE4500984C2F8DACFB977060300A15
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys ------ 891448 bytes [13:03 13/04/2009] [08:08 26/04/2008] 01EC1E92595F839BEE70D439C46796E3
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys ------ 900168 bytes [13:39 12/10/2009] [17:01 14/08/2009] 2608E71AAD54564647D4BB984E1925AA
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys --a--- 900696 bytes [20:20 10/02/2010] [20:37 08/12/2009] 5653230D480A9C54D169E1B080B72CF5
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys --a--- 902024 bytes [18:50 14/04/2010] [17:36 18/02/2010] 93A5655CD9CD2F080EF1CB71A3666215
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys ------ 897000 bytes [16:39 11/06/2009] [03:33 11/04/2009] 0E6B0885C3D5E4643ED2D043DE3433D8
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys ------ 904776 bytes [13:39 12/10/2009] [16:27 14/08/2009] 65877AA1B6A7CB797488E831698973E9
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys --a--- 904776 bytes [20:20 10/02/2010] [20:01 08/12/2009] DA467E7619AE5F4588E6262C13C8940A
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys --a--- 904576 bytes [18:50 14/04/2010] [14:07 18/02/2010] (Unable to calculate MD5)
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys ------ 905784 bytes [13:39 12/10/2009] [16:33 14/08/2009] FF71856BD4CD6D4367F9FD84BE79A874
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys --a--- 907832 bytes [20:20 10/02/2010] [20:15 08/12/2009] 46E6685F3E92AEC743773ADD4CD54F57
C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys --a--- 910216 bytes [18:50 14/04/2010] [14:22 18/02/2010] D9F5DD5BBC8348E8F8220CCBF14C022E
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys ------ 813568 bytes [13:39 12/10/2009] [14:24 14/08/2009] 300208927321066EA53761FDC98747C6
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys --a--- 813568 bytes [20:20 10/02/2010] [17:58 08/12/2009] 8734BD051FFDCBF8425CF222141C3741
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys --a--- 815104 bytes [18:50 14/04/2010] [12:05 18/02/2010] 4A82FA8F0DF67AA354580C3FAAF8BDE3
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys ------ 816640 bytes [13:39 12/10/2009] [21:30 15/08/2009] 2512B4D1353370D6688B1AF1F5AFA1CF
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys --a--- 816640 bytes [20:20 10/02/2010] [17:45 08/12/2009] CA3A5756672013A66BB9D547A5A62DCA
C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys --a--- 818688 bytes [18:50 14/04/2010] [11:51 18/02/2010] 2C1F7005AA3B62721BFDB307BD5F5010

-=End Of File=-

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 15th June 2010, 9:07 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    File::
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 15th June 2010, 9:26 pm

ComboFix 10-06-15.02 - puawenng 06/15/2010 17:14:52.4.2 - x86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2519.1111 [GMT -4:00]
Running from: c:\users\puawenng.146611-L3AVW8D\Desktop\ComboFix.exe
Command switches used :: c:\users\puawenng.146611-L3AVW8D\Desktop\CFscript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys

.
((((((((((((((((((((((((( Files Created from 2010-05-15 to 2010-06-15 )))))))))))))))))))))))))))))))
.

