Nuqel.E - help requested

View previous topic View next topic Go down

Nuqel.E - help requested

Post by htaikulswat on 24th October 2010, 8:14 am

Hey there, was recently getting the nuqel popups - standard stuff as per other posts.
Killed some entry in registry and the fake antivirus thing hasn't launched so I've been able to navigate around, surf forums etc.
am using chrome at the moment, following log from rkill:



Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\htaikulswat\My Documents\Downloads\rkill.exe


Rkill completed on 24/10/2010 at 19:11:06.

Any help appreciated.
Thanks!

htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - help requested

Post by Sneakyone on 24th October 2010, 12:59 pm

Hi, Welcome to GeekPolice.net!

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

extras.txt

Post by htaikulswat on 25th October 2010, 10:43 am

OTL Extras logfile created on: 25/10/2010 9:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\htaikulswat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 65.65 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: AU72138 | User Name: htaikulswat | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program files\Telstra\Telstra Connection Manager\SwiApiMux.exe" = C:\Program files\Telstra\Telstra Connection Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC3F65-86EB-475E-881F-A5B1CF731320}" = McAfee SiteAdvisor Enterprise Plus
"{014EFADF-1AA8-44D0-B889-D39D77302A62}" = Intel(R) PROSet/Wireless WiFi Software
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{27B3563C-561C-4924-8C0E-EA102264873F}" = Windows Server 2003 Service Pack 2 Administration Tools Pack
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362678B4-6ED5-46E9-A6B2-53EF22159151}" = McAfee Agent
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}" = Collaboration Data Objects 1.2.1
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{40BFDBC7-B4F4-4E7A-B913-36215E160C81}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{DAA91C17-A66E-442B-A5F2-B1E97D197B62}" =
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{DAA91C17-A66E-442B-A5F2-B1E97D197B62}" =
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{DAA91C17-A66E-442B-A5F2-B1E97D197B62}" =
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{DAA91C17-A66E-442B-A5F2-B1E97D197B62}" =
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{DAA91C17-A66E-442B-A5F2-B1E97D197B62}" =
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{38B35412-CCD9-4C74-BE18-76DAA9693113}" =
"{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTD_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{935231C6-A60C-4924-A3A9-9CF7417F4988}" = Steelray Project Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BE6921E1-3E46-4C16-B064-76D9B9BDC35B}" = Folio Views
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8BD1A3B-A0AB-4DBB-BC87-A8736DA619AA}" = ManageSoft for managed devices
"{DA976589-6642-4DF5-8EDE-8B420340DB56}" = ACL Version 8
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VISSTD" = Microsoft Office Visio Standard 2007
"VLC media player" = VLC media player 1.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2010 5:30:39 PM | Computer Name = AU72138 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for AU\htaikulswat failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 15/10/2010 4:44:45 AM | Computer Name = AU72138 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 15/10/2010 4:44:45 AM | Computer Name = AU72138 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 15/10/2010 4:44:47 AM | Computer Name = AU72138 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80072751). A socket operation was attempted to an unreachable
host. Enrollment will not be performed.

Error - 15/10/2010 4:44:52 AM | Computer Name = AU72138 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/10/2010 4:44:52 AM | Computer Name = AU72138 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 39739563

Error - 15/10/2010 4:44:52 AM | Computer Name = AU72138 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 39739563

Error - 15/10/2010 4:45:57 AM | Computer Name = AU72138 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for AU\htaikulswat failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 15/10/2010 4:49:12 AM | Computer Name = AU72138 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/10/2010 4:49:12 AM | Computer Name = AU72138 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2063

[ ManageSoft Events ]
Error - 25/10/2010 6:07:06 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T210706] Failed to run "Apply User Policy" - network connection
required

Error - 25/10/2010 6:07:06 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T210706] Failed to run "Apply Machine Policy" - network connection
required

Error - 25/10/2010 6:29:04 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T212904] Failed to run "Update Client Settings" - network
connection required

Error - 25/10/2010 6:29:04 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T212904] Failed to run "Upload Client Files" - network connection
required

Error - 25/10/2010 6:29:04 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T212904] Failed to run "Upload Client Files" - network connection
required

Error - 25/10/2010 6:29:04 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T212904] Failed to run "Apply Machine Policy" - network connection
required

Error - 25/10/2010 6:35:30 AM | Computer Name = AU72138 | Source = Installation Agent | ID = 65537
Description =

Error - 25/10/2010 6:35:30 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T213530] Failed to run "Update Client Settings" - Program
did not execute successfully

Error - 25/10/2010 6:37:21 AM | Computer Name = AU72138 | Source = Uploading Agent | ID = 65537
Description =

Error - 25/10/2010 6:37:23 AM | Computer Name = AU72138 | Source = Schedule Agent | ID = 65537
Description = [20101025T213723] Failed to run "Upload Client Files" - Program did
not execute successfully

[ OSession Events ]
Error - 05/10/2010 6:07:58 PM | Computer Name = AU72138 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1797
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/10/2010 6:14:32 AM | Computer Name = AU72138 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 24/10/2010 5:17:36 PM | Computer Name = AU72138 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AU due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 24/10/2010 5:17:47 PM | Computer Name = AU72138 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.3 for the Network Card with network address
5CFF350739A8 has been denied by the DHCP server 10.42.94.21 (The DHCP Server sent
a DHCPNACK message).

Error - 24/10/2010 5:17:54 PM | Computer Name = AU72138 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 25/10/2010 6:07:05 AM | Computer Name = AU72138 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mgssecsvc service.

