I have ran thru your suggested procedure and enclose the required logs. I tried running the TFC but as this machine is a few hours drive away and I am remotely connected - the application stopped my remote service.
I have a fully upto date Kaspersky anti virus and performed a full scan with no problems.
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-20 18:31:17
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\kiosk2\LOCALS~1\Temp\uwtdqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xAA4FFF50]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xAA4FE200]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xAA4F1700]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xAA4FFC80]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xAA4FFDF0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xAA500A50]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xAA500520]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xAA501370]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xAA4F1800]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xAA4F1880]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xAA5000F0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xAA4F1930]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xAA4F19E0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xAA4F1A90]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xAA4F1B10]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xAA4FDD60]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xAA4F2530]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xAA4F1B30]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xAA4F1C10]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF7555030]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xAA4F1CF0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xAA4FFA70]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xAA500880]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xAA4F1DD0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA4F1E80]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xAA501020]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xAA4F1F30]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xAA4F2010]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA4FE7F0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xAA4F20A0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xAA501320]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xAA4F22A0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xAA5016A0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xAA501CC0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xAA4F2330]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xAA4FC940]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xAA500700]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xAA4F23D0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xAA5012D0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xAA4FE0C0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xAA500E70]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xAA4F24F0]
SSDT \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xAA4FFFB0]
Code \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E982C 12 Bytes [60, DD, 4F, AA, 30, 25, 4F, ...] {PUSHA ; FISTTP QWORD [EDI-0x56]; XOR [0x1b30aa4f], AH; DEC EDI; STOSB }
.text ntoskrnl.exe!_abnormal_termination + 21C 804E9878 1 Byte [30]
.text ntoskrnl.exe!IoIsOperationSynchronous 804EF75A 5 Bytes JMP AA5026A0 \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 8050A289 5 Bytes JMP AA5020E0 \??\C:\Windows\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
---- User code sections - GMER 1.0.15 ----
? C:\AV\gmer.exe[160] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\System32\snmp.exe[176] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Netviewer\remote\nvRemoteHost.exe[200] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\spoolsv.exe[284] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\igfxtray.exe[400] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\hkcmd.exe[408] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\msdtc.exe[452] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\igfxpers.exe[536] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\SOUNDMAN.EXE[544] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre6\bin\jusched.exe[644] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe[668] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\ctfmon.exe[688] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\csrss.exe[888] C:\Windows\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\tlntsvr.exe[892] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\winlogon.exe[920] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\services.exe[964] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\lsass.exe[976] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Netviewer\remote\nvRemoteSettings_EN.exe[1092] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\svchost.exe[1156] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\svchost.exe[1212] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\MicroTouch\MT7\TwMonitor.exe[1268] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\System32\svchost.exe[1376] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe[1448] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\inetsrv\inetinfo.exe[1492] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\PROGRAM FILES\MICROTOUCH\MT7\TwRegSvc.exe[1556] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Netviewer\remote\nvRemoteHost.exe[1568] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\UsbFloppy\usbfloppyservice.exe[1580] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Java\jre6\bin\jqs.exe[1656] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\UsbFloppy\usbfloppy.exe[1684] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\svchost.exe[1700] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\UltraVNC\WinVNC.exe[1760] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\System32\svchost.exe[1852] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\Explorer.EXE[1856] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\System32\SCardSvr.exe[1964] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\System32\svchost.exe[1996] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\mqsvc.exe[2136] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Windows\system32\mqtgsvc.exe[2428] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Program Files\Netviewer\remote\nvRemoteHost.exe[2584] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\wbem\wmiprvse.exe[3068] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
