Raj

Members
  • Content count

    20
  • Joined

  • Last visited

About Raj

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Still trying to get this ComboFix scan going . ....my sister is impossible ... Any alternative to ComboFix?
  2. Hi screen317, Please be patient whilst I try to run ComboFix on the PC remotely. It seems ComboFix disconnect my Teamviewer session everytime I run it, and my sister on the side of the world still trying to work out my Combofix instructions after 2 days of trying!!!! Will post result once I successful run Combofix.
  3. Almost forgotten, here is the MBAM log: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.09.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: ASPIREM1610 [administrator] Protection: Enabled 8/9/2012 6:10:36 PM mbam-log-2012-08-09 (18-10-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 180741 Time elapsed: 5 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Just check if those <div> characters are showing up again.
  5. <p>Thanks for looking into this topic screen317.</p> <p> </p> <p>Here is the dds.txt</p> <p> </p> <p> </p> <div>.</div> <div>DDS (Ver_2011-08-26.01) - NTFSx86 </div> <div>Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21</div> <div>Run by User at 15:35:54 on 2012-08-09</div> <div>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.735 [GMT 8:00]</div> <div>.</div> <div>AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}</div> <div>FW: Symantec Client Firewall *Enabled* </div> <div>.</div> <div>============== Running Processes ===============</div> <div>.</div> <div>C:\WINDOWS\system32\svchost -k DcomLaunch</div> <div>svchost.exe</div> <div>C:\WINDOWS\System32\svchost.exe -k netsvcs</div> <div>svchost.exe</div> <div>svchost.exe</div> <div>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe</div> <div>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe</div> <div>C:\WINDOWS\Explorer.EXE</div> <div>C:\Program Files\Common Files\Symantec Shared\ccProxy.exe</div> <div>C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe</div> <div>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe</div> <div>C:\WINDOWS\system32\spoolsv.exe</div> <div>svchost.exe</div> <div>C:\Program Files\BUFFALO\Backup_Utility\BUService.exe</div> <div>C:\Program Files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe</div> <div>C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe</div> <div>C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe</div> <div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe</div> <div>C:\Program Files\Java\jre6\bin\jqs.exe</div> <div>C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe</div> <div>C:\WINDOWS\system32\svchost.exe -k imgsvc</div> <div>C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe</div> <div>C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe</div> <div>C:\WINDOWS\System32\svchost.exe -k HTTPFilter</div> <div>C:\WINDOWS\RTHDCPL.EXE</div> <div>C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe</div> <div>C:\Program Files\Common Files\Symantec Shared\ccApp.exe</div> <div>C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe</div> <div>C:\Program Files\Brother\ControlCenter3\brccMCtl.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe</div> <div>C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe</div> <div>C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe</div> <div>C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe</div> <div>C:\WINDOWS\system32\ctfmon.exe</div> <div>C:\Program Files\Logitech\Logitech Vid\vid.exe</div> <div>C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe</div> <div>C:\Program Files\Mozilla Firefox\firefox.exe</div> <div>C:\Program Files\Mozilla Firefox\plugin-container.exe</div> <div>C:\Program Files\TeamViewer\Version7\TeamViewer.exe</div> <div>C:\Program Files\TeamViewer\Version7\tv_w32.exe</div> <div>c:\program files\teamviewer\version7\TeamViewer_Desktop.exe</div> <div>.</div> <div>============== Pseudo HJT Report ===============</div> <div>.</div> <div>uStart Page = hxxp://thestar.com.my/</div> <div>BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll</div> <div>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll</div> <div>BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File</div> <div>BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll</div> <div>BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</div> <div>uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe</div> <div>uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode</div> <div>mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32</div> <div>mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC</div> <div>mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC</div> <div>mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName</div> <div>mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"</div> <div>mRun: [RTHDCPL] RTHDCPL.EXE</div> <div>mRun: [Alcmtr] ALCMTR.EXE</div> <div>mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot</div> <div>mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"</div> <div>mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini</div> <div>mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN</div> <div>mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun</div> <div>mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"</div> <div>mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe</div> <div>mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM</div> <div>mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray</div> <div>mRun: [buffaloTools] c:\program files\buffalo\buffalotools\BuffaloTools.exe</div> <div>mRun: [backup Utility TaskTray Tool] "c:\program files\buffalo\backup_utility\BUTray.exe"</div> <div>mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide</div> <div>mRun: [Device Detector] DevDetect.exe -autorun</div> <div>mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k</div> <div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000</div> <div>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe</div> <div>IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe</div> <div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div> <div>DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab</div> <div>DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab</div> <div>DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div> <div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab</div> <div>TCP: DhcpNameServer = 192.168.1.1</div> <div>TCP: Interfaces\{6D5A81A3-4D75-4384-9575-1190EBACD785} : NameServer = 208.67.222.222,208.67.220.220</div> <div>TCP: Interfaces\{6D5A81A3-4D75-4384-9575-1190EBACD785} : DhcpNameServer = 192.168.1.1</div> <div>TCP: Interfaces\{70320C63-277F-494D-BCB0-2E2D3E4E4847} : DhcpNameServer = 128.168.188.8</div> <div>TCP: Interfaces\{F1564CFB-6E1B-4F84-9273-B242620F230B} : DhcpNameServer = 128.168.188.8</div> <div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL</div> <div>Notify: igfxcui - igfxdev.dll</div> <div>Notify: NavLogon - c:\windows\system32\NavLogon.dll</div> <div>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll</div> <div>SEH: Internet Shortcut: {fbf23b40-e3f0-101b-8488-00aa003e56f8} - c:\windows\system32\ieframe.dll</div> <div>.</div> <div>================= FIREFOX ===================</div> <div>.