Error - 25/10/2010 6:08:37 AM | Computer Name = AU72138 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 25/10/2010 6:29:06 AM | Computer Name = AU72138 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AU due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 25/10/2010 6:29:11 AM | Computer Name = AU72138 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 25/10/2010 6:33:01 AM | Computer Name = AU72138 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 25/10/2010 6:33:01 AM | Computer Name = AU72138 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

OTL.txt - part 1

Post by htaikulswat on 25th October 2010, 10:45 am

OTL logfile created on: 25/10/2010 9:32:21 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\htaikulswat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 65.65 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: AU72138 | User Name: htaikulswat | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/25 08:26:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\htaikulswat\Desktop\OTL.exe
PRC - [2010/10/13 08:59:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/13 08:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 19:13:30 | 000,090,112 | ---- | M] (Scalable Software, Inc.) -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/12 02:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/05/12 02:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/11 17:22:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2010/04/26 14:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/22 19:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 19:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 19:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 19:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 18:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/04/21 05:55:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/04/16 19:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/03/25 14:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/02/18 17:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2010/02/18 17:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2010/02/18 17:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2010/02/18 17:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2010/01/19 18:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/01/19 17:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/01/19 17:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/06 21:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/12/21 19:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/11 13:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/12/03 18:44:42 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/11/24 14:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/18 15:04:18 | 000,038,248 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/11/11 18:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/08/14 12:45:18 | 000,062,744 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Telstra\Telstra Connection Manager\WaHelper.exe
PRC - [2009/08/13 20:59:22 | 000,562,456 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2009/03/10 17:24:06 | 000,972,096 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
PRC - [2009/03/10 17:24:04 | 001,471,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
PRC - [2009/03/05 17:28:26 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009/02/06 16:39:14 | 000,034,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
PRC - [2009/01/19 17:28:10 | 000,427,272 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
PRC - [2009/01/19 17:28:06 | 002,901,768 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Launcher\ndserv.exe
PRC - [2009/01/19 17:27:38 | 000,712,456 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
PRC - [2009/01/19 16:43:40 | 001,078,784 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Security Agent\mgssecsvc.exe
PRC - [2009/01/19 16:18:36 | 001,406,464 | ---- | M] (ManageSoft Corp) -- C:\Program Files\ManageSoft\Launcher\mgsdl.exe
PRC - [2008/08/04 18:50:14 | 000,368,640 | ---- | M] (DocsCorp Pty Ltd) -- C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe
PRC - [2008/06/09 13:27:56 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/07 20:28:58 | 000,589,824 | ---- | M] (TightVNC Group) -- C:\Program Files\orl\vnc\WinVNC.exe
PRC - [2007/03/02 11:45:32 | 000,978,944 | ---- | M] (Nortel) -- C:\Program Files\Nortel\CallPilot\cpnotifier.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/10/25 08:26:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\htaikulswat\Desktop\OTL.exe
MOD - [2010/09/16 19:13:24 | 000,060,928 | ---- | M] (Scalable Software, Inc.) -- C:\WINDOWS\system32\ssihook7.dll
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/16 20:04:58 | 000,034,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.dll
MOD - [2008/04/14 23:00:00 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll
MOD - [2008/03/13 19:46:22 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/16 19:13:30 | 000,090,112 | ---- | M] (Scalable Software, Inc.) [Unknown | Running] -- C:\Program Files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe -- (SSI Survey Client)
SRV - [2010/09/16 19:13:20 | 000,503,808 | ---- | M] (Scalable Software, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\SCInstallerNT.exe -- (SSI Client Installer)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/12 02:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 02:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/22 19:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 19:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/04/20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/04/07 15:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 13:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2010/03/25 14:20:06 | 000,226,624 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2010/02/18 17:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2010/01/19 18:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 17:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/01/19 17:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/06 21:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 21:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 21:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/11/18 15:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/10/09 13:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/08/27 12:18:38 | 000,032,768 | ---- | M] (Deloitte Touche Tohmatsu) [Auto | Stopped] -- C:\Program Files\Deloitte Touche Tohmatsu\eSpaceReservationMonitorSetup\ReservationMonitor.exe -- (e-Space Reservation Monitor)
SRV - [2009/03/10 17:24:04 | 001,471,808 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2009/02/06 16:39:14 | 000,034,408 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2009/01/19 17:28:06 | 002,901,768 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Launcher\ndserv.exe -- (ndGlobalLauncher)
SRV - [2009/01/19 17:27:38 | 000,712,456 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe -- (ndinit)
SRV - [2009/01/19 16:43:40 | 001,078,784 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Security Agent\mgssecsvc.exe -- (mgssecsvc)
SRV - [2009/01/19 16:18:36 | 001,406,464 | ---- | M] (ManageSoft Corp) [Auto | Running] -- C:\Program Files\ManageSoft\Launcher\mgsdl.exe -- (mgsdl)
SRV - [2007/05/07 20:28:58 | 000,589,824 | ---- | M] (TightVNC Group) [Auto | Running] -- C:\Program Files\orl\vnc\WinVNC.exe -- (winvnc)
SRV - [2007/04/26 12:57:08 | 000,835,584 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Deloitte VPN Client\Extranet_serv.exe -- (ExtranetAccess)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/05/12 02:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 02:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/04/21 05:55:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/31 02:58:18 | 001,756,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/03/26 06:15:54 | 001,988,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2010/01/19 22:50:10 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/01/13 09:24:42 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/01/06 21:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 21:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 21:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/14 18:07:32 | 000,127,232 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2009/12/10 10:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2009/12/03 18:45:24 | 000,230,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/11/18 15:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/10/09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/22 17:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/22 17:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2009/06/30 12:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 12:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 12:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/03/10 17:23:14 | 000,031,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firelm01.sys -- (firelm01)
DRV - [2009/03/10 17:23:10 | 000,144,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FireTDI.sys -- (FireTDI)
DRV - [2009/03/10 17:23:06 | 000,133,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\FirePM.sys -- (FirePM)
DRV - [2009/02/12 15:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/02/06 16:38:56 | 000,035,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPQK.sys -- (HIPQK)
DRV - [2009/02/06 16:38:40 | 000,038,200 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPPSK.sys -- (HIPPSK)
DRV - [2009/02/06 16:38:24 | 000,110,384 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HIPK.sys -- (HIPK)
DRV - [2009/01/14 15:20:02 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/11/21 09:12:33 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2008/10/17 15:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\firehk.sys -- (FirehkMP)
DRV - [2008/10/17 15:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\firehk.sys -- (Firehk)
DRV - [2008/09/19 17:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008/05/12 23:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 21:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 19:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 01:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/08 10:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/26 13:03:02 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/26 13:02:44 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/26 13:02:44 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2005/09/28 18:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/06/13 16:51:24 | 000,086,528 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.au.deloitte.com;*.deloitte.com.au;10.*.*.*;192.168.0.*;203.0.101.204;*.recruitsoft.com;*.vc.deloitte.com;*.jnj.com;de203.centra.com;brandexperience.deloitte.com;*.deloittediscovery.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:80