? C:\Ariane\bin\AllegroStatisticsAlarms.exe[3560] C:\Windows\system32\KERNEL32.dll time/date stamp mismatch;
? C:\Ariane\bin\ars_backup.exe[3576] C:\Windows\system32\KERNEL32.dll time/date stamp mismatch;
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
---- Threads - GMER 1.0.15 ----
Thread System [4:472] 86787030
Thread System [4:476] 86765000
Thread System [4:480] 86765000
Thread System [4:484] 867327E0
Thread System [4:488] 867327E0
Thread System [4:496] 867347D0
Thread System [4:500] 867347D0
Thread System [4:504] 867327E0
Thread System [4:532] 86765000
Thread System [4:772] 86765000
Thread System [4:2060] 85D6B190
---- EOF - GMER 1.0.15 ----
OTF.txt:
OTL logfile created on: 20/04/2010 18:34:59 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\AV
Windows XP Windows XP Embedded Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 352.00 Mb Available Physical Memory | 35.00% Memory free
920.00 Mb Paging File | 390.00 Mb Available in Paging File | 42.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.58 Gb Total Space | 22.62 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive D: | 44.95 Gb Total Space | 44.51 Gb Free Space | 99.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KIOSK2
Current User Name: kiosk2
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/20 18:35:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\AV\OTL.exe
PRC - [2010/02/23 11:08:22 | 000,181,760 | ---- | M] () -- C:\Ariane\bin\AllegroStatisticsAlarms.exe
PRC - [2010/01/29 17:53:54 | 000,094,208 | ---- | M] (Ariane-Systems) -- C:\Ariane\bin\ARS_BackUp.exe
PRC - [2009/08/31 12:13:10 | 000,231,952 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
PRC - [2008/09/03 17:34:58 | 000,073,728 | ---- | M] (3M Touch Systems, Inc.) -- C:\Program Files\MicroTouch\MT7\TwMonitor.exe
PRC - [2008/07/16 15:08:22 | 000,765,264 | ---- | M] (Netviewer AG) -- C:\Program Files\Netviewer\remote\nvRemoteHost.exe
PRC - [2008/07/16 15:08:12 | 000,582,456 | ---- | M] (Netviewer AG) -- C:\Program Files\Netviewer\remote\nvRemoteSettings_EN.exe
PRC - [2008/02/20 14:09:08 | 000,032,768 | ---- | M] () -- C:\Program Files\MicroTouch\MT7\TwRegSvc.exe
PRC - [2007/06/13 12:26:03 | 001,033,216 | R--- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\soundman.exe
PRC - [2006/11/20 11:17:52 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\snmp.exe
PRC - [2006/05/30 15:38:32 | 000,028,672 | ---- | M] (Carthagene Consulting) -- C:\Program Files\UsbFloppy\UsbFloppy.exe
PRC - [2005/08/06 19:45:14 | 000,974,848 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2005/03/19 16:12:40 | 000,013,312 | ---- | M] () -- C:\Program Files\UsbFloppy\usbfloppyservice.exe
PRC - [2004/12/02 11:59:57 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inetsrv\inetinfo.exe
========== Modules (SafeList) ==========
MOD - [2010/04/20 18:35:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\AV\OTL.exe
MOD - [2004/12/02 11:59:53 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (WYN_V52)
SRV - [2009/08/31 12:13:10 | 000,231,952 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe -- (AVP)
SRV - [2008/11/17 08:05:32 | 000,195,752 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/07/16 15:08:22 | 000,765,264 | ---- | M] (Netviewer AG) [Auto | Running] -- C:\Program Files\Netviewer\remote\nvRemoteHost.exe -- (nvRemote_Service)
SRV - [2008/02/20 14:09:08 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\PROGRAM FILES\MICROTOUCH\MT7\TwRegSvc.exe -- (TwRegSvc)
SRV - [2006/11/20 11:17:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\snmp.exe -- (SNMP)
SRV - [2006/01/24 22:30:01 | 000,035,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe -- (POSPerformanceCounters)
SRV - [2005/08/06 19:45:14 | 000,974,848 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (winvnc)
SRV - [2005/03/19 16:12:40 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files\UsbFloppy\usbfloppyservice.exe -- (usbfloppyservice)
SRV - [2004/12/02 12:00:03 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/12/02 11:59:57 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/12/02 11:59:57 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/12/02 11:59:57 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/12/02 11:59:55 | 000,123,904 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\DUAgent.exe -- (DUAgent)
SRV - [2004/11/01 11:50:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2001/08/18 06:36:58 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\tcpsvcs.exe -- (LPDSVC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Bgariane] C:\BGInfo\BGInfo.exe (Sysinternals)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Starting] C:\starting.bat ()
O4 - HKLM..\Run: [TrackPointSrv] File not found
O4 - HKLM..\Run: [XeroxScannerDaemon] C:\Program Files\Xerox\NWWia\XrxFTPLt.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to HT28.lnk = C:\ONITY\HT28v3\HT28.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to start.lnk = C:\start.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Touch Monitor.lnk = C:\Program Files\MicroTouch\MT7\TwMonitor.exe (3M Touch Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm ()
O9 - Extra Button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\rsvpsp.dll File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1238422580218 (WUWebControl Class)
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/...122_008-win.cab (JavaPlugin.Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...122_008-win.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.214.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stn.rdsas.com
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\SSOExec: DllName - %windir%\temp\sso\ssoexec.dll - C:\Windows\temp\sso\ssoexec.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - C:\Windows\system32\ias [2005/04/08 14:30:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\Windows\system32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: TrkWks - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
Unable to start service SrService!
========== Files/Folders - Created Within 14 Days ==========
[2010/04/20 16:10:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/20 16:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/20 15:45:05 | 000,000,000 | ---D | C] -- C:\AV
[2010/04/20 14:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/04/20 14:14:31 | 000,000,000 | ---D | C] -- C:\audit
[2005/04/08 04:46:20 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DUAgent.exe
[2003/01/01 04:18:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003/01/01 04:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/01/01 04:18:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/01/01 04:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
[2010/04/20 18:32:51 | 000,488,992 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010/04/20 18:25:38 | 010,495,776 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/04/20 18:00:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/04/20 18:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/04/20 17:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/04/20 16:08:39 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\kiosk2\Desktop\NTREGOPT.lnk
[2010/04/20 16:08:39 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\kiosk2\Desktop\ERUNT.lnk
[2010/04/20 16:03:54 | 003,145,782 | ---- | M] () -- C:\Windows\BGInfo.bmp
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/04/20 16:02:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/20 16:02:27 | 000,002,184 | ---- | M] () -- C:\Windows\System32\wpa.dbl
[2010/04/20 16:01:36 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\kiosk2\NTUSER.DAT
[2010/04/20 16:01:36 | 000,141,476 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/04/20 16:01:36 | 000,046,796 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010/04/20 14:45:39 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\kiosk2\Desktop\HiJackThis.lnk
[2010/04/19 14:14:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\kiosk2\ntuser.ini
[2010/04/15 15:54:22 | 006,395,804 | -H-- | M] () -- C:\Documents and Settings\kiosk2\Local Settings\Application Data\IconCache.db
========== Files Created - No Company Name ==========
[2010/04/20 16:08:39 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\kiosk2\Desktop\NTREGOPT.lnk
[2010/04/20 16:08:39 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\kiosk2\Desktop\ERUNT.lnk
[2010/04/20 14:45:20 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\kiosk2\Desktop\HiJackThis.lnk
[2010/04/20 09:18:38 | 000,029,310 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2536.txt
[2010/04/20 09:18:38 | 000,001,358 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2448.txt
[2010/04/13 10:52:16 | 000,485,207 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3052.txt
[2010/04/13 10:52:16 | 000,002,171 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3004.txt
[2010/03/29 10:15:45 | 000,157,013 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3592.txt
[2010/03/29 10:15:45 | 000,001,141 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3636.txt
[2010/03/25 14:56:37 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\utdrv.sys
[2010/03/11 11:03:25 | 000,050,572 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2620.txt
[2010/03/11 11:03:25 | 000,001,346 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2216.txt
[2010/02/24 14:31:02 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\kiosk2\ScenarioPlayer_5_9_2.xml
[2010/02/09 11:00:06 | 000,024,254 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2880.txt
[2010/02/09 11:00:06 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3552.txt
[2009/11/03 09:46:08 | 000,207,811 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3500.txt
[2009/11/03 09:46:08 | 000,001,241 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-452.txt
[2009/10/27 17:46:57 | 000,122,408 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2628.txt
[2009/10/27 17:46:57 | 000,003,208 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-1240.txt
[2009/10/27 16:29:40 | 000,108,553 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2968.txt
[2009/10/27 16:29:39 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-3328.txt
[2009/09/24 11:53:29 | 000,239,771 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2476.txt
[2009/09/24 11:53:29 | 000,001,308 | ---- | C] () -- C:\Documents and Settings\kiosk2\TLogSvc-2272.txt
[2009/09/23 17:17:13 | 000,000,490 | RHS- | C] () -- C:\Documents and Settings\kiosk2\ntuser.pol
[2009/09/11 16:12:40 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/09/09 13:46:24 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/09 13:00:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\kiosk2\Local Settings\Application Data\fusioncache.dat
[2009/09/09 11:30:52 | 000,074,418 | ---- | C] () -- C:\Documents and Settings\kiosk2\ip.txt
[2009/09/09 11:30:29 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\kiosk2\ntuser.ini
[2009/09/09 11:30:28 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\kiosk2\NTUSER.DAT
[2009/09/09 11:30:28 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\kiosk2\ntuser.dat.LOG
[2009/08/28 15:23:12 | 000,004,743 | ---- | C] () -- C:\Windows\SigPlus.ini
[2009/02/25 17:31:33 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2005/04/08 05:01:10 | 000,021,791 | ---- | C] () -- C:\Windows\System32\smtpctrs.ini
[2005/04/08 05:01:10 | 000,001,037 | ---- | C] () -- C:\Windows\System32\ntfsdrct.ini
[2005/04/08 05:01:04 | 000,038,576 | ---- | C] () -- C:\Windows\System32\w3ctrs.ini
[2005/04/08 05:01:04 | 000,010,225 | ---- | C] () -- C:\Windows\System32\axperf.ini
[2005/04/08 05:01:01 | 000,011,435 | ---- | C] () -- C:\Windows\System32\infoctrs.ini
[2005/04/08 04:45:48 | 000,001,793 | ---- | C] () -- C:\Windows\System32\fxsperf.ini
[2005/04/08 04:43:50 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2003/01/05 23:39:38 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll
[2003/01/05 23:20:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll
[2000/03/29 22:00:00 | 000,125,440 | ---- | C] () -- C:\Windows\System32\UNZDLL.DLL
[1999/10/23 18:29:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[1999/08/11 15:28:02 | 000,101,888 | ---- | C] () -- C:\Windows\System32\LIBBZ2.DLL
[1999/05/21 21:10:00 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ZIPDLL.DLL
[1998/01/28 00:06:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UNACE.DLL
========== LOP Check ==========
[2003/01/05 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/04/20 18:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/04/20 17:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010/04/20 18:00:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/04/20 16:02:32 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010/04/20 16:02:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010/04/20 16:02:32 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010/04/20 16:02:32 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At9.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2004/01/28 08:24:22 | 000,040,960 | ---- | M] (.) -- C:\DVE.exe
[2008/01/09 09:39:28 | 000,828,752 | ---- | M] (Netviewer AG) -- C:\NV_o2o_Participant_FR.exe
< MD5 for: AGP440.SYS >
[2005/03/02 18:51:14 | 018,738,937 | R--- | M] () .cab file -- C:\Windows\I386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2005/03/02 18:51:14 | 018,738,937 | R--- | M] () .cab file -- C:\Windows\I386\sp2.cab:atapi.sys
[2004/12/02 11:59:53 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows\system32\drivers\atapi.sys
[2003/03/25 07:04:52 | 000,091,136 | ---- | M] (Microsoft Corporation) MD5=FA30640404376517930772D7E559AEF1 -- C:\I386\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/12/02 11:59:56 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Windows\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2003/03/25 20:14:42 | 000,418,816 | ---- | M] (Microsoft Corporation) MD5=4B7021EFC4323AA4949DB2E53AD1052C -- C:\I386\system32\netlogon.dll
[2004/12/02 12:00:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Windows\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/12/02 12:00:04 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Windows\system32\scecli.dll
[2003/03/25 20:14:50 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=A927F6B1F40B0F5323EA7B9FED7164CB -- C:\I386\system32\scecli.dll
< MD5 for: SYMMPI.SYS >
[2003/03/25 07:13:10 | 000,026,496 | ---- | M] (LSI Logic) MD5=1F754D0B8CC3058370D4CEF712E3A3A7 -- C:\I386\system32\drivers\symmpi.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /90 >
< End of report >
Extra.txt:
OTL Extras logfile created on: 20/04/2010 18:34:59 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\AV
Windows XP Windows XP Embedded Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,014.00 Mb Total Physical Memory | 352.00 Mb Available Physical Memory | 35.00% Memory free
920.00 Mb Paging File | 390.00 Mb Available in Paging File | 42.00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.58 Gb Total Space | 22.62 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive D: | 44.95 Gb Total Space | 44.51 Gb Free Space | 99.03% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KIOSK2
Current User Name: kiosk2
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:NetBIOS Name Service
"138:UDP" = 138:UDP:*:Enabled:NetBIOS Datagram Service
"139:TCP" = 139:TCP:*:Enabled:NetBIOS Session Service
"445:TCP" = 445:TCP:*:Enabled:SMB over TCP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:SSDP
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnp Framework over TCP
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:NetBIOS Name Service
"138:UDP" = 138:UDP:LocalSubNet:Enabled:NetBIOS Datagram Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:NetBIOS Session Service
"445:TCP" = 445:TCP:LocalSubNet:Enabled:SMB over TCP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:SSDP
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnp Framework over TCP
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\ariane\bin\VKeyboardPlayer.exe" = C:\ariane\bin\VKeyboardPlayer.exe:*:Enabled:VKeyboardPlayer -- ()
"C:\ariane\bin\ScenarioPlayer.exe" = C:\ariane\bin\ScenarioPlayer.exe:*:Enabled:Scenario Player -- (Ariane Systems)
"C:\ariane\BackOfficeLite\BOL_TCPServer\BOL_TCPServer.exe" = C:\ariane\BackOfficeLite\BOL_TCPServer\BOL_TCPServer.exe:*:Enabled: -- File not found
"C:\ONITY\HT28v3\HT28.exe" = C:\ONITY\HT28v3\HT28.exe:*:Enabled:HT28 -- ()
"C:\ARIANE\bin\AllegroStatisticsAlarms.exe" = C:\ARIANE\bin\AllegroStatisticsAlarms.exe:*:Enabled:AllegroStatisticsAlarms -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for UltraVnc-Serveur-101-Fr.zip\winvnc.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for UltraVnc-Serveur-101-Fr.zip\winvnc.exe:*:Enabled:Serveur VNC pour Win32 -- File not found
"C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for UltraVnc-Serveur-101-Fr.zip\winvnc.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 2 for UltraVnc-Serveur-101-Fr.zip\winvnc.exe:*:Enabled:Serveur VNC pour Win32 -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{115E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}" = Ma-Config.com
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{59D5295A-7A91-4A74-8823-5F007467D62A}" = BOL_UserInterface v1.2.0 Setup
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{78715FBA-F394-4309-8566-7E407F7DC19F}" = BOL_TCPServer_1.2.0
"{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{8C02CB4A-50D8-F0A7-0281-940024835EF9}" = Netviewer remote
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.1
"{ABC8D23C-D769-4684-B89A-FB3A60F2DA4A}" = Ariane Allegro 5.5.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05ED040-923C-4175-8B8D-A8693B93598B}" = Microsoft POS for .NET 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CePrnSpy" = CePrnSpy
"d72520cb767454006c3f77a01e6254fa" = MT 7.12 (build 5) for Windows
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HT28" = HT28
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"JRE 1.2.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"KpmSpy" = KpmSpy
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerArchiver" = PowerArchiver
"PROGUSB" = PROGUSB
"Topaz e-Signatures SigPlusNET 1.12" = Topaz e-Signatures SigPlusNET 1.12
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"Tweak UI 2.10" = Tweak UI
"USBTrace_is1" = USBTrace V2.4.3
"WIC" = Windows Imaging Component
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 10:45:42 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7034
Description =
Error - 20/04/2010 11:02:59 | Computer Name = KIOSK2 | Source = MSMQ | ID = 2164
Description = The Message Queuing service will not join the STN domain. An MSMQ Configuration
(msmq) object exists in the new domain with an ID differing from the service ID.
Please
delete the MSMQ Configuration object in the new domain and restart the Message
Queuing service.
Error - 20/04/2010 11:03:08 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7023
Description =
Error - 20/04/2010 11:03:08 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7000
Description =
Error - 20/04/2010 11:08:00 | Computer Name = KIOSK2 | Source = Service Control Manager | ID = 7023
Description =
[ System Events ]
Error - 30/03/2010 06:14:54 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 31/03/2010 05:03:48 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 01/04/2010 03:52:12 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 08/04/2010 05:25:28 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 13/04/2010 09:16:16 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 15/04/2010 10:56:11 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 19/04/2010 09:09:22 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 19/04/2010 09:09:42 | Computer Name = KIOSK2 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain STN due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 19/04/2010 09:22:44 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
Error - 20/04/2010 11:02:45 | Computer Name = KIOSK2 | Source = Serial | ID = 393234
Description = No Parameters subkey was found for user defined data. This is odd,
and it also means no user configuration can be found.
< End of report >