</div> <div>FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\y60g3djd.default\</div> <div>FF - prefs.js: browser.startup.homepage - hxxp://www.klse.com.my/website/bm/market_information/|http://www.thestar.com.my|http://www.nst.com.my/</div> <div>FF - prefs.js: network.proxy.type - 0</div> <div>FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll</div> <div>FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll</div> <div>FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll</div> <div>FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll</div> <div>FF - plugin: c:\program files\google\picasa3\npPicasa3.dll</div> <div>FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll</div> <div>FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll</div> <div>FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll</div> <div>FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll</div> <div>.</div> <div>============= SERVICES / DRIVERS ===============</div> <div>.</div> <div>R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]</div> <div>R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]</div> <div>R2 BFBackupUtilityService;Backup Utility Service;c:\program files\buffalo\backup_utility\buservice.exe -service_execute --> c:\program files\buffalo\backup_utility\BUService.exe -Service_Execute [?]</div> <div>R2 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\buffalo\backup_utility\buvssservicexp.exe -service_execute --> c:\program files\buffalo\backup_utility\BUVSSServiceXP.exe -Service_Execute [?]</div> <div>R2 bufssvr;bufssvr;c:\program files\buffalo\slmanagereasy\Bufssvr.exe [2010-3-12 90112]</div> <div>R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]</div> <div>R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]</div> <div>R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]</div> <div>R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-5 655944]</div> <div>R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-9-27 116464]</div> <div>R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]</div> <div>R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]</div> <div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-5 22344]</div> <div>R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120808.004\naveng.sys [2012-8-9 87928]</div> <div>R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120808.004\navex15.sys [2012-8-9 1589752]</div> <div>S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-6 116648]</div> <div>S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250056]</div> <div>S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-6 116648]</div> <div>S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]</div> <div>.</div> <div>=============== Created Last 30 ================</div> <div>.</div> <div>2012-08-09 02:11:20<span class="Apple-tab-span" style="white-space:pre"> </span>770384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\msvcr100.dll</div> <div>2012-08-09 02:11:20<span class="Apple-tab-span" style="white-space:pre"> </span>421200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\msvcp100.dll</div> <div>2012-08-06 09:22:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div> <div>2012-08-04 14:46:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div> <div>2012-08-04 14:46:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\all users\application data\Spybot - Search & Destroy</div> <div>2012-08-04 11:13:05<span class="Apple-tab-span" style="white-space:pre"> </span>711240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\is-KGUNS.exe</div> <div>.</div> <div>==================== Find3M ====================</div> <div>.</div> <div>2012-08-04 11:07:00<span class="Apple-tab-span" style="white-space:pre"> </span>70344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-08-04 11:07:00<span class="Apple-tab-span" style="white-space:pre"> </span>426184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerApp.exe</div> <div>2012-07-03 05:46:44<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-06-13 13:19:59<span class="Apple-tab-span" style="white-space:pre"> </span>1866112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-06-05 15:50:25<span class="Apple-tab-span" style="white-space:pre"> </span>1372672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml6.dll</div> <div>2012-06-05 15:50:25<span class="Apple-tab-span" style="white-space:pre"> </span>1172480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msxml3.dll</div> <div>2012-06-04 04:32:08<span class="Apple-tab-span" style="white-space:pre"> </span>152576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\schannel.dll</div> <div>2012-06-02 07:19:44<span class="Apple-tab-span" style="white-space:pre"> </span>22040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wucltui.dll.mui</div> <div>2012-06-02 07:19:38<span class="Apple-tab-span" style="white-space:pre"> </span>219160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl</div> <div>2012-06-02 07:19:38<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaucpl.cpl.mui</div> <div>2012-06-02 07:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>15384<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuapi.dll.mui</div> <div>2012-06-02 07:19:30<span class="Apple-tab-span" style="white-space:pre"> </span>17944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wuaueng.dll.mui</div> <div>2012-05-31 13:22:09<span class="Apple-tab-span" style="white-space:pre"> </span>599040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\SET45.tmp</div> <div>2012-05-31 13:22:09<span class="Apple-tab-span" style="white-space:pre"> </span>599040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\crypt32.dll</div> <div>2012-05-16 15:08:26<span class="Apple-tab-span" style="white-space:pre"> </span>916992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div> <div>2012-05-11 14:42:33<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div> <div>2012-05-11 14:42:33<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div> <div>2012-05-11 11:38:02<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div> <div>2004-03-11 05:27:22<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Uninstall_CDS.exe</div> <div>.</div> <div>============= FINISH: 15:36:35.32 ===============</div> <div> </div>
  6. I am trying to troubleshooting my sister's Windows XP desktop remotely, the PC's browsers (IE8 and FF) would not allow to access to google.com and facebook.com pages. It has no problem access yahoo.com and etc.. This PC was working fine previously. After much troubleshooting, the workaround I found was to hard coded DNS servers onto TCP/IP properties, removing this entries to auto-detect DNS server (from adsl router) caused the access problem to return. nslookup returned correct entries for google.com but random ip address for facebook.com. Other PCs on the same wireless network did not exhibit the same problem. I had scanned using Malwarebytes and Symantec Corporate Antivirus, and Spybot scanner with nothing found. I have captured HiJackThis, DDS, and gmer log files. But I have not enough knowledge to interpret these logs. Be appreiciated if someone will assist to nail down this problem.
  7. Many Many Thanks Extremeboy, you are CHAMP!!! You may close this thread as SUCCESS. Again, much appreciated and THANKS.