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:8.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.561
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.http: "proxy"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, *.deloitte.com.au"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\mgsusageagent@managesoft.com: C:\Program Files\ManageSoft\Usage Agent\mgsusageagent\ [2010/06/21 12:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2010/10/24 21:04:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/24 20:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 20:37:53 | 000,000,000 | ---D | M]

[2010/10/24 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\htaikulswat\Application Data\Mozilla\Extensions
[2010/10/25 08:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\htaikulswat\Application Data\Mozilla\Firefox\Profiles\cehgo2in.default\extensions
[2010/10/25 08:51:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\htaikulswat\Application Data\Mozilla\Firefox\Profiles\cehgo2in.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/24 20:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/24 20:10:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ManageSoft Web Application Tracker) - {30A22EC9-42D0-4D46-A2F7-7516419F943D} - C:\Program Files\ManageSoft\Usage Agent\mgsiebho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEBrowserHelperObject Class) - {86EA4148-BEE6-4CEE-A72F-DA27A5112BD1} - C:\WINDOWS\system32\ssibrowserhook5.dll (Scalable Software, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [CallPilot] C:\Program Files\Nortel\CallPilot\CallPilot.vbs ()
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [EFSAssistant] C:\Program Files\Microsoft EFS Assistant\EFSAssistantExec.vbs ()
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [pdfDocs] C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe (DocsCorp Pty Ltd)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SchedulingAgent_nDG] C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe (ManageSoft Corp)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\orl\vnc\WinVNC.exe (TightVNC Group)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\htaikulswat\Start Menu\Programs\Startup\CallPilot MWI Icon.lnk = C:\Program Files\Nortel\CallPilot\cpnotifier.exe (Nortel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper = c:\program files\signals\signals.bmp ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = au.deloitte.com
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{19e24ee0-cb75-11df-9de9-00a0d5ffffae}\Shell - "" = AutoRun
O33 - MountPoints2\{19e24ee0-cb75-11df-9de9-00a0d5ffffae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19e24ee0-cb75-11df-9de9-00a0d5ffffae}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{7c0d6109-cf89-11df-9deb-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{7c0d6109-cf89-11df-9deb-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c0d6109-cf89-11df-9deb-444553544200}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{7c0d610a-cf89-11df-9deb-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{7c0d610a-cf89-11df-9deb-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c0d610a-cf89-11df-9deb-444553544200}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8ca3ad4a-d2d2-11df-9def-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{8ca3ad4a-d2d2-11df-9def-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8ca3ad4a-d2d2-11df-9def-444553544200}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{abdeb5be-cf4b-11df-9dea-00a0d5ffffae}\Shell - "" = AutoRun
O33 - MountPoints2\{abdeb5be-cf4b-11df-9dea-00a0d5ffffae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{abdeb5be-cf4b-11df-9dea-00a0d5ffffae}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e86b23bc-c7c9-11df-9de8-00a0d5ffffae}\Shell - "" = AutoRun
O33 - MountPoints2\{e86b23bc-c7c9-11df-9de8-00a0d5ffffae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86b23bc-c7c9-11df-9de8-00a0d5ffffae}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe -- File not found
O33 - MountPoints2\{e86b23be-c7c9-11df-9de8-00a0d5ffffae}\Shell - "" = AutoRun
O33 - MountPoints2\{e86b23be-c7c9-11df-9de8-00a0d5ffffae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e86b23be-c7c9-11df-9de8-00a0d5ffffae}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - Microsoft Outlook Express 6
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.



htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

otl.txt - part 2

Post by htaikulswat on 25th October 2010, 10:45 am

========== Files/Folders - Created Within 30 Days ==========

[2010/10/25 08:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/10/25 08:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/25 08:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/25 08:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/10/25 08:26:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\htaikulswat\Desktop\OTL.exe
[2010/10/24 20:38:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/24 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Mozilla
[2010/10/24 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\Mozilla
[2010/10/24 20:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/10/24 20:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\Malwarebytes
[2010/10/24 20:31:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/24 20:31:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/24 20:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/24 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/24 19:22:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/24 19:22:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/24 19:22:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/24 19:22:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/24 19:22:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/24 19:21:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/24 18:59:14 | 000,038,528 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\HIPIS0e011a2.dll
[2010/10/24 17:17:35 | 000,000,000 | ---D | C] -- C:\Quarantine
[2010/10/21 10:30:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/10/20 23:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\.ABC
[2010/10/20 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/10/18 20:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\My Documents\Nail Stuff
[2010/10/18 20:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Western Digital
[2010/10/17 19:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\cache
[2010/10/17 19:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\FullTiltPoker
[2010/10/11 14:43:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/10/11 14:43:14 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/10/11 14:43:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/10/09 18:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\Apple Computer
[2010/10/09 18:25:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/10/09 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/09 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/09 18:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/09 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/09 18:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/10/09 18:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Apple
[2010/10/09 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/10/09 18:22:40 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/10/09 18:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/09 18:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/10/09 18:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/10/09 18:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\Apple Computer
[2010/10/07 20:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\vlc
[2010/10/07 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/04 18:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\3 MobileBroadband
[2010/10/04 17:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[2010/09/27 12:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\htaikulswat\Application Data\ICAClient
[2010/09/27 12:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/09/27 11:25:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2010/06/22 11:14:49 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/25 21:31:09 | 000,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2010/10/25 16:17:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/10/25 09:55:27 | 000,050,992 | RHS- | M] () -- C:\Documents and Settings\htaikulswat\ntuser.pol
[2010/10/25 08:57:56 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/10/25 08:57:56 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/25 08:26:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\htaikulswat\Desktop\OTL.exe
[2010/10/24 20:38:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/10/24 20:37:55 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/24 20:37:55 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/24 20:31:04 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 20:10:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/24 19:34:15 | 000,444,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/24 19:34:15 | 000,072,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/24 19:29:52 | 000,040,850 | ---- | M] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/10/24 19:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 19:16:41 | 003,883,033 | R--- | M] () -- C:\Documents and Settings\htaikulswat\Desktop\Combo-Fix.exe
[2010/10/24 17:20:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/10/24 17:20:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/24 17:19:46 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/22 21:58:00 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/21 13:31:45 | 000,040,859 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/21 10:34:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/21 10:08:20 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/10/20 17:33:06 | 000,600,424 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Desktop\copier@hazelwoodpower.com_20101020_160324.pdf
[2010/10/19 15:47:56 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/10/19 11:03:30 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Desktop\ACL 9.lnk
[2010/10/14 11:19:59 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/10/13 23:00:47 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Haruka.accdb
[2010/10/12 12:33:32 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Personal.ini
[2010/10/09 18:25:35 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/09 18:23:55 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/09 18:22:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/09 12:50:42 | 003,457,024 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Northwind 2007.accdb
[2010/10/09 10:10:55 | 000,458,752 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Recipes.accdb
[2010/10/08 22:54:22 | 001,019,904 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Contacts.accdb
[2010/10/08 22:52:38 | 000,370,022 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Contacts.accdt
[2010/10/07 20:03:58 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/10/07 01:28:38 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\KevlarSigs.dll
[2010/10/06 23:16:18 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/10/05 16:12:39 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\htaikulswat\My Documents\Purchase Order 10-11237A.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 08:57:56 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2010/10/25 08:57:56 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/24 20:38:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/24 20:37:55 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/24 20:37:55 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/24 20:31:04 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:29:52 | 000,040,850 | ---- | C] () -- C:\WINDOWS\System32\api_hook_list.dat
[2010/10/24 19:22:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 19:22:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 19:22:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 19:22:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 19:22:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/24 19:16:13 | 003,883,033 | R--- | C] () -- C:\Documents and Settings\htaikulswat\Desktop\Combo-Fix.exe
[2010/10/24 17:20:20 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/10/20 17:33:06 | 000,600,424 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Desktop\copier@hazelwoodpower.com_20101020_160324.pdf
[2010/10/19 11:03:30 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Desktop\ACL 9.lnk
[2010/10/09 18:25:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/09 18:23:55 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/09 18:22:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/09 12:46:49 | 003,457,024 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Northwind 2007.accdb
[2010/10/09 09:44:06 | 000,458,752 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Recipes.accdb
[2010/10/08 22:55:13 | 011,796,480 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Haruka.accdb
[2010/10/08 22:52:38 | 000,370,022 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Contacts.accdt
[2010/10/08 22:52:34 | 001,019,904 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Contacts.accdb
[2010/10/07 20:06:22 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/07 20:03:58 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/10/05 16:12:39 | 000,210,944 | ---- | C] () -- C:\Documents and Settings\htaikulswat\My Documents\Purchase Order 10-11237A.doc
[2010/10/05 16:12:21 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Personal.ini