2010-06-15 21:11 . 2010-06-15 21:13 -------- d-----w- C:\32788R22FWJFW
2010-06-15 03:27 . 2010-06-15 03:27 63488 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-15 03:27 . 2010-06-15 03:27 52224 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-15 03:27 . 2010-06-15 03:27 117760 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-15 03:26 . 2010-06-15 03:26 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\SUPERAntiSpyware.com
2010-06-14 16:07 . 2010-06-14 16:07 -------- d-----w- c:\users\pcsupport\AppData\Roaming\Apple Computer
2010-06-14 16:06 . 2010-06-14 16:06 -------- d-----w- c:\users\pcsupport\AppData\Roaming\WTablet
2010-06-14 15:53 . 2010-06-14 15:53 680 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\d3d9caps.dat
2010-06-12 17:17 . 2010-06-12 17:17 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-12 17:17 . 2010-06-12 21:40 -------- d-----w- c:\programdata\NOS
2010-06-12 02:29 . 2010-06-12 02:29 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\RenPy
2010-06-12 02:23 . 2010-06-12 02:23 138056 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-06-12 02:10 . 2010-02-26 17:00 724992 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-06-12 02:10 . 2010-02-26 17:00 1291640 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-06-12 02:03 . 2010-06-12 02:03 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Dragon's Eye Productions
2010-06-11 23:22 . 2010-06-11 23:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-11 17:45 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 17:21 . 2010-06-11 17:21 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Lenovo
2010-06-11 17:14 . 2010-06-11 17:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-06-11 00:50 . 2010-06-11 00:50 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2010-06-11 00:43 . 2010-06-15 20:36 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\WTablet
2010-06-11 00:41 . 2007-02-16 14:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-06-11 00:40 . 2009-09-21 19:29 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-06-11 00:40 . 2010-06-11 00:40 -------- d-----w- c:\windows\system32\WTablet
2010-06-11 00:40 . 2010-03-08 19:47 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2010-06-11 00:40 . 2010-03-08 19:47 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-06-11 00:40 . 2010-03-08 19:40 294400 ----a-w- c:\windows\system32\Wintab32.dll
2010-06-11 00:40 . 2010-06-11 00:41 -------- d-----w- c:\program files\Tablet
2010-06-10 23:49 . 2010-06-10 23:50 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Xfire
2010-06-10 23:49 . 2010-06-10 23:49 -------- d-s---w- c:\program files\Xfire
2010-06-10 23:42 . 2005-10-15 05:00 4694016 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 57344 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_animate_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 450560 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_stc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 33792 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 23040 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gizmos_xrc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 151552 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw26h_gizmos_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 471040 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_stc_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 4706304 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 45056 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_gl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 323584 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_ogl_vc.dll
2010-06-10 23:42 . 2005-10-15 05:00 139264 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\Python\System\wx\wxmsw253h_gizmos_vc.dll
2010-06-10 23:30 . 2006-03-30 15:00 3706880 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Assets\CvGameCoreDLL.dll
2010-06-10 23:28 . 2006-02-10 11:04 59904 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\zlib1.dll
2010-06-10 23:28 . 2005-10-15 05:09 66048 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\vort_dls.dll
2010-06-10 23:28 . 2005-10-15 05:08 1867776 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\python24.dll
2010-06-10 23:28 . 2006-03-30 15:21 9183232 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\PitBoss.exe
2010-06-10 23:28 . 2005-10-15 05:08 387072 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Mss32.dll
2010-06-10 23:28 . 2005-10-15 05:08 57344 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\hapdbg.dll
2010-06-10 23:28 . 2005-10-15 05:07 640000 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\dbghelp.dll
2010-06-10 23:27 . 2006-03-30 14:51 11747976 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe
2010-06-10 23:27 . 2006-02-10 11:03 193024 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\binkw32.dll
2010-06-10 23:27 . 2005-10-15 05:05 176128 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\boost_python-vc71-mt-1_32.dll
2010-06-10 23:27 . 2006-12-19 17:22 552214 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\ISSetup.dll
2010-06-10 23:27 . 2006-05-24 17:10 455600 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
2010-06-10 23:27 . 2006-05-17 16:21 373680 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\_setup.dll
2010-06-10 23:27 . 2010-06-10 23:27 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\InstallShield Installation Information
2010-06-10 23:27 . 2010-06-10 23:27 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Firaxis Games
2010-06-10 23:22 . 2010-06-10 23:21 53632 ----a-w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-10 23:21 . 2010-06-10 23:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 22:56 . 2010-06-10 22:56 10134 ----a-r- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-06-10 21:32 . 2010-06-10 21:32 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Apple Computer
2010-06-10 21:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-10 21:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-10 20:51 . 2010-06-10 20:51 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Apple
2010-06-10 20:30 . 2010-06-10 20:30 -------- d-----w- c:\programdata\McAfee
2010-06-10 18:16 . 2010-06-15 20:38 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\Tracing
2010-06-10 18:11 . 2010-06-10 18:11 -------- d-----w- c:\program files\CCleaner
2010-06-10 17:43 . 2010-06-10 17:43 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Malwarebytes
2010-06-10 17:35 . 2010-06-12 17:17 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Adobe
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\ATI
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Roxio
2010-06-10 17:35 . 2010-06-10 17:35 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Local\Mozilla
2010-06-10 17:32 . 2010-06-11 00:42 -------- d-----w- c:\users\puawenng.146611-L3AVW8D
2010-06-10 15:59 . 2010-06-10 15:59 439816 ----a-w- c:\users\puawenng.SHU.000\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-10 15:40 . 2010-06-10 15:40 -------- d-----w- c:\users\pcsupport\AppData\Roaming\Malwarebytes
2010-06-10 15:22 . 2010-06-10 15:22 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Roaming\Malwarebytes
2010-06-10 15:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 15:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 01:00 . 2010-06-07 01:00 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Lenovo
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Adobe
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\ATI
2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Roxio
2010-06-06 18:15 . 2010-06-06 18:15 128008 ----a-w- c:\users\puawenng.SHU.000\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-03 22:57 . 2010-06-08 04:06 680 ----a-w- c:\users\puawenng.SHU.000\AppData\Local\d3d9caps.dat
2010-06-03 22:02 . 2010-06-03 22:02 -------- d-----w- c:\users\puawenng.SHU.000\AppData\Local\Mozilla
2010-06-03 21:59 . 2010-06-10 15:56 -------- d-----w- c:\users\puawenng.SHU.000
2010-06-03 21:56 . 2010-06-12 22:14 -------- d-----w- c:\users\puawenng.SHU
2010-06-03 21:56 . 2010-06-03 21:56 -------- d-----w- C:\A
2010-06-03 05:22 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\program files\Spyware Doctor
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PC Tools
2010-06-03 05:22 . 2010-06-03 05:22 -------- d-----w- c:\programdata\PC Tools
2010-06-03 05:09 . 2010-06-08 00:55 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\jdunfugwy