  8. Hi I am back. Appreciate your patience. Here are the files, I hope they are the correct outputs you've asked for. As far, re-direction has not happened for the last two days. So hopefully it is gone for good. (Curious though, I would expect current Symantec Antivirus, avast! and MalwareByte's to have picked up this trojan/malware/??. I was speaking to an in-house IT Specialist and he said they received many calls on this problem in the last 3 weeks.) OTMoveIT3 output: ========== FILES ========== C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN moved successfully. File/Folder C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN not found. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN moved successfully. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN moved successfully. D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006 moved successfully. D:\RECYCLER\S-1-5-21-1180395095-502627533-162025716-500 moved successfully. D:\RECYCLER moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\VBE\MSForms.exd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\67.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\report avast King T61 D 20090226b.000 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\Sma22.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_Apps from Net.040 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET iii.039 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET.032 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_Essential software & hardware list.013 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_holiday short trips.029 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\_webreg IIb.022 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF2F72.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF5C2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF6DEB.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF798D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~DFFCA4.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP44.FP scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP49.FP scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP72.FP scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\atchksrv.log scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_191609 Files moved on Reboot... C:\DOCUME~1\bh02\LOCALS~1\Temp\VBE\MSForms.exd moved successfully. File C:\DOCUME~1\bh02\LOCALS~1\Temp\67.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\report avast King T61 D 20090226b.000 not found! C:\DOCUME~1\bh02\LOCALS~1\Temp\Sma22.tmp moved successfully. File C:\DOCUME~1\bh02\LOCALS~1\Temp\_Apps from Net.040 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET iii.039 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\_books from NET.032 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\_Essential software & hardware list.013 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\_holiday short trips.029 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\_webreg IIb.022 not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF2F72.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF5C2.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF6DEB.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DF798D.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~DFFCA4.tmp not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP44.FP not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP49.FP not found! File C:\DOCUME~1\bh02\LOCALS~1\Temp\~FP72.FP not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\atchksrv.log scheduled to be moved on reboot. File C:\WINDOWS\temp\ib2 not found! File C:\WINDOWS\temp\ib3 not found! File C:\WINDOWS\temp\ib4 not found! File C:\WINDOWS\temp\ib5 not found! File C:\WINDOWS\temp\ib6 not found! File C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat not found! C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\bh02\Local Settings\Application Data\Mozilla\Firefox\Profiles\3ah8jus0.bh02\XUL.mfl moved successfully. OTViewIt output: OTViewIt logfile created on: 3/03/2009 9:58:00 PM - Run 3 OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1.98 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 30.52% Memory free 2.83 Gb Paging File | 1.53 Gb Available in Paging File | 54.13% Paging File free Paging file location(s): D:\pagefile.sys 1024 1024; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25.00 Gb Total Space | 1.20 Gb Free Space | 4.79% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 0.58 Gb Free Space | 1.44% Space Free | Partition Type: NTFS Drive E: | 172.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS Computer Name: MQG80917 Current User Name: 02 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe [2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe [2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe [2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe [2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe [2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe [2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE [2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe [2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe [2009/03/01 07:34:01 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe [2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe [2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe [2005/12/28 21:22:54 | 03,956,736 | ---- | M] () -- C:\Program Files\Chemistry Lab\mysql\bin\mysqld.exe [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe [2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe [2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe [2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe [2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe [2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe [2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe [2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe [2009/02/11 10:19:38 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009/02/26 11:07:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe [2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe [2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe [2009/02/04 06:50:52 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2005/07/28 14:22:20 | 00,131,072 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32.exe [2006/06/22 04:43:07 | 01,110,016 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe [2005/08/15 16:16:22 | 00,009,728 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe [2007/04/17 03:59:12 | 00,565,248 | ---- | M] () -- C:\Program Files\IBM\Sametime Connect\sametime.exe [2007/04/17 03:59:18 | 00,348,160 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe [2007/08/29 00:34:32 | 00,186,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\VISIO.EXE [2004/05/04 20:47:44 | 09,190,080 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe ========== (O23) Win32 Services ========== [2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running]) [2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running]) [2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped]) [2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped]) [2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running]) [2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running]) [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running]) [2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) [2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running]) [2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running]) [2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running]) [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running]) [2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running]) [2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running]) [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running]) [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped]) [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running]) [2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) File not found -- -- (ISAMsmt [Disabled | Stopped]) [2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped]) [2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped]) [2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running]) [2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [On_Demand | Stopped]) [2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) [2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running]) [2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running]) [2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running]) [2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) [2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running]) [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped]) [2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped]) [2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) [2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped]) [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running]) [2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped]) [2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped]) [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running]) [2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running]) [2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running]) [2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) [2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running]) [2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running]) [2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped]) [2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped]) [2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running]) [2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running]) [2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running]) [2009/03/01 07:33:58 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped]) [2009/03/01 07:34:01 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running]) [2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped]) [2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running]) [2005/12/28 21:22:54 | 03,956,736 | ---- | M] () -- C:\Program Files\Chemistry Lab\mysql\bin\mysqld.exe -- (VCL MySQL Database Server [Auto | Running]) [2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [On_Demand | Stopped]) [2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [On_Demand | Stopped]) [2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [On_Demand | Stopped]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) [2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) [2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running]) [2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running]) [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running]) [2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running]) [2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running]) [2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running]) [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running]) [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running]) [2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Running]) [2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running]) [2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running]) [2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped]) [2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running]) [2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped]) [2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped]) [2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running]) [2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped]) [2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped]) [2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped]) [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running]) [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running]) [2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped]) [2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2009/02/26 20:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running]) [2009/02/26 20:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) [2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running]) [2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running]) [2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) [2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped]) [2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped]) [2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) [2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped]) [2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running]) [2008/09/29 10:17:16 | 00,023,848 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running]) [2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running]) [2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped]) [2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running]) [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running]) [2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running]) [2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090226.003\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090226.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running]) [2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) [2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) [2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped]) [2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped]) [2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) [2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped]) [2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running]) [2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running]) [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running]) [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running]) [2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running]) [2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running]) [2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running]) [2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped]) [2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running]) [2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running]) [2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running]) [2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running]) [2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running]) [2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running]) [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running]) [2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running]) [2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped]) [2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running]) [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running]) [2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running]) [2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped]) [2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped]) [2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped]) [2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running]) [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running]) [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running]) [2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running]) [2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running]) [2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running]) [2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running]) [2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running]) [2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running]) [2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running]) [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running]) [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running]) [2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running]) [2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running]) [2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running]) [2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running]) [2004/11/30 16:38:24 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running]) [2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running]) [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running]) [2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) [2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) [2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running]) [2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running]) [2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped]) [2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running]) [2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running]) [2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running]) [2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running]) [2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel
  9. My apology extremeboy, my notebook has been physical hijacked at the moment (for MS Word usage only). Will be back posting reply once it is returned today!!!