[2010/09/16 20:58:48 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/16 20:52:49 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/09/16 20:31:53 | 000,147,533 | ---- | C] () -- C:\WINDOWS\System32\pdfDocNT.dll
[2010/09/16 19:13:37 | 000,031,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SCD.LOG
[2010/09/16 19:13:33 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SSIHistory.dat
[2010/09/16 19:13:28 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Local Settings\Application Data\fusioncache.dat
[2010/09/16 19:13:11 | 000,016,597 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SCID.LOG
[2010/09/16 19:13:10 | 000,003,029 | ---- | C] () -- C:\Documents and Settings\htaikulswat\Application Data\SCDD.LOG
[2010/07/07 12:37:33 | 000,348,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/22 11:14:40 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2010/06/22 06:19:38 | 000,000,753 | ---- | C] () -- C:\WINDOWS\System32\zzDTS_gatherlogs.ini
[2010/06/21 22:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/21 17:34:29 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/06/21 17:34:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/06/21 17:34:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/06/21 17:34:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/06/21 17:34:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/06/21 17:34:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/06/21 17:34:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/06/21 17:32:33 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/06/21 17:31:38 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/06/21 13:55:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/21 12:31:12 | 000,000,051 | ---- | C] () -- C:\WINDOWS\smsts.ini
[2007/04/13 18:40:54 | 000,040,517 | ---- | C] () -- C:\WINDOWS\System32\jRegistryKey.dll
[2006/10/08 20:33:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Greendot tagline screensaver.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/21 22:23:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/21 22:23:44 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/21 22:23:44 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2008/04/14 23:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2008/04/14 23:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2008/04/14 23:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2008/04/14 23:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2008/04/14 23:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2008/04/14 23:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2008/04/14 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2008/04/14 23:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2008/04/14 23:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2008/04/14 23:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2008/04/14 23:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2008/04/14 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2008/04/14 23:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2008/04/14 23:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2008/04/14 23:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 23:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/09/01 00:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/06/21 17:22:23 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/24 20:14:14 | 000,031,767 | ---- | M] () -- C:\ComboFix.txt
[2010/10/24 17:20:20 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/06/21 12:28:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/21 12:28:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 23:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/24 19:28:36 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/10/24 20:28:02 | 000,000,419 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/10/24 18:26:18 | 000,000,000 | ---D | M] -- C:\Program Files\3 MobileBroadband
[2010/04/20 12:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\ACL Software
[2010/09/23 18:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\ACL9
[2010/06/21 12:57:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/10/09 18:22:56 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/16 20:30:28 | 000,000,000 | ---D | M] -- C:\Program Files\AS2
[2010/09/17 11:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\As2Switcher
[2010/10/09 18:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/06/21 13:08:17 | 000,000,000 | ---D | M] -- C:\Program Files\Cintinel
[2010/06/21 13:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/10/24 19:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/06/21 12:27:09 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/21 17:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/09/15 21:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\Deloitte Applications
[2010/09/15 21:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\Deloitte Touche Tohmatsu
[2010/09/15 18:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Deloitte VPN Client
[2010/06/21 13:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Enterprise Vault
[2010/09/16 19:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\eSpace
[2010/06/21 13:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\Folio
[2010/10/24 18:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2010/09/15 18:48:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/21 17:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/21 10:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/06/21 17:34:02 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/10/09 18:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/09 18:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/06/21 13:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/21 17:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2010/10/24 20:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/15 21:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\ManageSoft
[2010/09/17 11:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/25 08:57:55 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/06/21 12:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/20 22:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2010/09/17 10:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/10/20 14:21:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2010/06/21 13:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 SDK
[2010/06/21 13:10:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft EFS Assistant
[2010/06/21 12:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/09/16 19:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/21 12:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Communicator
[2010/06/21 12:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/06/21 12:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/06/21 12:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/21 12:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/09/15 21:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/24 20:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/06/21 12:38:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/06/21 12:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2010/06/21 13:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/06/21 12:27:33 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/09/16 19:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Nortel
[2010/10/25 08:51:34 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/06/21 13:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\orl
[2010/06/21 12:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/06/21 12:49:51 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Today
[2010/09/16 21:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\pdfDocs
[2010/10/09 18:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/06/21 12:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/09/16 19:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\Scalable Software
[2010/09/16 20:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Wireless Inc
[2010/09/16 19:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Signals
[2010/06/21 13:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\Steelray Software
[2010/06/21 17:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/09/16 20:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Telstra
[2010/06/21 17:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2010/06/21 12:30:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/10/07 20:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/06/21 12:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\WINDOWS
[2010/09/17 10:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/09/20 18:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2010/09/17 10:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/06/21 13:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/06/21 13:02:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/06/21 12:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/06/21 12:27:41 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/06/21 13:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2010/06/21 12:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/06/21 22:24:33 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\desktop.ini
[2010/09/16 21:50:15 | 000,003,029 | ---- | M] () -- C:\Documents and Settings\htaikulswat\Application Data\SCDD.LOG