2010-06-02 18:48 . 2010-06-02 18:48 -------- d-----w- c:\program files\Ask.com
2010-06-02 18:47 . 2010-06-02 22:48 -------- d-----w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\BitTorrent
2010-05-30 06:31 . 2010-05-30 06:31 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 20:07 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 20:06 . 2010-05-24 20:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-15 04:54 . 2009-04-13 01:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-14 16:07 . 2009-04-13 19:54 128008 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-14 16:06 . 2009-04-13 19:54 8224 ----a-w- c:\users\pcsupport\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-13 01:22 . 2010-06-13 01:22 -------- d-----w- c:\program files\ESET
2010-06-12 02:23 . 2010-03-08 04:08 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-12 02:23 . 2010-03-08 04:08 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-12 02:23 . 2010-03-08 04:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-12 02:23 . 2010-03-08 04:08 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-06-12 02:03 . 2010-01-09 01:30 -------- d-----w- c:\program files\Furcadia
2010-06-11 23:10 . 2009-04-13 15:40 -------- d-----w- c:\program files\Java
2010-06-11 21:47 . 2009-04-12 22:13 128008 ----a-w- c:\users\Shu-User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 21:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 21:39 . 2010-01-07 15:42 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-11 21:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-11 21:37 . 2009-10-12 14:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 21:29 . 2009-04-13 14:32 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 17:13 . 2009-04-12 22:11 8224 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 00:43 . 2010-02-08 02:18 -------- d-----w- c:\program files\TabletPlugins
2010-06-10 23:21 . 2010-01-24 18:19 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-06-10 23:21 . 2010-01-08 18:23 -------- d-----w- c:\programdata\Electronic Arts
2010-06-10 21:33 . 2010-06-10 17:33 -------- d-----w- c:\users\puawenng.146611-L3AVW8D\AppData\Roaming\Apple Computer
2010-06-10 21:32 . 2009-04-13 15:35 -------- d-----w- c:\program files\iTunes
2010-06-10 21:31 . 2009-04-13 15:35 -------- d-----w- c:\program files\iPod
2010-06-10 21:31 . 2009-04-13 15:34 -------- d-----w- c:\program files\Common Files\Apple
2010-06-10 21:30 . 2010-02-08 02:14 -------- d-----w- c:\program files\Apple Software Update
2010-06-10 20:53 . 2009-04-13 15:35 -------- d-----w- c:\program files\QuickTime
2010-06-10 20:46 . 2009-04-13 15:35 -------- d-----w- c:\program files\Bonjour
2010-06-10 15:22 . 2010-01-08 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-03 21:16 . 2009-04-13 18:54 -------- d-----w- c:\windows\Fonts\Fonts
2010-06-03 21:09 . 2009-04-13 18:26 -------- d-----w- c:\programdata\FLEXnet
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-03 21:09 . 2009-04-13 19:47 -------- d-----w- c:\program files\Windows Imaging
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-03 21:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-03 21:09 . 2009-04-13 15:27 -------- d-----w- c:\program files\WebDrive
2010-06-03 21:08 . 2009-04-13 19:24 -------- d-----w- c:\program files\Symantec
2010-06-03 21:08 . 2009-04-13 15:50 -------- d-----w- c:\program files\Roxio
2010-06-03 21:08 . 2009-04-13 01:02 -------- d-----w- c:\program files\RotateImage
2010-06-03 21:07 . 2009-04-13 01:58 -------- d-----w- c:\program files\PCDR5
2010-06-03 21:07 . 2009-04-13 01:31 -------- d-----w- c:\program files\NetWaiting
2010-06-03 21:07 . 2009-04-13 14:36 -------- d-----w- c:\program files\Microsoft Works
2010-06-03 21:05 . 2009-04-13 01:12 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-06-03 21:05 . 2009-04-13 01:16 -------- d-----w- c:\program files\Lenovo
2010-06-03 21:04 . 2009-04-13 01:32 -------- d-----w- c:\program files\Digital Line Detect
2010-06-03 21:04 . 2009-04-13 19:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-03 21:04 . 2009-04-13 15:50 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-06-03 21:04 . 2009-04-13 15:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-06-03 21:04 . 2009-04-13 15:47 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-06-03 21:03 . 2009-04-13 15:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-03 21:03 . 2009-04-13 01:27 -------- d-----w- c:\program files\Common Files\Lenovo
2010-06-03 21:01 . 2009-04-13 18:30 -------- d-----w- c:\program files\Adobe Media Player
2010-05-27 01:52 . 2010-03-06 00:22 439816 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-26 17:06 . 2010-06-11 17:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 17:44 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 18:14 . 2010-04-11 19:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-16 17:59 . 2010-01-10 17:29 7512 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\d3d9caps.dat
2010-05-04 19:15 . 2010-06-11 17:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-11 17:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-11 17:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 00:44 . 2010-03-08 04:08 138056 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-04-23 00:44 . 2010-03-08 04:08 138056 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Roaming\PnkBstrK.sys
2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-21 18:08 . 2010-03-21 18:08 111 ----a-w- c:\users\puawenng.146611_L3AVW8D\AppData\Local\fusioncache.dat
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:57 . 2010-06-15 20:38 67380 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-04-12 22:12 . 2010-06-14 15:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-12 22:12 . 2010-06-15 20:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-12 22:12 . 2010-06-14 15:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-12 22:12 . 2010-06-15 20:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-12 22:12 . 2010-06-15 20:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-12 22:12 . 2010-06-14 15:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-07 22:30 . 2010-06-15 04:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-07 22:30 . 2010-06-13 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-07 22:30 . 2010-06-15 04:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-07 22:30 . 2010-06-13 01:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-07 22:30 . 2010-06-13 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-07 22:30 . 2010-06-15 04:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-13 23:58 . 2010-06-14 16:07 5614 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4113361485-2226430617-2888252860-500_UserData.bin
- 2010-06-14 15:14 . 2010-06-14 15:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-15 20:36 . 2010-06-15 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-14 15:14 . 2010-06-14 15:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-15 20:36 . 2010-06-15 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-13 00:47 . 2010-06-14 19:43 364850 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:04 . 2010-06-15 20:38 108968 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:22 . 2010-06-15 04:54 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-06-14 06:15 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-04-13 01:17 . 2010-06-15 04:54 2978064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-06-11 16:38 . 2010-06-15 04:53 42844655 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-11-14 357400]
"TpShocks"="TpShocks.exe" [2008-08-01 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 824616]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-02-27 430080]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-27 159744]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-16 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-12 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-12 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\users\Shu-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3443049147-1905892195-2501515390-30300\Scripts\Logon\0\0]
"Script"=MapSDrive.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-13 15:38 198160 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
2008-01-17 23:01 3039232 ------w- c:\program files\WebDrive\webdrive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f0,89,18,c0,b6,ea,c9,01