  10. B) understand the complexity of porting such a fine and optimised program, but we always live in hope. so at least there is a chance of portable MBAM Thanks for the insight, exile360. PS: Are you sure of your pc config? How can those antivirus lives with each other so harmonously! Kinda surprise...unless I misread.
  11. Extras.txt output: OTViewIt Extras logfile created on: 26/02/2009 6:09:49 PM - Run 2 OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1.98 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.38% Memory free 2.83 Gb Paging File | 1.87 Gb Available in Paging File | 66.05% Paging File free Paging file location(s): D:\pagefile.sys 1024 1024; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25.00 Gb Total Space | 0.94 Gb Free Space | 3.75% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 0.09 Gb Free Space | 0.23% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS Computer Name: MQG80917 Current User Name: bh02 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=1 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 "IBMconfig"=1 "UacDisableNotify"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=0 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2004/08/04 16:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2004/08/04 16:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found -- C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget [2008/03/11 01:33:14 | 00,126,016 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008-09\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager [2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server [2008/04/22 22:36:32 | 00,636,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\GhostSrv.exe:*:Enabled:Symantec GhostCast Server [2008/09/17 12:36:18 | 00,167,936 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player [2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger [2008/08/19 18:47:38 | 01,795,656 | ---- | M] (FLASHGET) -- C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 File not found -- C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate File not found -- C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx [2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000001 [Aventail Connect Namespace] -- C:\Program Files\Aventail\Connect\asdns.dll (Aventail Corporation) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2001/01/21 21:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB- 00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B- 0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B- 0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/29 00:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B- 0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca- 00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2004/01/21 14:36:14 | 07,334,592 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3 -BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2008/09/09 00:04:00 | 00,823,808 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672- 00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002C9999-0000-0000-C000-000000000114}"=Microsoft Office Web Components "{0698CECB-9072-47B1-AEA1-94CA350989B8}"=Symantec Client Security "{081D00DF-35F0-4570-8037-3E289795928F}"=Nitro PDF Professional "{0A03C70A-E9E6-4592-AD79-D5395B09B2D5}"=UltraEdit 14.20 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel "{0CEFB453-41F6-4FE3-B56C-E5CE9539AB8B}"=VoiceRite Client for A/NZ "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}"=Quicken 2007 "{1086D3E5-30AE-4280-A25E-35E1CB6BD3F6}"=NXPowerLite "{17CBC505-D1AE-459D-B445-3D2000A85842}"=ThinkPad UltraNav Utility "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth "{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility "{212748BB-0DA5-46DE-82A1-403736DC9F27}"=MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT "{2300EE96-0A41-4FAB-BD03-989EC44577A0}"=Acronis Disk Director Suite "{23C3F5C0-566B-478B-AAB6-197ADAD0C945}"=Uniblue SpeedUpMyPC 2009 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java 6 Update 12 "{28981DB1-9F50-40EE-A51A-1B589FA42C2B}"=ConceptDraw MINDMAP 5 Professional "{2E21CBDA-1EDF-4C18-A561-DB53D683229F}"=AT&T Network Client "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3619D530-6248-4E83-BEB5-5336766A8516}"=IBM Mobility Client "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}"=3 Mobile Broadband "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}"=Microsoft Windows Journal Viewer "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}"=ThinkVantage Active Protection System "{4C590030-7469-453E-8589-D15DA9D03F52}"=ANIWZCS2 Service "{4F1DCA42-2030-437C-A94E-736692A499C1}"=Nokia Connectivity Cable Driver "{4F3AFB85-B972-4621-AEB6-6C22317E145B}"=IBM 32-bit Runtime Environment for Java 2, v5.0 "{53480370-6CA2-47EC-BC05-02B4B9271C31}"=O&O Defrag Professional Edition "{536D6172-7453-7569-7465-392E38300409}"=Lotus SmartSuite - English "{53A93780-6073-4207-A729-A99A30AFDE40}"=AFP Workbench for Windows "{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5A3F6A80-7913-475E-8B96-477A952CFA43}"=SupportSoft Assisted Service "{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}"=Windows Live Beta (all programs) "{628789DC-75F8-4302-A268-27EF628E6906}"=Lotus Notes 7.0 "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0 "{65706020-7B6F-41F2-8047-FC69579E386A}"=Presentation Director "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}"=ANIO Service "{7E545666-F420-45FD-B3DF-C0B99A1A579F}"=QuickBooks EasyStart 2008-09 "{7EB114D8-207F-45AE-BABD-1669715F2630}"=ThinkVantage Access Connections "{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}"=IBM Tivoli Storage Manager Client "{870815CA-6B60-47B6-88DD-A67F42D2F03E}"=GPL MPEG-1/2 DirectShow Decoder Filter "{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live Sign-in Assistant "{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}"=IBM Lotus Sametime Connect 7.5.1 "{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12 "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007 "{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0054-0409-0000-0000000FF1CE}"=Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Standard "{902929E5-77E8-444E-B760-1B54FDBCEC0C}"=Western Australian Time Zone Update "{90840409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel Viewer 2003 "{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003 "{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}"=Samsung PC Studio 3 "{95120000-0052-0409-0000-0000000FF1CE}"=Microsoft Office Visio Viewer 2007 "{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting "{9A3EABC0-CA06-11D4-BF77-00104B130C19}"=EPSON TWAIN 5 "{9C05FA75-0337-4523-AA57-9D3511018887}"=Nokia PC Suite "{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}"=StuffIt 12 "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}"=VMware Workstation "{AA36483F-5D79-4EFD-ACA7-161EE2474E17}"=IBM Infoprint Select "{AC599724-5755-48C1-ABE7-ABB857652930}"=PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8 "{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0 "{AE80641A-0C8D-4670-A518-B4EC154B1027}"=ACDSee 8 "{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}"=Intel® PROSet/Wireless WiFi Software "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}"=PCmover "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2 "{C1939820-A945-11D4-86F6-0001031E5712}"=InterVideo WinDVD "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}"=ContentSAFER for Wizmax "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=Samsung Media Studio 5 "{C4A4722E-79F9-417C-BD72-8D359A090C97}"=Samsung PC Studio 3 "{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts "{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}"=Paragon Partition Manager 9.0 Professional "{CA96F3A1-F350-11D3-B354-002035C150E4}"=ILC "{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1"=Sothink FLV Player "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}"=WinZip 11.2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1 "{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}"=D-Link RangeBooster N DWA-140 "{D8ACA011-2F74-411E-B087-A4822A7B03E6}"=Active@ Boot Disk Demo "{DAB8894B-F5EF-4E2E-A7FE-7C7BD38330FC}_is1"=Chinese Symbol Studio 2 "{DBDFA37B-CFC7-4C37-98F8-04CF326CD327}_is1"=FlashFXP v3 "{DFD6935E-D94A-4DBE-AD8F-E37CBC6B577F}"=Windows Live Mail "{E4359B06-2A66-4A83-B3C6-BA2DA748C147}"=CommSec Professional Trader "{E4944F56-5C8A-41F9-A747-A9EDFD6BC6D4}"=Aventail Connect 5.34 "{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features "{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}"=Access IBM "{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX "{F9C3B51C-DCCC-4916-B08D-A6820D914AC0}"=ExcelDiff "{FA9B0F6B-AC6D-401C-0099-00000628D82A}"=Symantec Ghost Console and Standard Tools "{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration "{FC98FBE9-E931-494C-8717-497185371033}"=Nero 7 Ultra Edition "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F"=Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) "6194C28A8F62DD817EA1B918E6E46E806A21B452"=Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161"=Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "7-Zip"=7-Zip 4.57 "AC3Filter"=AC3Filter (remove only) "Active@ Boot Disk 4.0 Suite"=Active@ Boot Disk 4.0 Suite "Active@ Partition Recovery Enterprise"=Active@ Partition Recovery Enterprise "Active@ UNDELETE 7"=Active@ UNDELETE 7 "ActiveTouchMeetingClient"=WebEx "Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin "Advanced Disk Catalog"=Advanced Disk Catalog "AI RoboForm"=AI RoboForm (All Users) "ATI Display Driver"=ATI Display Driver "AVS Video Tools 5.1_is1"=AVS Video Tools 5.1 "AVS4YOU Software Navigator_is1"=AVS4YOU Software Navigator 1.3 "AVS4YOU Video Converter 6_is1"=AVS Video Converter 6 "AVSDiscCreator_is1"=AVS Disc Creator version 2.1 "BART"=avast! BART CD Manager "CaptureWiz"=CaptureWizPro 3.50 "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A"=Windows Driver Package - Nokia Modem (03/05/2008 3.7) "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem "CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014"=IBM Integrated 56K Modem "Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-01-24 "DUMeter3_is1"=DU Meter "DVD Identifier_is1"=DVD Identifier "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1"=DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0 "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D"=Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) "EPSON Printer and Utilities"=EPSON Printer Software "ERUNT_is1"=ERUNT 1.1j "ExamDiff Pro_is1"=ExamDiff Pro 3.5 "fe29d7d6aaf324b1964e31be6d7ce1981815068445"=IBM Dynamic Content Delivery (DCDClient-ISSI) "FinePrint"=FinePrint "FlashGet 2.0"=FlashGet 2.0 "Google Updater"=Google Updater "HijackThis"=HijackThis 2.0.2 "IBM Ayudame"=IBM Ayudame "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "ie7"=Windows Internet Explorer 7 "InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}"=IBM 32-bit Runtime Environment for Java 2, v5.0 "InstallShield_{C00949CC-2EA9-4A5E-8062-DFD02F894BAD}"=PCmover "InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio "Kiwi Syslog Daemon"=Kiwi Syslog Daemon 8.3.7 (Service Edition) "LENOVO.SMIIF"=Lenovo System Interface Driver "LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Memory Washer_is1"=Memory Washer 5.1 "MESOL"=Intel® Active Management Technology Device Software "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20) "Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "MyFreeCodec"=MyFreeCodec "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "Nokia PC Suite"=Nokia PC Suite "NVIDIA Drivers"=NVIDIA Drivers "OnScreenDisplay"=On Screen Display "P2P GUI"=IBM ISMA Peer-To-Peer "pdfFactory Pro"=pdfFactory Pro "Power Management Driver"=ThinkPad Power Management Driver "PowerISO"=PowerISO "PPTminimizer_is1"=PPTminimizer "Product Key Explorer_is1"=Product Key Explorer 2.1.4 "ProInst"=Intel PROSet Wireless "PROSet"=Intel® PRO Network Connections Drivers "QuicktimeAlt_is1"=QuickTime Alternative 1.81 "RealAlt_is1"=Real Alternative 1.8.0 "SAMSUNG Mobile Composite Device"=SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem"=SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver"=Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem"=SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0"=SAMSUNG Mobile USB Modem 1.0 Software "SAUninstall"=SA Installation Manager "SecureCRT"=VanDyke Software SecureCRT 5.5 "Sharp World Clock_is1"=Sharp World Clock 4.21 "Smarty Uninstaller 2007 Pro_is1"=Smarty Uninstaller 2007 Pro 1.7.1 "Snapshot Viewer"=Snapshot Viewer "Sync Now!_is1"=Sync Now! 4.1.2.125 "SynTPDeinstKey"=ThinkPad UltraNav Driver "Teleport Pro"=Teleport Pro "ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier "Total Uninstall 4_is1"=Total Uninstall 4.6.2 "Touch_is1"=Touch 2.11.1 "TweakNow PowerPack Professional_is1"=TweakNow PowerPack Professional "Uniblue SpeedUpMyPC 2009"=Uniblue SpeedUpMyPC 2009 "USB Safely Remove_is1"=USB Safely Remove 4.0 beta 6 "Video Cleaner Pro"=River Past Video Cleaner Pro "VISPRO"=Microsoft Office Visio Professional 2007 "Warecase eXtended Task Manager_is1"=Warecase eXtended Task Manager 1.987 "Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WheelMouse"=2X-Office 7.80 "WIC"=Windows Imaging Component "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "WinLiveSuite_Wave3"=Windows Live Beta (all programs) "WinPcapInst"=WinPcap 4.0.2 "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Workstation Security Tool_is1"=Workstation Security Tool 2.0 "WorldTime v1.1"=WorldTime v1.1 "WS_Ping ProPack"=Ipswitch WS_Ping ProPack Uninstall "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xilisoft Video Converter Ultimate"=Xilisoft Video Converter Ultimate "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "Yahoo! Companion"=Yahoo! Toolbar "Yahoo! Messenger"=Yahoo! Messenger "Yahoo! Toolbar"=Yahoo! Toolbar "YPOPs_is1"=YPOPs! 0.9.5.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20/02/2009 1:06:26 AM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 24/02/2009 8:39:50 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 24/02/2009 9:09:36 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 12:58:32 AM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 2:48:29 AM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 2:05:47 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 5:52:39 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 7:48:25 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 8:05:14 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 25/02/2009 8:12:01 PM | Computer Name = MQG80917 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver [ ODiag Events ] Error - 28/07/2008 6:35:46 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Diagnostics | ID = 320 Description = An unexpected error occurred. Tag: 3ff0. Error code: N/A Error - 28/07/2008 6:35:46 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Diagnostics | ID = 320 Description = An unexpected error occurred. Tag: 3fft. Error code: N/A [ OSession Events ] Error - 28/07/2008 6:35:44 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 207 seconds with 60 seconds of active time. This session ended with a crash. Error - 12/08/2008 1:06:11 AM | Computer Name = IBM-99V1R7F | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 109018 seconds with 16020 seconds of active time. This session ended with a crash. [ System Events ] Error - 25/02/2009 2:06:06 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Portable Media Serial Number Service service terminated with the following error: %%126 Error - 25/02/2009 5:52:55 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Logical Disk Manager service terminated with the following error: %%126 Error - 25/02/2009 5:52:55 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Portable Media Serial Number Service service terminated with the following error: %%126 Error - 25/02/2009 7:48:41 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Logical Disk Manager service terminated with the following error: %%126 Error - 25/02/2009 7:48:41 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Portable Media Serial Number Service service terminated with the following error: %%126 Error - 25/02/2009 7:59:16 PM | Computer Name = MQG80917 | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 25/02/2009 8:05:29 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Logical Disk Manager service terminated with the following error: %%126 Error - 25/02/2009 8:05:29 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Portable Media Serial Number Service service terminated with the following error: %%126 Error - 25/02/2009 8:12:16 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Logical Disk Manager service terminated with the following error: %%126 Error - 25/02/2009 8:12:16 PM | Computer Name = MQG80917 | Source = Service Control Manager | ID = 7023 Description = The Portable Media Serial Number Service service terminated with the following error: %%126 < End of report > PS: Couldn't find the old Extras.txt, OTViewIT.exe must have overwritten it.