< MD5 for: AGP440.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\source\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\source\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\source\i386\sp3.cab:disk.sys
[2008/04/14 23:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 23:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Drivers\hdc\iaAHCI_8.9.2.1002_C85F4B0B1997210616644794ED78DBAE\IaStor.sys
[2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\Drivers\hdc\iaAHCI_9.5.7.1002_30DDD97670F9461F5511474D9D4AE179\iaStor.sys
[2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\WINDOWS\OemDir\iaStor.sys
[2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\WINDOWS\source\i386\$OEM$\iaStor.sys
[2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\WINDOWS\source\i386\$OEM$\TEXTMODE\iaStor.sys
[2010/01/15 13:06:56 | 000,433,176 | ---- | M] (Intel Corporation) MD5=39F7C9AEEE865FE8E98CF3EDD2B4BB4A -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/06/13 16:51:24 | 000,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\Drivers\System\lsipseud_6.2.0_AC2F3D3DD50CF0C4DB93A59FB25F411C\symmpi.sys
[2005/06/13 16:51:24 | 000,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\WINDOWS\system32\drivers\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 23:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\source\i386\sp3.cab:usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 01:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - help requested

Post by Sneakyone on 25th October 2010, 11:26 pm

Hi,

I notice you have ran ComboFix.exe, could you please navigate to C:\ComboFix.txt and post that log here.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

combo-fix.txt

Post by htaikulswat on 25th October 2010, 11:29 pm

ComboFix 10-10-23.01 - htaikulswat 24/10/2010 19:24:21.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2996.2359 [GMT 11:00]
Running from: c:\documents and settings\htaikulswat\Desktop\Combo-Fix.exe
Command switches used :: /killall
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 27


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 07:59 . 2009-02-06 05:38 38528 ----a-w- c:\windows\system32\HIPIS0e011a2.dll
2010-10-24 06:17 . 2010-10-24 08:24 -------- d-----w- C:\Quarantine
2010-10-20 12:00 . 2010-10-22 07:59 -------- d-----w- c:\documents and settings\htaikulswat\Application Data\.ABC
2010-10-20 03:21 . 2010-10-20 03:21 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2010-10-18 09:30 . 2010-10-18 09:30 -------- d-----w- c:\documents and settings\htaikulswat\Local Settings\Application Data\Western Digital
2010-10-17 08:29 . 2010-10-17 08:29 -------- d-----w- c:\documents and settings\htaikulswat\Local Settings\Application Data\cache
2010-10-17 08:28 . 2010-10-17 09:15 -------- d-----w- c:\documents and settings\htaikulswat\Local Settings\Application Data\FullTiltPoker
2010-10-11 03:43 . 2001-08-17 11:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-11 03:43 . 2008-04-13 18:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-11 03:43 . 2008-04-13 13:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-11 03:43 . 2008-04-13 13:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-09 07:25 . 2010-10-09 09:25 -------- d-----w- c:\documents and settings\htaikulswat\Application Data\Apple Computer
2010-10-09 07:25 . 2009-05-18 02:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-09 07:25 . 2008-04-17 01:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-09 07:24 . 2010-10-09 07:24 -------- d-----w- c:\program files\iPod
2010-10-09 07:24 . 2010-10-09 07:25 -------- d-----w- c:\program files\iTunes
2010-10-09 07:24 . 2010-10-09 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-09 07:24 . 2010-10-09 07:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-09 07:24 . 2010-10-09 07:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-09 07:24 . 2010-10-09 07:24 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-09 07:21 . 2010-10-09 07:25 -------- d-----w- c:\documents and settings\htaikulswat\Local Settings\Application Data\Apple Computer
2010-10-07 09:04 . 2010-10-07 09:07 -------- d-----w- c:\documents and settings\htaikulswat\Application Data\vlc
2010-10-07 09:03 . 2010-10-07 09:03 -------- d-----w- c:\program files\VideoLAN
2010-10-04 07:30 . 2010-10-24 07:26 -------- d-----w- c:\program files\3 MobileBroadband
2010-10-04 06:42 . 2010-10-24 07:26 -------- d-----w- c:\program files\Full Tilt Poker
2010-09-27 01:49 . 2010-09-27 01:49 -------- d-----w- c:\documents and settings\htaikulswat\Application Data\ICAClient
2010-09-27 01:49 . 2010-09-27 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\GroupPolicy
2010-09-27 00:25 . 2008-04-13 19:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-09-27 00:25 . 2008-04-13 19:41 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 14:28 . 2010-06-21 06:26 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-09-18 06:53 . 2010-06-21 19:19 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2010-06-21 19:19 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2010-06-21 19:19 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 01:23 . 2010-06-21 19:19 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-16 08:13 . 2010-09-16 08:13 114688 ----a-w- c:\windows\system32\ssiwtslg.exe
2010-09-16 08:13 . 2010-09-16 08:13 60928 ----a-w- c:\windows\system32\ssihook7.dll
2010-09-16 08:13 . 2010-09-16 08:13 90112 ----a-w- c:\windows\system32\ssidisplaydatawmi.dll
2010-09-16 08:13 . 2010-09-16 08:13 62464 ----a-w- c:\windows\system32\ssihook64_7.dll
2010-09-16 08:13 . 2010-09-16 08:13 143360 ----a-w- c:\windows\system32\ssibrowserhook5.dll
2010-09-16 08:13 . 2010-09-16 08:13 503808 ----a-w- c:\windows\system32\SCInstallerNT.exe
2010-09-09 13:38 . 2010-06-21 19:19 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2010-06-21 19:19 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2010-06-21 19:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2010-06-21 19:19 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 00:17 . 2010-09-08 00:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 00:17 . 2010-09-08 00:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2010-06-21 19:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2010-06-21 19:19 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 12:10 . 2010-06-21 19:19 389120 ----a-w- c:\windows\system32\html.iec
2010-08-27 08:02 . 2010-06-21 19:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12 . 2010-06-21 19:19 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2010-06-21 19:19 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2010-06-21 19:19 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2010-06-21 01:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-29 04:01 . 2010-07-29 04:01 14585902 ----a-w- c:\windows\Deloitte.scr
2010-07-27 07:44 . 2010-07-27 07:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 07:44 . 2010-07-27 07:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 07:44 . 2010-07-27 07:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 07:44 . 2010-07-27 07:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Google Update"="c:\documents and settings\htaikulswat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SchedulingAgent_nDG"="c:\program files\ManageSoft\Schedule Agent\ndschedag.exe" [2009-01-19 1419528]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-12-16 5730144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"EFSAssistant"="c:\program files\Microsoft EFS Assistant\EFSAssistantExec.vbs" [2009-04-24 4167]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"WinVNC"="c:\program files\orl\vnc\WinVNC.exe" [2007-05-07 589824]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-06 124240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 174616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 145432]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-03-10 972096]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-05-11 517480]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-04-20 62312]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2010-04-22 431464]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2010-04-22 181608]
"CallPilot"="c:\program files\Nortel\CallPilot\CallPilot.vbs" [2009-05-26 8435]
"pdfDocs"="c:\program files\pdfDocs\resources\pdfdocsmon.exe" [2008-08-04 368640]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2009-08-13 562456]
"WatcherHelper"="c:\program files\Telstra\Telstra Connection Manager\WaHelper.exe" [2009-08-14 62744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\htaikulswat\Start Menu\Programs\Startup\
CallPilot MWI Icon.lnk - c:\program files\Nortel\CallPilot\cpnotifier.exe [2007-3-2 978944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoPublishingWizard"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"ForceStartMenuLogOff"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-807016362-1868705179-622671684-88084\Scripts\Logon\0\0]
"Script"=\\au.deloitte.com\SysVol\au.deloitte.com\Policies\{2299C9D0-2DF9-4836-A641-0FC00F2D50B3}\User\Scripts\Logon\MEL.VBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-807016362-1868705179-622671684-88084\Scripts\Logon\0\1]
"Script"=\\aumelcl002\applications\Logon\au force runs.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-807016362-1868705179-622671684-88084\Scripts\Logon\1\0]
"Script"=\\au.deloitte.com\SysVol\au.deloitte.com\Policies\{2299C9D0-2DF9-4836-A641-0FC00F2D50B3}\User\Scripts\Logon\MELERS.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program files\\Telstra\\Telstra Connection Manager\\SwiApiMux.exe"=
"c:\\Program Files\\Sierra Wireless Inc\\WebUpdater\\SwiApiMux.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [6/21/2010 5:31 PM 24304]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [6/22/2010 11:14 AM 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/9/2009 1:10 PM 20520]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [6/21/2010 1:44 PM 17968]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [6/7/2010 10:58 AM 13480]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [6/21/2010 5:31 PM 132456]
R2 e-Space Reservation Monitor;e-Space Reservation Monitor;c:\program files\Deloitte Touche Tohmatsu\eSpaceReservationMonitorSetup\ReservationMonitor.exe [8/27/2009 12:18 PM 32768]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [3/10/2009 5:24 PM 1471808]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [6/21/2010 5:34 PM 50536]
R2 Lenovo.micmute;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [6/7/2010 10:58 AM 45496]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [3/25/2010 2:20 PM 226624]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 9:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/21/2010 1:13 PM 70728]
R2 mgsdl;ManageSoft Peer-to-Peer Download Service;c:\program files\ManageSoft\Launcher\mgsdl.exe [1/19/2009 4:18 PM 1406464]
R2 mgssecsvc;ManageSoft Security Service;c:\program files\ManageSoft\Security Agent\mgssecsvc.exe [1/19/2009 4:43 PM 1078784]
R2 ndGlobalLauncher;ManageSoft installation agent;c:\program files\ManageSoft\Launcher\ndserv.exe [1/19/2009 5:28 PM 2901768]
R2 ndinit;ManageSoft managed device;c:\program files\ManageSoft\Schedule Agent\ndinit.exe [1/19/2009 5:27 PM 712456]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6/21/2010 5:31 PM 53248]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [6/22/2010 11:14 AM 45056]
R2 SSI Survey Client;SSI Survey Client;c:\program files\Scalable Software\Survey\SSI Survey Client\surveyclientnt.exe [9/16/2010 7:13 PM 90112]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [6/7/2010 10:58 AM 63928]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [6/22/2010 11:14 AM 127232]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [6/22/2010 11:14 AM 167080]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/15/2010 6:48 PM 26137]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [6/21/2010 5:26 PM 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [6/21/2010 5:26 PM 110384]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [6/21/2010 5:26 PM 38200]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [6/21/2010 5:26 PM 35584]
R3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [6/21/2010 5:26 PM 34408]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [6/22/2010 11:14 AM 235520]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/22/2010 6:17 AM 243856]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Deloitte VPN Client\Extranet_serv.exe [9/15/2010 6:48 PM 835584]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [6/21/2010 5:26 PM 44680]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/15/2010 6:48 PM 155152]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/21/2010 1:13 PM 66600]
S3 SSI Client Installer;SSI Client Installer;c:\windows\system32\SCInstallerNT.exe [9/16/2010 7:13 PM 503808]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [7/22/2009 5:44 PM 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [7/22/2009 5:44 PM 148992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19e24ee0-cb75-11df-9de9-00a0d5ffffae}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c0d6109-cf89-11df-9deb-444553544200}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c0d610a-cf89-11df-9deb-444553544200}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca3ad4a-d2d2-11df-9def-444553544200}]
\Shell\AutoRun\command - "E:\WD SmartWare.exe" autoplay=true

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdeb5be-cf4b-11df-9dea-00a0d5ffffae}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86b23bc-c7c9-11df-9de8-00a0d5ffffae}]
\Shell\AutoRun\command - E:\DTVP_Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86b23be-c7c9-11df-9de8-00a0d5ffffae}]
\Shell\AutoRun\command - E:\DTVP_Launcher.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:50]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-807016362-1868705179-622671684-88084Core.job
- c:\documents and settings\htaikulswat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 03:50]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-807016362-1868705179-622671684-88084UA.job
- c:\documents and settings\htaikulswat\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 03:50]

2010-10-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-06-21 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:28091
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll
AddRemove-KB2079403 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-051 - Windows XP(6024)
AddRemove-KB2115168 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-052 - Windows XP(6009)
AddRemove-KB2121546 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-069 - Windows XP(6085)
AddRemove-KB2160329 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-048 - Windows XP(6054)
AddRemove-KB2229593 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-042 - Windows XP(5872)
AddRemove-KB2259922 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-067 - Windows XP(6105)
AddRemove-KB2279986 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-078 - Windows XP(6303)
AddRemove-KB2286198 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-046 - Windows XP(5881)
AddRemove-KB2296011 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-081 - Windows XP(6285)
AddRemove-KB2347290 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-061 - Windows XP(6162)
AddRemove-KB2360937 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-084 - Windows XP(6220)
AddRemove-KB2387149 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-074 - Windows XP(6344)
AddRemove-KB956844 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-046 - Windows XP(4922)
AddRemove-KB958869 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-062 - Windows XP(4968)
AddRemove-KB969059 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-057 - Windows XP(5048)
AddRemove-KB971961 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-045 - Jscript 5.7 for Windows XP(4931)
AddRemove-KB972270 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-001 - Windows XP(5286)
AddRemove-KB973904 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-073 - Windows XP(5215)
AddRemove-KB974112 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-052 - Windows XP(5136)
AddRemove-KB974318 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-071 - Windows XP(5266)
AddRemove-KB974392 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-069 - Windows XP(5278)
AddRemove-KB974571 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-056 - Windows XP(5054)
AddRemove-KB975025 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS09-051 - Windows XP(5141)
AddRemove-KB975560 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-013 - Windows XP (Quartz)(5371)
AddRemove-KB975562 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-033 - Windows XP (Quartz.dll)(5805)
AddRemove-KB975713 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-007 - Windows XP(5425)
AddRemove-KB977816 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-026 - Windows XP(5535)
AddRemove-KB977914 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-013 - Windows XP (AVI Filter)(5365)
AddRemove-KB978037 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-011 - Windows XP(5397)
AddRemove-KB978338 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-029 - Windows XP(5519)
AddRemove-KB978542 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-030 - Windows XP(5664)
AddRemove-KB978601 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-019 - Windows XP (Authenticode)(5619)
AddRemove-KB978706 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-005 - Windows XP(5446)
AddRemove-KB979309 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-019 - Windows XP (Cabinet)(5634)
AddRemove-KB979482 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-033 - Windows XP (Asycfilt.dll)(5820)
AddRemove-KB979687 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-083 - Windows XP(6242)
AddRemove-KB980195 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-034 - ActiveX Killbits for Windows XP(5790)
AddRemove-KB980218 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-037 - Windows XP(5731)
AddRemove-KB980232 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-020 - Windows XP(5604)
AddRemove-KB980436 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-049 - Windows XP(6038)
AddRemove-KB981322 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-063 - Windows XP(6143)
AddRemove-KB981349 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-022 - Windows XP (VBS 5.7)(5572)
AddRemove-KB981852 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-047 - Windows XP(6082)
AddRemove-KB981957 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-073 - Windows XP(6359)
AddRemove-KB981997 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-050 - Windows XP(6035)
AddRemove-KB982132 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-076 - Windows XP(6317)
AddRemove-KB982214 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-054 - Windows XP(5963)
AddRemove-KB982665 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-055 - Windows XP(5943)
AddRemove-KB982802 - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d MS10-066 - Windows XP(6110)
AddRemove-{03522506-11CE-42CF-86A1-1BE43F443E9A} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Enterprise Vault User Extensions
AddRemove-{13CD417D-F1F1-4AC4-945D-FDDEB884756F} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Baseline Security Analyzer 2.0
AddRemove-{1EB719BF-360C-464B-8E49-4641ECF9CFD9} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Nortel CallPilot MEL
AddRemove-{2FF43F5D-5729-4E02-A548-310E30A5F29B} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d Microsoft CAPICOM SDK
AddRemove-{414FAE01-7234-401A-8B4D-BC4466B6D4EC} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d pdfDocs
AddRemove-{610FE0D3-DB2E-4004-8319-3711795DE306} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d NextG Wireless USB Modem
AddRemove-{66E3BA00-6B3D-466B-96FA-6309A7F42BB0} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d Adobe Flash Player 10 ActiveX
AddRemove-{6C3AD079-DD38-451A-8A65-76D8471C0523} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d Citrix ICA Client
AddRemove-{6F1E2C9E-5D2B-4CA7-95BE-B8453AD885D4} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d AuditSystem2
AddRemove-{93C545C0-0E66-4813-BFF1-55B464580909} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d Microsoft EFS Assistant
AddRemove-{9719125F-E8D8-4C5A-ABD6-9D9A65F7BF86} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d TightVNC Client
AddRemove-{9ECF7817-DB11-4FBA-9DF1-296A578D513A} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d Adobe Shockwave Player
AddRemove-{AF61C9E5-CBCF-436C-BDDB-7860694234D5} - c:\program files\Managesoft\Launcher\ndlaunch -o InstallProfile=Public -d CaptureCamPro
AddRemove-{B49021F1-4563-4009-8D3E-50141D395DD5} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d Solution 6 Tax Lodgement
AddRemove-{D61E641D-FE19-4AFB-B9D8-4E8F5E576B78} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d AuditSystem 2 Pack Switcher 4.0
AddRemove-{D642E38E-0D24-486C-9A2D-E316DD696F4B} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d XML Parser
AddRemove-{E531C108-D8E5-44A4-8AB0-0952334AA6EC} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Private -d Deloitte GreenDot Tagline
AddRemove-{F555453B-4C98-4D11-8013-BECD67A1B211} - c:\program files\ManageSoft\Launcher\ndlaunch -o InstallProfile=Public -d eSpaceReservationMonitor



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-24 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\windows\system32\SSIHook7.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
c:\program files\Scalable Software\Survey\SSI Survey Client\SSIIUHLPUTIL.DLL
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(740)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\msiexec.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\ManageSoft\Schedule Agent\ndtask.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft EFS Assistant\EFSAssistant.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-10-24 20:14:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 09:14

Pre-Run: 69,892,231,168 bytes free
Post-Run: 70,341,922,816 bytes free

- - End Of File - - FA32E63C87E6FD8A04797C019686C201

htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - help requested

Post by Sneakyone on 25th October 2010, 11:53 pm

Hi,

Please download a fresh copy and follow these instructions:

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

commy.exe

Post by htaikulswat on 25th October 2010, 11:55 pm

I am on a work-issued laptop for which the group policy does not allow me to disable anti virus software or install the recovery console.

How would you like me to proceed?

htaikulswat
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-10-24
OS OS : Windows XP
Points Points : 22478
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Nuqel.E - help requested

Post by Sneakyone on 27th October 2010, 12:11 am

Hi,

No, please don't worry about running ComboFix on a work computer as it can damage it.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56134
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum