I've run hijackthis but somehow this infection has caused it to cease running, it now says: Windows cannot access the specified file.
I then went on to try malwarebytes, this did the same thing, I then followed advice found elsewhere and downloaded it as another name and renamed it before running, it ran for a few seconds before dissappearing. I then tried to load it in safe mode but then got a message that the administrator had not allowed permission for this.
I attach a rootrepeal log and an otl log for you to take a look at. Thanks in advance.
ROOTREPEAL
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 09:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6667000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA648000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5057000 Size: 49152 File Visible: No Signed: -
Status: -
Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xBA3C0000 Size: 20480 File Visible: No Signed: -
Status: -
Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xBA188000 Size: 61440 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4f4a
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4454
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4aee
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d7fec
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4132
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e61d6
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e64ae
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e3cf8
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e5130
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e52e0
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e3a5a
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e5e58
#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e46d8
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4d32
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\ntkrnlpa.exe" at address 0x804d7ff1
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e378a
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4968
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e3902
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e588c
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4250
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e5bf4
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e6006
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e568c
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e4672
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e485c
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e3ffc
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb69e3eca
==EOF==
OTL
OTL logfile created on: 14/09/2009 09:00:52 - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Documents and Settings\Ian\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 27.98 Gb Free Space | 30.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 820I
Current User Name: Ian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/08/26 20:01:53 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2007/03/16 18:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/24 13:40:56 | 02,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe
PRC - [2007/02/20 12:24:34 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2007/02/01 09:21:22 | 01,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
PRC - [2009/02/06 10:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 10:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/03/16 18:10:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2009/08/05 12:55:39 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/01/30 15:32:42 | 00,102,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2007/01/22 11:53:02 | 00,212,992 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/01/25 17:34:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/07/31 22:10:04 | 00,065,536 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/08/28 17:43:14 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2007/02/19 14:26:32 | 00,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2008/08/20 16:27:36 | 01,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:09:12 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2007/01/29 19:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2006/09/08 15:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2008/05/27 16:17:44 | 00,434,176 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
PRC - [2009/08/26 20:02:06 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2004/08/04 11:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/07/30 22:54:38 | 02,158,592 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/12/18 15:22:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/01/23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/10/27 20:13:48 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/09/28 21:08:46 | 00,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/07/20 16:30:28 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
PRC - [2007/07/20 16:48:00 | 02,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
PRC - [2004/08/04 11:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/14 09:00:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\ot.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/12 10:49:47 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/26 20:01:53 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/05/27 11:20:38 | 00,070,952 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp [On_Demand | Stopped])
SRV - [2007/09/17 23:36:32 | 00,282,624 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer [On_Demand | Stopped])
SRV - [2007/09/17 23:36:08 | 00,217,088 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\EventServer.exe -- (EventServer [On_Demand | Stopped])
SRV - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/22 17:50:46 | 00,058,664 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost [On_Demand | Stopped])
SRV - [2008/05/24 09:25:12 | 00,202,024 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony [On_Demand | Stopped])
SRV - [2008/04/24 13:40:56 | 02,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe -- (hasplms [Auto | Running])
SRV - [2004/08/04 11:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/05 12:55:39 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [On_Demand | Stopped])
SRV - File not found -- -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2007/07/09 10:47:58 | 00,094,208 | ---- | M] () -- C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe -- (LogReceiver [On_Demand | Stopped])
SRV - [2007/02/10 14:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [On_Demand | Stopped])
SRV - [2005/10/14 11:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/02/20 12:24:34 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/09/18 00:57:20 | 00,212,992 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\NmspHost.exe -- (NmspHost [On_Demand | Stopped])
SRV - [2007/11/17 03:03:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [On_Demand | Stopped])
SRV - [2005/11/25 09:11:02 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\WINDOWS\System32\OpcEnum.exe -- (OpcEnum [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/09/18 00:57:28 | 00,212,992 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost [On_Demand | Stopped])
SRV - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/06/25 13:15:18 | 00,034,088 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService [On_Demand | Stopped])
SRV - [2008/06/25 13:15:22 | 00,148,776 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver [On_Demand | Stopped])
SRV - [2007/09/17 23:42:44 | 00,897,024 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory [On_Demand | Stopped])
SRV - [2007/09/17 23:43:08 | 00,991,232 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor [On_Demand | Stopped])
SRV - [2007/09/18 20:26:24 | 00,077,824 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -- (Rockwell HMI Diagnostics [On_Demand | Stopped])
SRV - [2007/09/18 20:34:28 | 00,147,456 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe -- (Rockwell Tag Server [On_Demand | Stopped])
SRV - [2008/07/25 09:39:26 | 01,971,768 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE -- (RSLinx [On_Demand | Stopped])
SRV - [2007/06/26 15:11:48 | 00,217,088 | ---- | M] (Rockwell Automation) -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe -- (RSLinxNG [On_Demand | Stopped])
SRV - [2008/06/25 13:17:06 | 00,218,408 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe -- (RsvcHost [On_Demand | Stopped])
SRV - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/01/29 21:59:58 | 00,487,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
SRV - [2007/02/10 14:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (stllssvr [On_Demand | Stopped])
SRV - [2007/02/01 09:21:22 | 01,466,368 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2004/08/04 11:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2008/08/20 16:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 20:08:00 | 00,093,400 | ---- | M] (INDE Electronics, Inc.) -- C:\Program Files\Schneider Electric\Vijeo-Designer\Vijeo-Frame\XBTZG935\XBTGZ935_ulnk(36fc9e60-c465-11cf-8056-444553540000).exe -- (XBTZG935 USB Link Cable [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 17:30:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/05 12:55:40 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Monopod] C:\DOCUME~1\Ian\LOCALS~1\Temp\b.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 09:14:10 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/05 16:18:29 | 00,000,000 | ---D | M] - C:\Automation -- [ NTFS ]
O33 - MountPoints2\{11c0b05a-8bcb-11de-9116-0016419157ce}\Shell - "" = AutoRun
O33 - MountPoints2\{11c0b05a-8bcb-11de-9116-0016419157ce}\Shell\Auto\command - "" = E:\SVCHOT.exe -- File not found
O33 - MountPoints2\{11c0b05a-8bcb-11de-9116-0016419157ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d56db6a-8b0c-11de-9112-0016419157ce}\Shell - "" = AutoRun
O33 - MountPoints2\{7d56db6a-8b0c-11de-9112-0016419157ce}\Shell\Auto\command - "" = E:\SVCHOT.exe -- File not found
O33 - MountPoints2\{7d56db6a-8b0c-11de-9112-0016419157ce}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[6 C:\WINDOWS\*.tmp files]
[2009/09/14 09:00:23 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\ot.exe
[2009/09/14 08:54:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\settings.dat
[2009/09/14 08:53:38 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Ian\Desktop\RootRepeal.exe
[2009/09/14 08:29:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/13 20:24:37 | 21,455,09376 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/13 20:09:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/13 20:09:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/13 20:09:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\SUPERAntiSpyware.com
[2009/09/13 19:44:49 | 07,163,936 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\SUPERAntiSpyware.exe
[2009/09/13 19:29:27 | 00,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2009/09/13 18:00:04 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/09/13 17:59:37 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\sar_15_sfx.exe
[2009/09/13 17:42:22 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/13 17:42:21 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/13 17:42:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/13 17:30:43 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\All Users\Documents\HijackThis.exe
[2009/09/13 16:49:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/09/13 09:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\Malwarebytes
[2009/09/13 09:25:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/13 09:23:25 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian\Desktop\ian.exe
[2009/09/12 11:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\tRENDS
[2009/09/11 15:23:41 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\ellipse.xls
[2009/09/11 11:33:42 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\Drawing1_recover.dwg
[2009/09/11 11:33:42 | 00,000,260 | ---- | C] () -- C:\Documents and Settings\Ian\My Documents\acad.err
[2009/09/11 10:03:16 | 00,002,481 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\Microsoft Excel.lnk
[2009/09/10 23:10:27 | 00,079,290 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\ht4 example.DXF
[2009/09/10 16:11:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\Schneider Electric
[2009/09/10 16:02:29 | 00,000,974 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vijeo-Designer.lnk
[2009/09/10 15:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\Macrovision
[2009/09/10 15:10:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/09/10 10:26:11 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\T&L Master Fault and Trip List.xls
[2009/09/08 15:53:36 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\d3d9caps.dat
[2009/09/08 15:51:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/09/08 12:49:38 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/09/08 12:40:08 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/08 12:37:56 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/08 11:40:25 | 00,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/08 11:40:24 | 00,000,236 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/08 11:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Modbus Tools
[2009/09/07 15:06:53 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Ian\Desktop\io system.xls
[2009/09/07 10:43:54 | 00,000,629 | ---- | C] () -- C:\WINDOWS\ModScan32.INI
[2009/09/07 10:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Desktop\modscan32
[2009/09/07 09:36:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\E-Designer
[2009/09/01 12:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ian\Application Data\Rockwell Software
[2009/09/01 11:51:26 | 00,000,000 | ---D | C] -- C:\Program Files\HMS
========== Files - Modified Within 14 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/09/14 09:00:35 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ian\Desktop\ot.exe
[2009/09/14 09:00:00 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/09/14 09:00:00 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/14 08:54:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\settings.dat
[2009/09/14 08:53:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Ian\Desktop\RootRepeal.exe
[2009/09/14 08:27:18 | 00,094,778 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/09/14 08:26:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/14 08:26:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/14 08:26:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/14 08:26:32 | 21,455,09376 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/13 19:44:49 | 07,163,936 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\SUPERAntiSpyware.exe
[2009/09/13 17:59:48 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\sar_15_sfx.exe
[2009/09/13 09:23:25 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ian\Desktop\ian.exe
[2009/09/12 18:40:16 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\Ian\Local Settings\Application Data\d3d9caps.dat
[2009/09/11 18:50:10 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\ellipse.xls
[2009/09/11 15:41:51 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\Microsoft Excel.lnk
[2009/09/11 15:12:02 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\T&L Master Fault and Trip List.xls
[2009/09/11 11:35:32 | 00,000,260 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\acad.err
[2009/09/11 11:33:42 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Ian\My Documents\Drawing1_recover.dwg
[2009/09/11 09:59:15 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\T&L hours.xls
[2009/09/10 23:10:27 | 00,079,290 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\ht4 example.DXF
[2009/09/10 16:02:29 | 00,000,974 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vijeo-Designer.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 13:38:11 | 00,000,629 | ---- | M] () -- C:\WINDOWS\ModScan32.INI
[2009/09/08 12:40:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/07 16:07:09 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\io system.xls
[2009/09/07 09:31:47 | 00,000,742 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/03 14:27:19 | 00,002,439 | ---- | M] () -- C:\Documents and Settings\Ian\Desktop\FactoryTalk View Studio.lnk
[2009/09/03 11:46:30 | 00,000,831 | ---- | M] () -- C:\WINDOWS\ODBC.INI
========== LOP Check ==========
[2009/09/13 20:09:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/02 01:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/08 12:49:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/18 15:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/04/21 10:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/05/06 11:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/09/10 15:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/04/21 09:55:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/08/06 16:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Omron
[2009/08/07 16:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/08/06 12:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell
[2009/08/06 09:21:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell Automation
[2009/05/06 10:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/08/06 12:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WFCU
[2009/09/13 20:09:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ian\Application Data
[2009/08/18 15:18:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Autodesk
[2009/08/05 10:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Dell
[2009/09/07 09:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\E-Designer
[2009/08/27 19:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\ImgBurn
[2009/05/06 11:20:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Intel
[2009/09/10 15:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Macrovision
[2009/08/06 16:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\OpenOffice.org
[2009/09/01 12:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Rockwell Software
[2009/08/05 10:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Roxio
[2009/09/10 16:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Schneider Electric
[2009/08/05 12:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Toshiba
[2009/09/14 08:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ian\Application Data\Wave Systems Corp
[2009/09/08 12:40:09 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2004/08/04 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/14 08:26:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/14 09:00:00 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/14 09:00:00 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2004/08/04 11:00:00 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\system32\scecli.dll >
[2004/08/04 11:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
[2004/08/04 11:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[1 C:\WINDOWS\system32\*.tmp files]
< End of report >