  12. My apology it took awhile before I could disable the Auto-Protect and carried out Kaspersky scan... The scan result seems to be alright but I have not a clue how to get rid of those infected file in D:\RECYCLE folders. As long as it lays dormant I am fine with it. I have tested the Google search & click on results, so far so good. I believe the notebook is clean, cross-finger! OK, back to business.... I presume you meant Extras.txt from OTViewIt.exe rather than Attach.txt, here are the files.. Remove.bat output: Deleted! Press any key to continue . . . GooredFix output: GooredFix v1.91 by jpshortstuff Log created at 10:43 on 26/02/2009 running Option #2 (bh02) Firefox version 2.0.0.20 (en-GB) =====Goored Deletions===== C:\Program Files\Mozilla Firefox\extensions\{9E0C7ABE-9EE3-4BE8-A26F-8BB81F3D0B1C} ->Backing up folder... Done. ->Emptying folder... Done. ->Deleting folder... Done. =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.20\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" Kaspersky output: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Thursday, February 26, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Thursday, February 26, 2009 03:07:10 Records in database: 1845575 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ I:\ Scan statistics: Files scanned: 115001 Threat name: 10 Infected objects: 15 Suspicious objects: 0 Duration of the scan: 03:22:30 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940000\4FFDC00B.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07940001\4FFDC03A.VBN Infected: Trojan-Downloader.Win32.Agent.ahum 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0000\4DFC83F4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0001\4DFC8892.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0002\4DFC88E4.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0007\4DFE8F64.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CEC0008\4DFE8F6D.VBN Infected: Trojan-PSW.Win32.Agent.kxs 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: Trojan.BAT.Agent.ms 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DDC44F0.VBN Infected: not-a-virus:PSWTool.Win32.IEPassView.ae 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000.VBN Infected: Trojan.Win32.Patched.dt 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001.VBN Infected: Trojan.Win32.Patched.dq 1 D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Dropper.Win32.Agent.ynd 1 D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd157.rar Infected: Trojan-Downloader.Win32.CodecPack.ml 1 D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.b 1 D:\RECYCLER\S-1-5-21-2513745330-1478982244-2870613042-1006\Dd158.rar Infected: not-a-virus:Monitor.Win32.RealSpy.a 1 The selected area was scanned. OTViewIt output: OTViewIt logfile created on: 26/02/2009 6:09:49 PM - Run 2 OTViewIt by OldTimer - Version 1.0.21.0 Folder = D:\_Malware Trojan Removal Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1.98 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.38% Memory free 2.83 Gb Paging File | 1.87 Gb Available in Paging File | 66.05% Paging File free Paging file location(s): D:\pagefile.sys 1024 1024; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25.00 Gb Total Space | 0.94 Gb Free Space | 3.75% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 0.09 Gb Free Space | 0.23% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 15.00 Gb Total Space | 0.17 Gb Free Space | 1.14% Space Free | Partition Type: NTFS Computer Name: MQG80917 Current User Name: bh02 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe [2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe [2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe [2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe [2004/08/04 16:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe [2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe [2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe [2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE [2006/11/24 20:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe [2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe [2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe [2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe [2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe [2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe [2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2004/08/04 16:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe [2007/05/17 22:50:16 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe [2006/07/20 06:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006/09/28 07:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [2007/12/08 02:35:55 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe [2007/12/08 02:35:47 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008/07/03 17:10:38 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007/12/08 02:35:47 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [2007/12/08 02:35:48 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe [2008/06/06 19:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe [2008/07/03 17:17:56 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007/05/17 22:46:44 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007/05/17 22:41:20 | 00,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007/04/07 11:44:03 | 00,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe [2007/09/25 18:32:17 | 00,507,904 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe [2007/01/19 12:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2004/08/04 16:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe [2008/03/06 00:12:56 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe [2008/10/29 10:07:58 | 00,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2009/02/26 11:07:46 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2008/06/10 18:16:42 | 02,645,528 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe [2008/07/29 12:17:49 | 03,256,320 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe [2007/12/08 02:35:58 | 00,218,672 | ---- | M] (LENOVO) -- C:\Program Files\Lenovo\NPDIRECT\NPDTRAY.EXE [2007/08/13 19:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe [2008/02/22 15:30:38 | 00,120,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe [2009/02/26 11:07:46 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe [2005/07/28 14:22:20 | 00,131,072 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32.exe [2007/04/17 03:59:12 | 00,565,248 | ---- | M] () -- C:\Program Files\IBM\Sametime Connect\sametime.exe [2007/04/17 03:59:18 | 00,348,160 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe [2009/02/26 13:23:40 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\bh02\Local Settings\Temp\jkos-bh02\binaries\ScanningProcess.exe [2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005/08/26 21:22:44 | 01,927,168 | ---- | M] (PixelMetrics) -- C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe [2008/10/11 10:50:38 | 07,640,336 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe [2009/02/25 18:09:15 | 00,422,912 | ---- | M] (OldTimer Tools) -- D:\_Malware Trojan Removal\OTViewIt.exe ========== (O23) Win32 Services ========== [2007/05/17 22:49:24 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running]) [2007/05/17 22:49:28 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running]) [2007/01/19 12:49:26 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped]) [2007/01/20 02:29:48 | 00,073,728 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService [On_Demand | Stopped]) [2007/01/20 02:33:02 | 00,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc [Auto | Running]) [2005/07/28 14:22:08 | 00,077,824 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\as32svc.exe -- (As32Svc [Auto | Running]) [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/09/07 18:18:58 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running]) [2007/12/08 02:34:27 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) [2006/07/20 06:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [On_Demand | Running]) [2006/07/20 06:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running]) [2006/07/20 06:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running]) [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2008/07/09 01:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running]) [2006/09/28 07:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Stopped]) [2008/06/10 18:16:58 | 01,386,008 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc [Auto | Running]) [2008/07/10 21:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running]) [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2008/11/12 17:22:24 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped]) [2007/12/08 02:34:46 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running]) [2005/11/14 12:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) File not found -- -- (ISAMsmt [Disabled | Stopped]) [2008/11/20 05:33:14 | 00,417,008 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Disabled | Stopped]) [2008/12/09 09:23:00 | 00,216,576 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Disabled | Stopped]) [2006/09/28 01:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running]) [2009/02/26 11:07:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2008/01/22 11:33:24 | 01,794,048 | ---- | M] (Kiwi Enterprises) -- C:\Program Files\Syslogd\Syslogd_Service.exe -- (Kiwi Syslog Daemon [Auto | Running]) [2006/10/31 11:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) [2007/09/07 18:18:52 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running]) [2004/08/04 16:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2009/02/11 10:19:38 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running]) [2005/08/15 16:40:28 | 00,053,248 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running]) [2007/01/15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) [2007/01/13 19:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr [Auto | Running]) [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008/04/22 22:35:56 | 00,087,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV [On_Demand | Stopped]) [2008/04/22 22:35:50 | 01,000,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngserver.exe -- (NGSERVER [On_Demand | Stopped]) [2007/01/15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) [2008/03/21 09:49:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [2006/06/02 02:52:58 | 00,339,456 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [On_Demand | Stopped]) [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2008/07/29 02:43:00 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running]) [2008/03/11 00:22:46 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Disabled | Stopped]) [2008/03/11 01:35:30 | 00,068,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [Disabled | Stopped]) [2008/07/10 21:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running]) [2007/11/07 07:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped]) [2008/07/10 21:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running]) [2006/09/28 07:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running]) [2008/04/07 10:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) [2006/08/08 03:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Running]) [2006/04/12 04:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running]) [2008/01/31 09:37:02 | 00,157,016 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe -- (Stuffit Archive Name Service [Disabled | Stopped]) [2006/09/28 07:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [On_Demand | Stopped]) [2006/09/28 01:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running]) [2008/05/14 17:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running]) [2006/06/30 08:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running]) [2008/10/03 05:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped]) [2007/09/07 18:19:00 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running]) [2008/10/29 10:07:56 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [On_Demand | Stopped]) [2008/10/29 10:08:44 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP [On_Demand | Stopped]) [2008/10/29 10:07:20 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service [On_Demand | Running]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/04/24 18:53:22 | 00,308,736 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) [2008/04/24 18:53:22 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) [2006/05/19 20:46:14 | 00,180,864 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt [On_Demand | Running]) [2004/04/30 04:19:18 | 00,019,328 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi [Auto | Running]) [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running]) [2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running]) [2005/11/08 20:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [system | Running]) [2005/12/11 12:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.sys -- (ANIO [Auto | Running]) [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running]) [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running]) [2005/07/28 14:22:44 | 00,219,299 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\ascrypto.sys -- (Ascrypto [On_Demand | Running]) [2005/07/28 14:22:24 | 00,028,403 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asntkrnl.sys -- (Askernel [system | Running]) [2005/07/28 14:22:36 | 00,126,917 | ---- | M] (Aventail Corporation) -- C:\Program Files\Aventail\Connect\asnttdi.sys -- (Astdi [On_Demand | Running]) [2007/12/08 02:34:27 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped]) [2007/12/08 02:34:47 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running]) [2003/04/04 23:48:06 | 00,013,952 | ---- | M] (AT&T) -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic [On_Demand | Stopped]) [2004/05/07 03:12:10 | 00,114,688 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped]) [2005/03/16 17:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [system | Running]) [2004/10/15 14:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped]) [2006/01/19 00:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped]) [2006/01/19 05:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped]) [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running]) [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running]) [2007/12/08 02:34:49 | 00,125,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Stopped]) [2007/10/12 17:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2008/09/03 19:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2005/04/27 20:16:46 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV [Auto | Running]) [2008/09/17 10:55:42 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) [2008/10/29 10:08:52 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon [Auto | Running]) [2005/01/08 04:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2008/01/21 17:43:42 | 00,039,472 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3 [boot | Running]) [2007/11/01 17:25:32 | 00,211,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) [2007/12/08 02:34:40 | 00,200,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Stopped]) [2007/12/08 02:34:40 | 01,041,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped]) [2007/11/01 17:26:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) [2007/10/27 00:29:08 | 00,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped]) [2005/10/12 23:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iastor [boot | Running]) [2007/12/08 02:34:46 | 00,021,040 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running]) [2007/04/02 22:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [system | Running]) [2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped]) [2008/05/12 19:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi [system | Running]) [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running]) [2006/06/19 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running]) [2009/02/23 20:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2009/02/23 20:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090223.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2008/06/26 07:15:34 | 03,630,080 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32 [On_Demand | Running]) [2004/08/04 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Running]) [2007/11/29 11:39:42 | 00,016,896 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) [2007/11/29 11:39:40 | 00,019,328 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) [2007/11/07 07:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Running]) [2004/08/04 10:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped]) [2008/03/21 09:49:00 | 06,547,936 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running]) [2007/09/17 16:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) [2008/07/05 18:27:51 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped]) [2008/05/03 01:32:26 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM [Auto | Running]) [2004/08/04 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2007/09/17 22:48:44 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running]) [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running]) [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running]) [2008/02/15 19:01:18 | 00,046,592 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running]) [2007/07/30 11:42:58 | 00,043,008 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running]) [2007/07/30 12:54:02 | 00,038,400 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running]) [2007/07/28 15:50:36 | 00,517,632 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870 [On_Demand | Stopped]) [2008/04/18 16:48:50 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running]) [2006/09/07 01:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT [system | Running]) [2006/09/07 01:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [system | Running]) [2008/03/14 17:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running]) [2004/08/04 16:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running]) [2004/08/04 16:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/05/14 17:21:16 | 00,114,728 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf [boot | Running]) [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [boot | Running]) [2006/08/03 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [system | Running]) [2007/12/08 02:34:26 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped]) [2008/09/27 11:02:00 | 00,114,048 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman [boot | Running]) [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running]) [2006/04/12 04:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running]) [2008/02/22 15:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped]) [2008/02/22 15:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped]) [2008/02/22 15:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped]) [2009/02/17 15:40:23 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running]) [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running]) [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running]) [2006/08/08 03:01:56 | 00,012,992 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running]) [2006/09/19 04:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2006/08/08 03:02:02 | 00,110,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running]) [2006/08/08 03:02:18 | 00,031,936 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running]) [2008/09/12 07:33:22 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090218.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running]) [2006/08/08 03:02:14 | 00,028,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running]) [2006/08/08 03:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running]) [2006/08/08 03:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running]) [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running]) [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running]) [2008/07/03 16:53:20 | 00,225,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running]) [2006/08/03 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [system | Running]) [2008/05/14 17:21:16 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN [boot | Running]) [2007/12/08 02:35:47 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV [system | Running]) [2008/07/29 02:43:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [system | Running]) [2007/12/08 02:36:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [system | Running]) [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running]) [2007/11/29 11:39:42 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) [2007/11/29 11:39:52 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) [2008/10/29 10:08:58 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci [Auto | Running]) [2008/10/29 10:08:56 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running]) [2008/10/29 04:03:28 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Stopped]) [2008/10/29 04:03:28 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge [Auto | Running]) [2008/10/29 10:08:58 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running]) [2008/10/29 10:08:54 | 00,857,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86 [Auto | Running]) [2008/10/03 05:24:48 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running]) [2007/12/08 02:34:37 | 03,151,232 | ---- | M] (Intel
  13. My wishlist :- Portable MBAM Portable Bootable MBAM Bootable MBAM CD with System Recovery tools similar to a v a s t! B A R T CD (can i mention this can i? sorry) Must be easily updateable. Keep it lightweight Must work with major antivirus programs such as Symantec, McAfee, etc. Affortable Pricing for low tech guy like me 3 - 4 Users Affortable Pricing (I have not heard of a family with ONE PC so far, typically 3) Really affortable pricing for not-for-profit organisations ( i do a bit of volunteer work for many of these organisations and know their needs a bit) Keep us update. I don't mind to be a beta tester if there is such a program.
  14. Thanks MysteryFCM. PC Tools (Spyware Doctor) consistently avoid the issue of conflict with SAV by saying it is a good practice not to have two antivirus residing on same PC. But I also consistently said SAV is antivirus and Spyware Doctor is malware tool so they are different product altogether and thus should be developed as such! But getting no where. I hope this does not apply to MBAM. However my gut feel is that MBAM 1.3.4 does in fact showing sign of conflict. I shall report this in another thread after I have sorted out the google re-direction problem I had on my notebook.
  15. I saw someone mentioned PRO version, is this a paid version? I checked my version, it has no PRO. Checked MalwareByte's website, there was no mention of PRO as well. When you mention real-time protection, is this similar to Symantec's Auto-Protect? Lastly, does the MBAM conflict with Symantec Client Security? I seems to think it is as it seems to behave like Spyware Doctor 5 - 6.x which crashes Symantec Auto-Protect processes eventhough this problem was reported way back in 2007. (Basically I want top notch malware tool to sit side by side with Symantec Client Security or Symantec Antivirus without crashing it).