R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-07-11 48192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2008-10-26 106496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-03-16 23888]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2008-06-10 19496]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-10-26 1676536]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2008-10-26 98304]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-15 66848]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-08 5010288]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2008-10-24 58736]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-05-29 2058776]
S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2008-01-17 178176]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-09-10 186624]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-10-03 3881472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2008-10-03 54784]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-10-26 482176]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-09-10 29736]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Shu-User\AppData\Roaming\Mozilla\Firefox\Profiles\ouegl7vg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-15 17:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21840.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-15 17:24:28
ComboFix-quarantined-files.txt 2010-06-15 21:24
ComboFix2.txt 2010-06-14 16:01
ComboFix3.txt 2010-06-12 22:14

Pre-Run: 50,540,769,280 bytes free
Post-Run: 50,490,142,720 bytes free

- - End Of File - - AC51DAF19F2838B824EF9BAE7DB46C2C

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 15th June 2010, 10:59 pm

I rescanned my computer and Symantec found it in a folder thing called Qoobox. I realized this is where combofix quarantined the virus. What do I do with it?

Thank you so much for your help though Big Grin I thought I would have ended up having to wipe the computer since it would not go away.

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Belahzur on 17th June 2010, 12:18 am

Delete the Qoobox folder.

Okay, how is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor.Tidserv!inf problem (yes, it's me again. I'm sorry. )

Post by Hikari012 on 17th June 2010, 1:31 am

I have rescanned the computer and I'm virus-free! Big Grin Thank you so much! Thank You!

Hikari012
Intermediate
Intermediate

Posts Posts : 84
Joined Joined : 2009-04-20
OS OS : Windows Vista
Points Points : 28515
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum